Ethereum Scammers Abuse Create2 Function to Steal $60 Million from 99,000 Victims in 6 Months
-
Ethereum's Create2 function is being abused by scammers to steal cryptocurrency, leading to $60 million stolen from 99,000 victims in 6 months.
-
Create2 allows pre-calculating contract addresses before deployment, enabling scammers to bypass wallet alerts for new addresses.
-
Scammers deploy contracts at pre-calculated addresses and irrevocably steal victims' assets when they sign malicious transactions.
-
Scammers also generate addresses similar to legitimate ones to trick victims into sending funds, a technique called "address poisoning".
-
Victims have lost up to $1.6 million in single transactions. MetaMask and Binance have warned about these address spoofing scams.