GoPlus releases alert on "new type of predictive address attack": attackers exploit create2 feature to launch attacks for arbitrage

ChainCatcher news, according to official sources, security company GoPlus has issued an alert about a "new type of predicted address attack." It is reported that attackers exploit the characteristics of create2 to pre-calculate the blank address where the contract will be deployed, then deceive users into granting authorization. Since the blank address can bypass the security company's black address marking and security monitoring, once users authorize, the attackers will deploy the contract at this address and transfer the users' assets.

In addition, this attack has the following characteristics:

1. Create2 is a deployment method that can predict the generated contract address, allowing attackers to first deceive users into granting authorization and then deploy the contract.

2. Since the contract is not deployed at the time of authorization, the attack address is an empty EOA address, so it will not be recorded by any detection tools, making it highly covert.

GoPlus reminds users to be vigilant against phishing attacks from the source, to memorize commonly used protocol URLs or use browser bookmarks to manage official websites. Additionally, carefully check whether the authorized object is a blank (EOA) address during signature authorization, as there may be significant risks.