Ethereum Wallets Under Attack: CREATE2 Exploit Exposed

Specialists at Check Point Research have uncovered a method of attacking Ethereum blockchain wallets via the CREATE2 function, which enables cybercriminals to circumvent standard security measures and gain unauthorized access to users’ funds.

The CREATE2 function is designed for the deployment of smart contracts with the ability to predetermine their addresses, significantly enhancing the predictability and efficiency of smart contract interactions. However, it also facilitates cybercriminals in bypassing wallet security measures.

Ethereum CREATE2 exploit

Image: Check Point Research

The essence of the attack lies in deceiving users who, unaware of the danger, approve transactions for smart contracts that have not yet been created. Upon receiving approval, the attackers deploy malicious contracts and siphon cryptocurrency from the victims’ wallets.

In one instance, a user lost $3.5 million due to such an attack. Following the approval of a transaction for a non-existent contract, the perpetrator deployed the contract and transferred the victim’s funds to their address.

It is noteworthy that this attack method was previously exposed in November 2023. During the attack, cybercriminals managed to steal $60 million worth of cryptocurrency from 99,000 users over six months. In some cases, individual losses reached $1.6 million.