Ethereum feature abused to steal $60 million from 99K victims

Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months. This is reported by Web3 anti-scam specialists at 'Scam Sniffer,' who observed several cases of in-the-wild exploitation of the function, in some cases losses incurred by one individual reaching up to $1.6 million. Create2 is an opcode in Ethereum, introduced in the 'Constantinople' upgrade, that allows creating smart contracts on the blockchain. Unlike the original Create opcode, which generated new addresses based on the creator's address and nonce, Create2 allows calculating addresses before the deployment of the contract. It's a powerful tool for Ethereum developers, enabling advanced and flexible contract interactions, parameter-based contract address pre-calculation, deployment flexibility, suitability for off-chain transactions and certain dApps. Create2 introduced significant benefits, but several security implications and new attack vectors also came along with them. Scam Sniffer's report explains that Create2 can be abused to generate fresh contract addresses with no history of malicious/reported transactions, hence bypassing wallet security alerts. When a victim signs a malicious transaction, the attacker deploys a contract at the pre-calculated address and transfers the victim's assets to it, a non-reversible process. In a recent case analysts observed, a victim lost $927,000 worth of GMX after they were tricked into signing a transfer contract that sent the assets to a pre-computed address. The second type of Create2 abuse is generating addresses similar to legitimate ones owned by the recipient, thus tricking users into sending assets to the threat actors, thinking they're sending it to a known address. The scheme, which is named 'address poisoning,' involves generating a large number of addresses and then picking those that match their specific phishing needs each time to trick their targets. Since August 2023, Scam Sniffer has recorded 11 victims losing nearly $3 million, with one of them transferring $1.6 million to an address resembling one they had sent money to recently. At the beginning of the year, MetaMask warned about scammers using freshly-generated addresses that match those used by the victim in recent transactions. In the scam, the threat actor may also send the victim a small amount in crypto to register the address in the wallet's history, thus increasing the chances of the victim making the payment. In early August 2023, a Binance operator mistakenly sent $20 million to scammers who employed the 'address poisoning' trick but noticed the error quickly and froze the recipient's address. Notably, using lookalike cryptocurrency addresses is a trick seen in clipboard-hijacking malware tools, like the Laplas Clipper, highlighting the method's effectiveness. When performing cryptocurrency transactions, it is always recommended to check the recipient's address thoroughly, and not just the first and last three-four characters, before approving it. Palestine crypto donation scams emerge amid Israel-Hamas war. Hackers use Binance Smart Chain contracts to store malicious scripts. Mixin Network suspends operations following $200 million hack.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Ethereum feature abused to steal $60 million from 99K victims

Accepting Ethereum for Businesses, An Overview - For a business looking to stay ahead of the curve, opting to accept Ethereum payments could be the key to unlocking a new world of opportunities. Accepting Ethereum payments offers businesses global market reach, cost-effectiveness, privacy and ...
8 months ago Hackread.com
Exploring the Phenomenal Rise of Ethereum as a Digital Asset - In this exploration, we delve into the multifaceted layers of Ethereum's meteoric rise, dissecting the technological breakthroughs, the vibrant community dynamics, and the pivotal moments that have propelled it to the forefront of the digital asset ...
8 months ago Hackread.com
Ethereum feature abused to steal $60 million from 99K victims - Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months. This is reported by ...
11 months ago Bleepingcomputer.com
Crypto scammers abuse X 'feature' to impersonate high-profile accounts - The website uses the status ID to determine what post should be loaded from the site's database, not bothering to check if the account name is valid. This allows you to take an URL for a Tweet and modify the account name to whatever you want, even ...
10 months ago Bleepingcomputer.com
Crypto scammers abuse Twitter 'feature' to impersonate high-profile accounts - The website uses the status ID to determine what post should be loaded from the site's database, not bothering to check if the account name is valid. This allows you to take an URL for a Tweet and modify the account name to whatever you want, even ...
10 months ago Bleepingcomputer.com
Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds - It took two brothers who went to MIT months to plan how they were going to steal, launder and hide millions of dollars in cryptocurrency - and only 12 seconds to actually pull off the heist. The brothers, Anton Peraire-Bueno and James Pepaire-Bueno, ...
