The Threat of Hackers Exploiting CREATE2 is Costing Millions

In a worrying development, hackers known as wallet drainers have discovered a way to exploit the CREATE2 opcode on the ethereum network to circumvent security measures in specific wallets. This revelation was made public in a posted by blockchain security company Scam Sniffer.

Over $60 Million Lost To Hackers Via CREATE2 Exploit, Report Says

The CREATE2 opcode was originally designed to enable the prediction of a contract address before deployment, frequently used by the well-known decentralized exchange Uniswap to create pair contracts. Unfortunately, bad actors have found a way to abuse this feature to avoid security checks on investor wallets. Scam Sniffer details how hackers are using CREATE2 to generate momentary new addresses with malicious signatures, tricking unsuspecting investors into deploying a contract at the predicted address and processing an unauthorized transfer of assets.

One recent incident saw a victim lose $927,000 worth of GMX after unknowingly authorizing a “signalTransfer” transaction, allowing hackers to withdraw the assets to a pre-computed contract address. To date, Scam Sniffer has reported that the main group of wallet drainers exploiting the CREATE2 feature has stolen $60 million from an estimated 99,000 victims in the past six months. Additionally, another group of hackers implicated in address poisoning has stolen nearly $3 million worth of assets from 11 victims.

Beyond Hacks, Crypto Scams Remain A Peril

Beyond exploits and hacking, crypto scams remain a significant concern for many investors, accounting for a 28% asset loss as reported by FootPrint x Boesin’s H1 2023 security report. In the last 48 hours, Scam Sniffer has reported two major scam incidents where the victims collectively lost $468,000 worth of assets, emphasizing the continuous need for enhanced security measures in the cryptocurrency ecosystem.

See also  Block Dojo’s Carby tackles climate challenges while CyberXChain rewards ethical hackers


As these reports highlight, the threat posed by hackers exploiting the CREATE2 opcode is a cause for concern, leading to significant financial losses across the cryptocurrency landscape. As bad actors continue to develop new tactics, crypto users must stay vigilant and verify every transaction to ensure their assets remain secure in an ever-evolving threat landscape.

### News source:

By Team