Hackers have exploited a feature in the Ethereum blockchain to deceive individuals into sending money, a recent report from Scam Sniffer reveals. Over the course of six months, these criminals were able to convince nearly 100,000 people to hand over a total of $60 million.
The hacking scheme exploits a function called Create2, which allows users to predict the address of a contract before it is deployed on the Ethereum network. Using this method, hackers can create temporary addresses that closely resemble the intended destination for the funds, leading to what is being called “address poisoning.”
To avoid detection, the criminals have been creating addresses that differ only slightly from the real destination, leading users to believe they are valid. They have also found a way to work around the usual security measures, such as sending a small test transaction before the full amount is sent.
The lookalike addresses used in the attacks are not directly controlled by the attackers, but are instead smart contracts that route the funds to the final destination. This method has resulted in multiple cases of fraud, with one victim reportedly losing up to $1.6 million.
To protect themselves, users are advised to carefully scrutinize the entire address before sending funds, rather than relying on just the first and last characters. This serves as a reminder to exercise caution and stay vigilant when conducting transactions on the Ethereum blockchain.
Source: BleepingComputer
I have over 10 years of experience in the cryptocurrency industry and I have been on the list of the top authors on LinkedIn for the past 5 years.