5 months ago Securityboulevard.com
US detains suspects behind $80 million 'pig butchering' scheme - The U.S. Department of Justice charged four suspects for their alleged involvement in a pig butchering fraud scheme that resulted in more than $80 million in victim losses. A seven-count indictment on Wednesday linked four suspects, Lu Zhang, Justin ...
10 months ago Bleepingcomputer.com
Orbit Chain loses $86 million in the last fintech hack of 2023 - Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin. Orbit Chain is a blockchain platform designed to function as a multi-asset hub, supporting ...
10 months ago Bleepingcomputer.com
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
11 months ago Bleepingcomputer.com
Misconfigured Firebase Instances Expose 125 Million User Records - Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple ...
7 months ago Securityweek.com
Black Basta's ransom haul tops $100M in less than 2 years - The Black Basta ransomware gang has raked in more than $100 million from victims of its double-extortion attacks since its emergence early last year, according to researchers. The haul - which included grabbing $9 million from one victim and more ...
11 months ago Packetstormsecurity.com
23andMe confirms nearly 7 million customers affected in data leak - Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday. The vast majority of the leaked data was scraped from the site's DNA Relatives feature ...
11 months ago Packetstormsecurity.com
Blockchain dev's wallet emptied in "job interview" using npm package - The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet had been emptied. Take-home job exercise empties dev's crypto wallet. Moments later, the ...
10 months ago Bleepingcomputer.com
LastPass breach linked to theft of $4.4 million in crypto - Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. The news comes ...
11 months ago Bleepingcomputer.com
T-Mobile pays $31.5 million FCC settlement over 4 data breaches - "With companies like T-Mobile and other telecom service providers operating in a space where national security and consumer protection interests overlap, we are focused on ensuring critical technical changes are made to telecommunications networks to ...
1 month ago Bleepingcomputer.com
More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
11 months ago Therecord.media
Orbit Chain Loses $86M in Cross-Chain Bridge Hack - Orbit Chain, a South Korean platform designed to act as a multi-asset blockchain hub, revealed a massive breach on December 31, 2023. Orbit Chain revealed specifics of the theft in a series of posts on X, saying the hacker employed cryptocurrency ...
10 months ago Cysecurity.news
The Top 5 Ransomware Takedowns - Learn about the recent achievements in the fight against ransomware as law enforcement agencies and cybersecurity organizations successfully disrupt operations, seize infrastructure, and safeguard victims from further attacks. Trigona ransomware, a ...
10 months ago Securityboulevard.com
Tor Project removes relays because of for-profit, risky activity - The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and security of all Tor network users. Tor network relays are routing points that help anonymize the original traffic source ...
11 months ago Bleepingcomputer.com
Ex-Amazon engineer pleads guilty to hacking crypto exchanges - Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022. The two affected companies are Nirvana Finance, a decentralized crypto exchange, and an ...
10 months ago Bleepingcomputer.com
US Offers $10 Million Reward for Info About Hive Ransomware Leaders - The U.S. government appears eager to finish off what's left of the notorious Hive ransomware group, offering a $10 million reward for information that leads to the identification and location of any of the leaders of the gang. The State Department on ...
8 months ago Securityboulevard.com
BlackBerry Provides Update on Progress in Separation of Divisions and Path to Profitability - PRESS RELEASE. WATERLOO, Ontario, Feb. 12, 2024 /PRNewswire/ - BlackBerry Limited today provided an update on the previously announced process to separate its IoT and Cybersecurity businesses as standalone divisions, and drive the Company towards ...
8 months ago Darkreading.com
China's MIIT Proposes Color-coded Contingency Plan for Security Incidents - On Friday, China proposed a four-tier classification system, in an effort to address data security incidents, underscoring concerns of Beijing in regards to the widespread data leaks and hacking incidents in the country. This emergency plan comes ...
10 months ago Cysecurity.news
Biden's budget proposal boosts CISA's funding to $3b The Register - US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA's total budget to $3 billion. Biden proposed his $7.3 trillion spending plan for fiscal year ...
7 months ago Go.theregister.com
Romance Scammers are Adopting Approval Phishing Tactics - Romance scams are labor-intensive and time-consuming schemes to run. They can be lucrative, pulling in millions in stolen cryptocurrency, but they also can end up going nowhere if the targeted victim becomes suspicious or the bad actor decides there ...
10 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)