Rethink security against crypto wallet-draining attacks

March 20, 2024
1 min read


TLDR:

Infosec researchers are noting rising cryptocurrency attacks that exploit Ethereum’s CREATE2 opcode, draining millions of dollars worth of assets from victims’ wallets. Attackers use social engineering to get victims to approve a contract, which is then deployed with the victim’s authorization, draining their funds.

Article Summary:

Research from Check Point highlights a critical issue in the blockchain community where attackers are draining cryptocurrency wallets of millions of dollars by exploiting Ethereum’s CREATE2 function. Introduced in 2019, CREATE2 allows for more efficient deployments of smart contracts and is now being used by attackers to drain victim’s wallets. These attacks involve social engineering to get victims to approve a contract that hasn’t been deployed yet, leveraging the ability of CREATE2 to generate new contract addresses to receive funds.

One fraud in January saw attackers make off with $3.6 million worth of SuperVerse tokens in one transaction, showcasing the seriousness of these incidents for victims. The vulnerability in CREATE2 allows attackers to bypass security protections by using new wallet addresses with no history of criminal activity. The continuous battle between innovation and security in the blockchain sphere highlights the need for enhanced security measures in wallet products to safeguard digital assets against emerging threats.

High-profile attacks in late 2023 targeted various wallets, including Justin Sun’s Tron Foundation and the Monero Project. The web3 anti-scam provider ScamSniffer analyzed CREATE2 incidents and found nearly $60 million in assets stolen from around 99,000 victims between May and November 2023. While not all attacks were directly attributed to CREATE2 exploits, it’s suggested that North Korea’s state-sponsored Lazarus gang may have been behind a significant portion of these incidents.

Crypto wallet providers are urged to rethink security measures to adapt to evolving cybercriminal tactics, emphasizing the importance of awareness, education, and continuous updates to ensure the safekeeping of digital assets in the face of innovative exploits.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and