Scam Sniffer: A user lost $927,000 after signing a transaction to the GMX reward router on Arbitrum

ChainCatcher message, Scam Sniffer stated on social media that today a user lost $927,000 worth of GMX after signing the "signalTransfer(address receiver)" transaction to the GMX Reward Router on Arbitrum.

It is reported that this method grants the "receiver" the authority to withdraw their LP tokens. The receiver's address starting with 0xbD2B is a pre-calculated contract address created when the Drainer transferred assets.

The Drainer abuses Create2 to bypass security alerts in certain wallets by generating new addresses for each malicious signature. The CREATE2 opcode allows predicting the address of a contract before it is deployed to the Ethereum network. Through Create2, the Drainer can easily generate temporary new addresses for each malicious signature. After the victim signs, the Drainer creates a contract at that address and transfers the user's assets.