New feature on Ethereum blockchain allows hackers to steal $ 60 million in cryptocurrency

Attackers have found a way to bypass cryptocurrency wallet security systems using the Create2 function in the Ethereum blockchain ETH $3,353.90 Bridged Ether (StarkGate) -2.08% Market capitalization $0.29 billion VOL. 24 hours $2.22 billion . Over the past six months, this method has allowed 99,000 users to steal $ 60 million worth of cryptocurrency, according to Scam Sniffer analysts. In some cases, the losses of individuals reached $ 1.6 million.

Create2, introduced in the Constantinople update, allows you to create smart contracts on the blockchain with the ability to pre-calculate their addresses before deployment. Although the feature is legitimate, it has created new vulnerabilities in the Ethereum security system.

The main way of abuse is to create new contract addresses without a history of suspicious transactions. Attackers deceive victims by forcing them to sign malicious transactions, and then transfer assets to the previously calculated addresses. For example, one victim lost $ 927,000 in GMX cryptocurrency after signing a fraudulent transfer contract.

Another method, known as address poisoning, involves creating multiple addresses, among which those that look like legitimate victims' addresses are chosen. In this way, users send assets to fraudsters, mistakenly believing that they are transferring funds to familiar addresses. Since August 2023, there have been 11 cases where victims have lost approximately $ 3 million in this way.

The attacks often went unnoticed, but some attracted public attention. For example, the crypto wallet service MetaMask warned about fraudsters using freshly created addresses that match the addresses used by victims in recent transactions. In one case, a Binance operator mistakenly sent $ 20 million to fraudsters, but quickly noticed the error and froze the recipient’s account.

Experts emphasize that the method of using similar cryptocurrency addresses resembles the tactics used by malware to capture the clipboard, for example, as the Laplas Clipper does. In this regard, experts strongly recommend that users carefully check recipients' addresses when conducting cryptocurrency transactions to avoid similar frauds.