Posted 3/19/2024, 2:30:00 PM
Ethereum Bug Enables $60 Million in Crypto Thefts Through 'Empty Wallet' Attacks
- Attackers are exploiting Ethereum's CREATE2 opcode to drain crypto assets from victims' wallets in large-scale heists
- CREATE2 allows attackers to generate temporary wallet addresses that have no prior history, evading fraud detections
- After socially engineering victims to approve contracts, attackers can instantly drain funds to freshly created wallet addresses
- High-profile crypto entities like Tron Foundation, Monero Project, and Atomic Wallet have been targeted recently
- Researchers estimate $60 million has been stolen from 99,000 victims with CREATE2 attacks between May-November 2023