Decentralized finance has changed how money moves thanks to the financial freedom it offers, its accessibility and innovation. Now, like anything in the world, it is not free of dangers and A team of cybercriminals have orchestrated a massive theft of over $60 million from unsuspecting victims.
The affected one? Ethereum. As? Hackers have exploited a feature within the cryptocurrency blockchain known as Create2 which was introduced in 2019 to improve the creation of smart contracts, allowing developers to predict the direction of a contract before deploying it.
Yes, it is a very useful feature for decentralized applications and user experience, but it also has hidden flaws inside that can be exploited.
What have cybercriminals done? They devised a double attack strategy to exploit the Create2 vulnerability and began siphoning funds from unsuspecting users.
The first technique, as pointed out in GHacks, consists of generating Ethereum addresses very similar to the legitimate ones of the recipients. This technique, called “address poisoning”, involves creating a large number of addresses and selecting those that match the recipient’s address, thus tricking users into sending their assets to the wrong destination.
The second technique manages to bypass wallet security alerts. In this way, cybercriminals could steal funds from victims’ wallets without raising the alarm. This method was especially effective in bypassing security measures designed to prevent unauthorized transactions.
Through these 2 techniques of exploiting the Create2 function It has left more than 99,000 victims and total losses worth 60 million dollars. Some users lost their entire cryptocurrency holdings, while others saw their funds drop significantly.
This incident has highlighted the risks inherent to the decentralized finance (DeFi) ecosystem and has made it clear that educating users is vital so that they know what they are facing so that they can understand the platforms with which they interact before to trust your assets.
This theft of $60 million from 99,000 users is a stark reminder of the vulnerabilities that exist in the DeFi space. Although the Ethereum community has taken steps to address Create2-related exploits, the incident underscores the ongoing challenge of securing decentralized networks and protecting users from sophisticated cyberattacks.
