Table of Contents Crypto Phishing Actors Exploit CREATE2 Vulnerability Phishing Sites Are Getting More Sophisticated and Harder to Spot
Crypto Phishing Losses Increase Dramatically
Crypto phishing attacks have claimed another victim. Scam Sniffer, the first to detect the transaction, revealed that victims were trapped in the authorization process, causing them to lose their assets.
“Someone lost $2.47 million worth of Aave Ethereum sDAI after signing a phishing signature,” he wrote on X.
This case serves as a harsh reminder of the dangers that continue to threaten crypto investors, especially regarding weaknesses in security systems.
Crypto Phishing Attackers Exploit CREATE2 Vulnerability
With losses reaching US$2.47 million, crypto phishing perpetrators managed to steal victims' crypto assets by exploiting loopholes in the security mechanisms of crypto wallets.
The attack exploits the CREATE2 feature, an opcode in the Ethereum network that allows someone to predict the address of a smart contract before it is launched on the blockchain.
CREATE2 is actually a useful feature in the Ethereum network. This feature is often used by leading platforms such as Uniswap to create Pair contracts, which are needed in transactions on decentralized exchanges.
Scam Sniffer explains that the perpetrators of these crimes have twisted its function for harmful purposes.
“With CREATE2, the attacker can easily generate a new temporary address for each malicious signature. After the victim signs the signature, the attacker creates a contract on that address and transfers the user’s assets. The motivation is to avoid wallet security checks,” he explained. $BTC
