$4.20 Million Lost in Ethereum Phishing Scam, CREATE2 Exploited

A major cryptocurrency phishing attack recently led to a substantial financial loss. The victim, using the wallet address 0x1749, lost $4.20 million in assets, specifically in aEthWETH and aEthUNI. This incident was reported on January 22 by Scam Sniffer, a Web3 scam detection service, just 40 minutes later.

insane! someone lost $4.20m worth of aEthWETH and aEthUNI to crypto phishing about 40 minutes ago!https://t.co/PqtYbfjrW5 pic.twitter.com/2Nhx4HDQcK
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 22, 2024

The scam involved the victim unknowingly signing multiple ERC20 Permit signatures. These signatures granted access to the scammers, operating under the addresses 0x00003 and 0xf6. They exploited a feature known as CREATE2, which facilitated this phishing attempt.

CREATE2, an opcode in Solidity, enables developers to determine a smart contract’s address before it’s deployed, a feature introduced in Ethereum with EIP-1014. Unlike its predecessor, CREATE, CREATE2 ensures contract addresses remain unaffected by future blockchain events, allowing for the deployment at a pre-determined address.

The phishing attack isn’t the only one that has been plaguing the crypto market of late. Eli Regalado, the founder of INDXcoin and an online pastor, has confessed to committing fraud in Colorado. He admitted taking $1.3 million from selling INDXcoin, which he claimed was “worthless,” stating he was instructed by divine guidance. From June 2022 to April 2023, his church helped raise about $3.2 million from over 300 investors. Regalado revealed that half of this amount went to the IRS, with the rest used for home remodeling, which he claimed was divinely inspired.

Furthermore, Scam Sniffer has been monitoring a rise in phishing activities targeting Solana users. Their report documented losses of approximately $4.17 million from 3,947 users across various phishing campaigns. These phishing methods included a scam involving a fake airdrop and non-fungible token (NFT) offering, targeting ZERO token holders with links to fraudulent NFT sites.

Dune Analytics reported that around $2.14 million was lost by 2,189 victims in these phishing campaigns, with notable tokens such as BONK, ZERO, USDT, and USDT being targeted. These scams are also becoming increasingly sophisticated, with scammers avoiding the deployment of NFTs on the Solana network, which doesn’t blacklist these NFTs.

The “2023 Wallet Drainers Report” by Scam Sniffer highlighted a monthly increase in crypto phishing scams throughout 2023, with increasingly complex methods being employed. In 2023, Wallet Drainers alone accounted for approximately $295 million in losses from about 324,000 victims. A notable incident on March 11 saw scammers stealing $7 million, primarily due to fluctuations in USDC rates, tricking victims through fake Circle websites.