Warning: Attackers use the "create2" function to trick users into granting permissions in advance
According to a security warning released by GoPlusEco, attackers are using the "create2" function to pre-calculate the address where the contract will be deployed and then deceive users into granting permission. Because these blank addresses can bypass address tagging and security monitoring by security companies, once users grant permission, the attacker will deploy the contract to that address and transfer the user's assets out. The characteristics of this attack are:
1. "Create2" is a deployment method that allows for predictive creation of contract addresses, enabling attackers to deceive users into granting permission before deploying the contract.
2. Since the contract has not yet been deployed when authorization is granted, the attack address is an empty EOA (externally owned account) address, which is invisible to detection tools and highly concealed.
It is recommended to be vigilant against phishing attacks from the source, and it is crucial to remember to use commonly used protocol URLs or browser bookmark management for official websites. Additionally, carefully check whether the address authorized during the signature period is a blank (EOA) address, as this may pose significant risks.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
A smart money address bought UBC with 40 SOL yesterday and now has a floating profit of $990,000
AAVE breaks above $190
Social media giant Line plans to launch 30 blockchain-based mini Dapps early next year