Share this article
Ethereum Wallet Drainer Steals $60M in Six Months
Hackers are using a piece of code called Create2 to bypass security alerts when users sign malicious signatures.
Updated Nov 13, 2023, 3:56 p.m. Published Nov 13, 2023, 3:56 p.m.
Hackers that stole more than $60 million worth of crypto in six months are using a piece of code to bypass security alerts after maliciously gaining access to private keys, according to on-chain sleuth ScamSniffer.
The wallet drainers are misusing Create2, a piece of code that is used by the likes of Uniswap to predict the address of a contract before it is deployed on the Ethereum network.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By misusing Create2, wallet drainers can instantly create temporary wallet addresses to receive funds after a user clicks on a malicious signature. When users send funds or interact with a smart contract, they will be prompted to "approve" a signature, hackers often disguise permissions within this signature to gain access to a user's wallet.
The use of Create2 bypasses security alerts that would typically warn a user before signing the signature.
Research from ScamSniffer and SlowMist estimates that $60 million has been stolen from around 99,000 victims in the past six-months.
One group has been using the Create2 code to steal $3 million from 11 victims since August.
Cryptocurrency-related hacks and exploits have become prevalent in recent months with exchange Poloniex losing $114 million in a hot wallet breach last week. Victims of the LastPass breach also lost $4.4 million in a single day in October.
Más para ti
Lo que debes saber:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Más para ti
Foundation behind restaking protocol EigenLayer plans bigger rewards for active users
An Incentives Committee would direct programmatic token emissions, focusing allocations on participants that secure AVSs and contribute to the EigenCloud ecosystem.
Lo que debes saber:
- The Eigen Foundation has unveiled a governance proposal aimed at ushering in new incentives for its EIGEN token, shifting the protocol’s reward strategy to prioritize productive network activity and fee generation.
- Under the plan, a newly formed Incentives Committee would manage token emissions, prioritizing participants who secure Actively Validated Services and expand the EigenCloud ecosystem.
- The proposal includes a fee model that channels revenue from AVS rewards and EigenCloud services back to EIGEN holders, potentially creating deflationary pressure as the ecosystem grows.
Top Stories
