skip to Main Content
bitcoin
Bitcoin (BTC) $ 79,583.32 3.93%
ethereum
Ethereum (ETH) $ 1,579.89 6.76%
tether
Tether (USDT) $ 0.99995 0.02%
xrp
XRP (XRP) $ 1.92 9.66%
bnb
BNB (BNB) $ 561.80 4.25%
usd-coin
USDC (USDC) $ 1.00 0.00%
solana
Solana (SOL) $ 110.69 11.28%
dogecoin
Dogecoin (DOGE) $ 0.154133 11.53%
tron
TRON (TRX) $ 0.234573 4.31%
cardano
Cardano (ADA) $ 0.597796 9.70%

Ethereum Wallet Drainer Steals $60M in Six Months

Hackers that stole more than $60 million worth of crypto in six months are using a piece of code to bypass security alerts after maliciously gaining access to private keys, according to on-chain sleuth ScamSniffer.

The wallet drainers are misusing Create2, a piece of code that is used by the likes of Uniswap to predict the address of a contract before it is deployed on the Ethereum network.

By misusing Create2, wallet drainers can instantly create temporary wallet addresses to receive funds after a user clicks on a malicious signature. When users send funds or interact with a smart contract, they will be prompted to “approve” a signature, hackers often disguise permissions within this signature to gain access to a user’s wallet.

The use of Create2 bypasses security alerts that would typically warn a user before signing the signature.

Research from ScamSniffer and SlowMist estimates that $60 million has been stolen from around 99,000 victims in the past six-months.

One group has been using the Create2 code to steal $3 million from 11 victims since August.

Cryptocurrency-related hacks and exploits have become prevalent in recent months with exchange Poloniex losing $114 million in a hot wallet breach last week. Victims of the LastPass breach also lost $4.4 million in a single day in October.

Edited by Stephen Alpher.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top