Hackers Steal $60 Million from Crypto Wallets in Six Months

Reading Time: 2 minutes
  • Hackers have stolen $60 million from crypto wallets using a practice commonly used by genuine blockchain projects
  • The practice enables them to block users’ wallets from requesting an approval when funds are being drained 
  • The new method adds to a list of new methods hackers are using to infiltrate crypto storage and trading platforms

Blockchain researcher ScamSniffer has unearthed a new method that has allowed hackers to anonymously siphon $60 million from crypto wallets in the last six months. According to the researcher, malicious actors are misusing a genuine code provision to block wallets from notifying their users when they’re sending funds to a new address. The discovery comes a month after cybersecurity experts unearthed Lazarus’ new hacking method, an indication that malicious actors are looking for new ways to fleece their victims.

Genuine Code Snippet with Malicious Applications

In an X (formerly Twitter) thread, ScamSniffer disclosed that hackers are “misusing Create2 to bypass security alerts in some wallets,” adding that the technique is part of malicious actors’ ways of initiating address poisoning.

According to the on-chain sleuth, Create2 is a genuine code snippet used by genuine blockchain and crypto projects like Uniswap but hackers are using it with ill intentions.

The code snippet is used in the blockchain world to “predict the address of a contract before it’s deployed on the Ethereum network.” However, hackers are using the provision to “bypass wallet security checks.”

Hacking Group Using Employment Scam

The researcher disclosed that malicious actors use the feature to create temporary addresses for a malicious signature which allows them to silently siphon funds once a user signs the signature.

The revelations come a week after investigators learnt that North Korean hacking group Lazarus has embraced new tactics such as the employment scam used to infiltrate crypto platforms like Ronin Network that lost $540 million.

Despite blockchain sleuths discovering different hacking routes, malicious actors are likely to add more weapons to their arsenal.