Hackers Exploit Ethereum Blockchain Feature to Steal $60 Million from 99,000 Victims

In a recent report from Scam Sniffer, it has been revealed that hackers have been taking advantage of a feature in the Ethereum blockchain to deceive victims into sending money. Over the course of the last six months, these criminals were able to trick almost 100,000 people into giving away a total of $60 million.

The report details how the hackers used a function called Create2, an opcode that allows users to predict the address of a contract before it is deployed on the Ethereum network. This enables the hackers to create temporary addresses for each transaction, making them greatly resemble the intended recipient’s address. This tactic has been termed “address poisoning.”

To trick users, the attackers create an address that differs in just a few characters, making it appear valid at first glance. Additionally, they have found a way to bypass the second failsafe – the test transaction – by forwarding the test transaction to the actual address.

These lookalike addresses are not directly linked to a wallet controlled by the attackers, but they are rather a smart contract that then transfers the funds to the final destination. The researchers observed multiple cases of fraud leveraging Create2, with one victim losing up to $1.6 million.

To prevent falling victim to this scheme, users are advised to thoroughly check the entire address before sending funds, rather than just matching the first and last characters.

The abuse of this Ethereum feature to commit fraud highlights the need for users to exercise caution and vigilance when sending funds through blockchain transactions.