Warning: Attackers use the "create2" function to trick users into granting permissions in advance
According to a security warning released by GoPlusEco, attackers are using the "create2" function to pre-calculate the address where the contract will be deployed and then deceive users into granting permission. Because these blank addresses can bypass address tagging and security monitoring by security companies, once users grant permission, the attacker will deploy the contract to that address and transfer the user's assets out. The characteristics of this attack are:
1. "Create2" is a deployment method that allows for predictive creation of contract addresses, enabling attackers to deceive users into granting permission before deploying the contract.
2. Since the contract has not yet been deployed when authorization is granted, the attack address is an empty EOA (externally owned account) address, which is invisible to detection tools and highly concealed.
It is recommended to be vigilant against phishing attacks from the source, and it is crucial to remember to use commonly used protocol URLs or browser bookmark management for official websites. Additionally, carefully check whether the address authorized during the signature period is a blank (EOA) address, as this may pose significant risks.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Altcoin volumes are ‘more concentrated’ than ever
Altcoin trade volume has returned to pre-FTX levels, but with a shrinking pool of market leaders
XRP price sell-off set to accelerate in April as inverse cup and handle hints at 25% decline
US Treasury Targets Houthi Crypto Wallets, Financial Network
Securitize Reports Highest-Ever Dividend of $4.17 Million for Tokenized Treasury Product
Trending news
MoreCrypto prices
More
