The dangers of malicious links and sites proliferate on the Internet. A cryptocurrency user found out the hard way yesterday, signing several transactions with his wallet that led to the theft of USD 4.2 million in the cryptocurrencies Aave Ethereum WETH (aEthWETH) and Aave Ethereum UNI (aEthUNI).

Of course, the permissions that the user gave to the hacker by signing various transactions were not voluntary, but based on deception. As can be seen by analyzing the movements in the victim's direction, multiple outflows of ERC-20 tokens were made to at least two identified addresses, one of them with more than USD 437,000 on its balance sheet, and another with a balance of less than USD 10,000.

To get around security alerts that warn when interacting with malicious smart contracts, the hacker used temporary addresses created in Create2. This platform allows you to have a smart contract address before creating it on Ethereum. With this "trick" they manage to breach the security measures of the wallets, which do not detect suspicious behavior or labels at the address in question, explains Scam Sniffer.