A wallet drainer service has facilitated the theft of more than $60 million in various assets from almost 100,000 victims since May 2023. According to research group ScamSniffer, the drainer has recently started using functionality in the Ethereum network called CREATE2 to generate new addresses for each malicious signature. This allows the drainer to sidestep security alerts built into some crypto wallet software that would flag known malicious addresses.
ScamSniffer identified one victim who lost almost 17,000 GMX (~$927,000) to this drainer after signing a malicious transaction.
