GLOBAL – A recent study by Scam Sniffer has revealed that fraudsters have manipulated Ethereum's Create2 function, resulting in a significant theft of cryptocurrencies. Over the past six months, approximately $60 million has been stolen from nearly 100,000 victims through a method known as "address poisoning."
The Create2 function, which was introduced in Ethereum's Constantinople update, allows for the creation of smart contracts with pre-calculated addresses. This feature is designed for more sophisticated interactions and is widely used for deploying decentralized applications (dApps). However, it has also opened up new vulnerabilities that bad actors are exploiting.
Scammers are using Create2 to generate new contract addresses with no prior transaction history. Unsuspecting users are tricked into sending assets to these addresses, believing them to be secure. The study highlighted several high-profile incidents, including a single user losing $927,000 and another case where a Binance operator mistakenly transferred $20 million to scammers. Although Binance acted quickly to block the recipient's address, the damage had been done.
In response to these security breaches, experts are urging cryptocurrency users to exercise increased caution. They recommend confirming recipient addresses before making transactions, avoiding suspicious links and attachments, and using Bitcoin wallets that offer enhanced security features such as two-factor authentication and address verification.
The Scam Sniffer team's findings underscore the growing need for improved security measures within the cryptocurrency space as fraudsters continue to find and exploit loopholes in the system.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.