Hackers that stole more than $60 million worth of crypto in six months are using a piece of code to bypass security alerts after maliciously gaining access to private keys, according to on-chain sleuth ScamSniffer.
The wallet drainers are misusing Create2, a piece of code that is used by the likes of Uniswap to predict the address of a contract before it is deployed on the Ethereum network.
By misusing Create2, wallet drainers can instantly create temporary wallet addresses to receive funds after a user clicks on a malicious signature. When users send funds or interact with a smart contract, they will be prompted to «approve» a signature, hackers often disguise permissions within this signature to gain access to a user’s wallet.
The use of Create2 bypasses security alerts that would typically warn a user before signing the signature.
Research from ScamSniffer and SlowMist estimates that $60 million has been stolen from around 99,000 victims in the past six-months.
One group has been using the Create2 code to steal $3 million from 11 victims since August.
Cryptocurrency-related hacks and exploits have become prevalent in recent months with exchange Poloniex losing $114 million in a hot wallet breach last week. Victims of the LastPass breach also lost $4.4 million in a single day in October.