Important facts:
-
It is estimated that more than 99,000 victims were affected.
-
One of the victims lost $1.6 million in a single attack.
A recent investigation found that some hackers exploited a security flaw that made it easier for them to bypass security warnings and allowed them to steal over $60 million worth of cryptocurrencies.
Accordingly public On November 12, hackers from cyber investigation firm Scam Sniffer abused the CREATE2 function in phishing sites’ smart contracts to create payment addresses other than the original ones.
The problem that Scam Sniffer detected is that the use of the function does not involve any riskseven all Uniswap contracts use this CREATE2 function. However, if it is used by hackers for a phishing attack, These manage to bypass the wallet alarm controlslike MetaMask, which makes the transaction appear completely legal.
As per the Twitter account, MetaMask does not display any warning when detecting a malicious transaction as it is a completely legal operation.
As we explained, The risk of this attack is that CREATE2 is not a standalone piece of malicious code.but it is exploited maliciously because it allows random generation of payment addresses.
In this way, the user ultimately assumes that the transaction is correct and makes the payment. However, by signing the transaction, you allow your cryptocurrency wallet to be emptied.
The shocking thing about this discovery is the number of victims, which almost exceeds 100,000 cryptocurrency users. Some of these had individual losses amounting to 1.6 million. Given the number of victims, this represents a significant problem.
Scam Sniffer urges users to verify payment addresses and avoid connecting browser wallets to websites of dubious origin.