Hackers that stole more than $60 million worth of crypto in six months are using a piece of code to bypass security alerts after maliciously gaining access to private keys, according to on-chain sleuth ScamSniffer.
The wallet drainers are misusing Create2, a piece of code that is used by the likes of Uniswap to predict the address of a contract before it is deployed on the Ethereum network.
By misusing Create2, wallet drainers can instantly create temporary wallet addresses to receive funds after a user clicks on a malicious signature. When users send funds or interact with a smart contract, they will be prompted to “approve” a signature,
Join the conversation!
Please share your thoughts about this article below. We value your opinions, and would love to see you add to the discussion!