New crypto threat: Hackers misuse Ethereum feature for fraud

Most read

Loading Most Ready posts..


Share link:


  • Hackers are utilizing the Ethereum network’s CREATE2 opcode, originally intended for pre-determining contract addresses.
  • This exploitation has led to substantial financial damages, with a notable case involving a user losing $927,000 in GMX tokens.
  • According to a security report, scams represented 28% of total investor losses in the first half of 2023, totaling $184.17 million.


In a concerning development within the cryptocurrency space, hackers have begun exploiting the Ethereum network’s CREATE2 opcode, bypassing security features in some wallets and leading to significant losses for investors. Blockchain security firm Scam Sniffer highlighted this issue, revealing a worrying trend among cybercriminals.

The CREATE2 opcode, initially designed to predict a contract’s address before deployment, has found an unintended use in the hands of fraudsters. Notably, this feature is employed by the popular decentralized exchange Uniswap for creating pair contracts. However, cybercriminals now leverage this capability to generate new addresses with a malicious signature, circumventing security checks.

This security loophole has resulted in unsuspecting investors signing off on transactions that facilitate unauthorized fund transfers. A striking example provided by Scam Sniffer involves a user, John Doe, who lost $927,000 in GMX tokens after inadvertently authorizing a “signal transfer” transaction. This incident underscores the growing sophistication of these scams.

Scam Sniffer’s investigations, supplemented by blockchain security company SlowMist insights, have revealed alarming statistics. The predominant group of wallet drainers using CREATE2 has amassed around $60 million, targeting nearly 99,000 victims in just six months. Another group, identified through address poisoning tactics, has stolen approximately $3 million from 11 victims since August, with one individual losing $1.6 million.

These revelations highlight the evolving landscape of cryptocurrency threats. Indeed, the FootPrint x Boesin H1 2023 security report paints a grim picture: scams accounted for 28% of total investor losses, amounting to $184.17 million in the first half of the year alone.

In just the past 48 hours, Scam Sniffer has recorded two significant scam incidents, with victims losing $468,000. These events underscore the persistent challenge of ensuring cryptographic security and the need for continuous vigilance among cryptocurrency users.

As the industry grapples with these sophisticated threats, Scam Sniffer’s findings are a stark reminder of the ongoing battle between innovation and exploitation in the digital finance. The firm concludes its report by urging the crypto community to exercise heightened caution and verify all transactions, acknowledging that the cycle of discovery and countermeasures in cryptocurrency security is a constant and evolving challenge.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Share link:

Mutuma Maxwell

Maxwell especially enjoys penning pieces about blockchain and cryptocurrency. He started his venture into blogging in 2020, later focusing on the world of cryptocurrencies. His life's work is to introduce the concept of decentralization to people worldwide.

Stay on top of crypto news, get daily updates in your inbox

Related News

Subscribe to CryptoPolitan