Cointime

Download App
iOS & Android

Scam Sniffer: In the past six months, Wallet Drainer has used Create2 phishing techniques to steal nearly $60 million

Scam Sniffer posted on X platform that Wallet Drainer abuses Create2 to bypass security alerts in certain wallets by generating a new address for each malicious signature. It is understood that the CREATE2 opcode allows users to predict the address of a contract before it is deployed to the Ethereum network. Uniswap uses CREATE2 to create Pair contracts. Using Create2, Drainer can easily generate temporary new addresses for each malicious signature. After the victim signs the signature, the Drainer creates a contract at that address and transfers the user's assets. The motivation is to bypass wallet security checks. In the past six months, Drainers of this type have stolen nearly $60 million from approximately 99,000 victims. Since August, an organization has used the same technique in Address Poisoning to steal assets worth nearly $3 million from 11 victims, with one victim losing as much as $1.6 million. Yuan Cos, founder of SlowMist, commented: "This phishing trick is clever. Using Create2 to pre-create the funding receiving address (which is a contract address that does nothing until the phishing is successful), this can bypass many wallet security checks. Let's see which wallets can keep up and enhance their security measures in time."

Comments

All Comments

Recommended for you

  • Slurpycoin on BSC was attacked by flash loans, and the attacker used the repurchase mechanism to manipulate the token price for profit

    According to CertiK Alert monitoring, Slurpycoin on BSC has suffered a flash loan attack. The attacker manipulated the token price using a buyback mechanism and made a profit of about $3,000 from sandwich arbitrage. This attack is also responsible for the $10,000 loss of MRP tokens on July 2.
  • Europol seizes over $26 million in crypto from nine drug traffickers

    On December 19th, the European police organization collaborated with law enforcement agencies from six countries to dismantle an international drug trafficking group that used cryptocurrency. The operation resulted in the arrest of 9 suspects. During the operation, valuable items including gold and luxury goods, €35,000 in cash, and €25 million in cryptocurrency (equivalent to $26.23 million) were seized. The total value of assets seized was €27 million, equivalent to $28.33 million.
  • Phishers forge Ledger emails, send fake security breach notifications to trick users into sharing seed phrases

    scammers are forging support emails from hardware wallet manufacturer Ledger, in order to trick users into sharing their seed phrases under the guise of checking for security vulnerabilities. Ledger users have reported that phishing scammers are forging support emails from the cryptocurrency hardware wallet provider in order to trick users into revealing their wallet keys.
  • Anthropic X account was hacked, it has been restored and confirmed that no system was damaged

    official X account of the artificial intelligence startup company Anthropic was hacked this morning and an unknown token contract address was posted. The tweet has since been deleted. Anthropic stated that the root cause of the unauthorized post on the account has been identified and confirmed that no Anthropic system or service was compromised or involved in this incident.
  • Nigeria raids crypto fraud den, nearly 800 suspects arrested, including citizens of many countries

    the Economic and Financial Crimes Commission (EFCC) of Nigeria raided a cryptocurrency scam center in Lagos on December 10th, arresting 792 suspects, including 148 Chinese citizens and 40 Filipino citizens. The organization primarily targeted North American and European users for Ponzi schemes, forcing victims to transfer funds for false cryptocurrency plans and other non-existent projects.
  • ZachXBT: LastPass attackers stole approximately $5.36 million in crypto assets from more than 40 addresses

    On December 17th, Chain analyst ZachXBT revealed that LastPass attackers launched attacks on more than 40 victim addresses, stealing approximately $5.36 million in encrypted assets. The attacker then exchanged the stolen funds for ETH and transferred the assets from the Ethereum network to the Bitcoin network through multiple instant exchanges, attempting to conceal the flow of funds.
  • On-chain trading tool SolTradingBot suspected of being attacked

    On December 17th, according to community reports, the on-chain trading tool SolTradingBot was suspected to have been attacked, and some users reported that their funds were stolen. Please be aware of the risks.
  • Arizona man allegedly impersonated Uber driver to steal $300,000 in cryptocurrency

    According to a report by Cointelegraph, a man in Arizona, USA is suspected of impersonating an Uber driver and stealing $300,000 worth of cryptocurrency. The Scottsdale Police Department has charged Nuruhussein Hussein with pretending to be an Uber driver twice in March and October of this year, and specifically talking to passengers by name to lure them into waiting outside the W Hotel in Scottsdale. Once in the car, Nuruhussein Hussein asked to borrow the passengers' phones, then used them to access their Coinbase accounts and transfer cryptocurrency. Nuruhussein Hussein will appear in court again on December 18th.
  • ZachXBT: Suspected insiders made $3.8 million in profits on RTR

    On August 10th, Chain Detective ZachXBT posted on social media that 4 addresses made a profit of $3.8 million in the RTR sell-off, with the 9G1ELG and GHoW2 addresses belonging to the same person and receiving 500 SOL in new funds within minutes after the TGE. Previously, it was reported that Restore The Republic (RTR) had its TGE on the evening of August 8th, with rumors circulating in the community that it was related to a new project by the Trump family. The RTR token reached a high of $0.156 on August 9th at midnight. Afterwards, Eric Trump, the current Executive Vice President of the Trump Organization and son of Donald Trump, warned on social media to "be careful of false tokens" and that the only official Trump project has yet to be announced and will be announced on Twitter first. After the statement was released, RTR quickly dropped by about 95%, with a trading volume of $164 million within just 15 hours of its creation.
  • The U.S. Internal Revenue Service has released a new draft of the crypto tax form, which no longer requires filling in wallet addresses and transaction IDs

    The US Internal Revenue Service (IRS) released an updated draft version of tax form 1099-DA for cryptocurrency brokers and investors to report certain transaction income. The public has 30 days to provide feedback to the IRS on this version. Starting in 2026, cryptocurrency investors who use brokers (currently mainly Coinbase and Kraken, among others) will receive 1099-DAs from these brokers to report certain cryptocurrency sales and trades as taxable events to the IRS. IRS officials say this form will "bring more convenience and clarity" to users who pay US cryptocurrency taxes.