Currencies32920
Market Cap$ 2.62T-4.12%
24h Spot Volume$ 129.87B+149.4%
DominanceBTC59.36%+0.35%ETH7.15%-4.49%
ETH Gas2.25 Gwei
Cryptorank
MainNewsHackers Expl...

Hackers Exploit New Feature To Bypass Security Alerts – Report


Nov, 12, 2023
2 min read
by Bitcoinist
Hackers Exploit New Feature To Bypass Security Alerts – Report

In a concerning trend, hackers, specifically wallet drainers, have begun to leverage the CREATE2 opcode on the Ethereum network to sidestep security measures in select wallets. This development was revealed on Sunday via an X post by blockchain security company Scam Sniffer. 

Over $60 Million Lost To Hackers Via CREATE2 Exploit, Report Says

The CREATE2 opcode was designed to allow the prediction of a contract address before deployment. Most notably, it is used by prominent decentralized exchange Uniswap to facilitate the creation of pair contracts. 

However, using this feature, cybercriminals have found a way to bypass security checks in regard to investor wallets. Scam Sniffer explains that hackers use CREATE2 to effortlessly generate momentary new addresses, each with a malicious signature. 

When unsuspecting investors sign this crafted signature, the hackers deploy a contract at the predicted address and process an unauthorized transfer of assets. Using this technique, these bad actors have been able to operate undetected, siphoning large amounts of funds from innocent victims.

Speaking about a sample incident, Scam Sniffer explains how a victim lost $927,000 worth of GMX on Sunday after unknowingly authorizing a “signalTransfer” transaction that allowed hackers to withdraw these assets to a pre-computed contract address. 

In total, Scam Sniffer revealed that the main group of wallet drainers exploiting the CREATE2 feature has so far stolen $60 million from an estimated 99,000 victims in the last six months. 

Meanwhile, during a discussion with SlowMist, another prominent blockchain security firm, Scam Sniffer learned a separate group of hackers has been using the same technique in address poisoning.

Since August, findings reveal that this second group has stolen nearly $3 million worth of assets from 11 victims, of which $1.6 million belonged to a single victim. In wrapping up its report, Scam Sniffer reminds crypto users to stay on alert and verify every transaction, as the continuous cycle of detection and counter-detection in the crypto space will likely not end.

Beyond Hacks, Crypto Scams Remain A Peril

Just like hacks, crypto scams are also still considered a major source of concern for many investors. According to FootPrint x Boesin’s H1 2023 security report, scams resulted in a total asset loss of $184.17 million, accounting for 28% of losses recorded by investors in the first half of the year. 

Notably, Scam Sniffer has reported two major scam incidents over the last 48 hours in which both victims lost a combined $468, 000 worth of assets. These attacks only underscore the continuous need for enhanced security measures in the cryptocurrency ecosystem. 

Hackers

Read the article at Bitcoinist

Read More

London Police Team Up With International Law Firm After Elderly Victim Defrauded for $2,580,000

London Police Team Up With International Law Firm After Elderly Victim Defrauded for $2,580,000

Law enforcement authorities in the city of London are joining forces with an internat...
Apr, 07, 2025
2 min read
by The Daily Hodl
Emerging Address Poisoning Attack on Bitcoin Blockchain, Casa Executive Warns

Emerging Address Poisoning Attack on Bitcoin Blockchain, Casa Executive Warns

Jameson Lopp cautioned Bitcoin holders, stressing the recent surge in Bitcoin address...
Apr, 07, 2025
2 min read
by Cryptonews
MainNewsHackers Expl...

Hackers Exploit New Feature To Bypass Security Alerts – Report


Nov, 12, 2023
2 min read
by Bitcoinist
Hackers Exploit New Feature To Bypass Security Alerts – Report

In a concerning trend, hackers, specifically wallet drainers, have begun to leverage the CREATE2 opcode on the Ethereum network to sidestep security measures in select wallets. This development was revealed on Sunday via an X post by blockchain security company Scam Sniffer. 

Over $60 Million Lost To Hackers Via CREATE2 Exploit, Report Says

The CREATE2 opcode was designed to allow the prediction of a contract address before deployment. Most notably, it is used by prominent decentralized exchange Uniswap to facilitate the creation of pair contracts. 

However, using this feature, cybercriminals have found a way to bypass security checks in regard to investor wallets. Scam Sniffer explains that hackers use CREATE2 to effortlessly generate momentary new addresses, each with a malicious signature. 

When unsuspecting investors sign this crafted signature, the hackers deploy a contract at the predicted address and process an unauthorized transfer of assets. Using this technique, these bad actors have been able to operate undetected, siphoning large amounts of funds from innocent victims.

Speaking about a sample incident, Scam Sniffer explains how a victim lost $927,000 worth of GMX on Sunday after unknowingly authorizing a “signalTransfer” transaction that allowed hackers to withdraw these assets to a pre-computed contract address. 

In total, Scam Sniffer revealed that the main group of wallet drainers exploiting the CREATE2 feature has so far stolen $60 million from an estimated 99,000 victims in the last six months. 

Meanwhile, during a discussion with SlowMist, another prominent blockchain security firm, Scam Sniffer learned a separate group of hackers has been using the same technique in address poisoning.

Since August, findings reveal that this second group has stolen nearly $3 million worth of assets from 11 victims, of which $1.6 million belonged to a single victim. In wrapping up its report, Scam Sniffer reminds crypto users to stay on alert and verify every transaction, as the continuous cycle of detection and counter-detection in the crypto space will likely not end.

Beyond Hacks, Crypto Scams Remain A Peril

Just like hacks, crypto scams are also still considered a major source of concern for many investors. According to FootPrint x Boesin’s H1 2023 security report, scams resulted in a total asset loss of $184.17 million, accounting for 28% of losses recorded by investors in the first half of the year. 

Notably, Scam Sniffer has reported two major scam incidents over the last 48 hours in which both victims lost a combined $468, 000 worth of assets. These attacks only underscore the continuous need for enhanced security measures in the cryptocurrency ecosystem. 

Hackers

Read the article at Bitcoinist

Read More

London Police Team Up With International Law Firm After Elderly Victim Defrauded for $2,580,000

London Police Team Up With International Law Firm After Elderly Victim Defrauded for $2,580,000

Law enforcement authorities in the city of London are joining forces with an internat...
Apr, 07, 2025
2 min read
by The Daily Hodl
Emerging Address Poisoning Attack on Bitcoin Blockchain, Casa Executive Warns

Emerging Address Poisoning Attack on Bitcoin Blockchain, Casa Executive Warns

Jameson Lopp cautioned Bitcoin holders, stressing the recent surge in Bitcoin address...
Apr, 07, 2025
2 min read
by Cryptonews