Malicious actors have capitalized on Ethereum’s ‘Create2’ function to elude wallet security alerts, resulting in the pilfering of $60 million from 99,000 individuals within six months, as revealed by Web3 anti-scam experts at ‘Scam Sniffer.’
The ‘Create2’ opcode, introduced in Ethereum’s ‘Constantinople’ upgrade, enables the pre-calculation of smart contract addresses before deployment, offering both powerful benefits and significant security risks. Scam Sniffer’s report exposes two types of abuse: bypassing security alerts by generating fresh contract addresses and employing ‘address poisoning’ to trick victims into sending assets to malicious actors.
The community has witnessed both silent siphoning of millions and high-profile cases, emphasizing the importance of thorough address verification during cryptocurrency transactions.