Hackers that stole more than $60 million worth of crypto in six months are using a piece of code to bypass security alerts after maliciously gaining access to private keys, according to on-chain sleuth ScamSniffer.

The wallet drainers are misusing Create2, a piece of code that is used by the likes of Uniswap to predict the address of a contract before it is deployed on the Ethereum network.

By misusing Create2, wallet drainers can instantly create temporary wallet addresses to receive funds after a user clicks on a malicious signature. When users send funds or interact with a smart contract, they will be prompted to "approve" a signature, hackers often disguise permissions within this signature to gain access to a user's wallet.

The use of Create2 bypasses security alerts that would typically warn a user before signing the signature.

Research from ScamSniffer and SlowMist estimates that $60 million has been stolen from around 99,000 victims in the past six-months.

One group has been using the Create2 code to steal $3 million from 11 victims since August.

Cryptocurrency-related hacks and exploits have become prevalent in recent months with exchange Poloniex losing $114 million in a hot wallet breach last week. Victims of the LastPass breach also lost $4.4 million in a single day in October.

Hack Exploit Wallet Private key

Oliver Knight

Oliver Knight joined CoinDesk as a news reporter in April 2022. Before joining CoinDesk, Knight was the Chief Reporter at Coin Rivet for three years. Having graduated with a journalism degree from Birmingham City University, Knight went on to work at various sports publications before diving into the world of Bitcoin in 2014. He does not have any crypto holdings.