近日，GoPlus 收到用户反馈，没有进行任何风险授权，但是钱包里的 Token 不翼而飞了。

我们的安全员经过复盘发现，攻击者利用 create2 的特性预先计算出合约将要部署的空白地址，然后骗取用户授权，因空白地址可绕过安全公司黑地址标记和安全监测，用户一旦授权，攻击者就会在这个地址部署合约并转走用户资产。

攻击特征：

① create2 是一种可以预测生成合约地址的部署方式，攻击者可以实现先骗授权再部署合约。

② 由于授权发生时，合约没有被部署，攻击地址是空的 EOA 地址，所以不会被任何检测工具收录，具有极高的隐蔽性。

GoPlus 提醒，从源头警惕钓鱼攻击，熟记常用的协议网址或使用浏览器书签来管理官方网址。同时在签名授权中仔细检查授权对象是否为空白（EOA）地址，可能存在较大风险。

#GoPlus Alert 🚨 New Predictive Address Attack: Seemingly harmless addresses with no apparent risk, and suddenly your tokens are gone? Attackers are exploiting the ‘create2’ feature to pre-calculate the addresses where contracts will be deployed, then deceiving users into granting permissions. As these blank addresses can bypass black address markings and security monitoring by security firms, once a user grants permission, the attacker deploys a contract to this address and transfers out the user’s assets.

Attack Characteristics:

①’create2' is a deployment method that allows for the predictive creation of contract addresses, enabling attackers to deceive users into granting permissions before deploying a contract.

②Since the contract is not deployed at the time of authorization, the attacking address is an empty EOA (Externally Owned Account) address, making it invisible to detection tools and highly covert.

GoPlus advises to be vigilant against phishing attacks from the source. It’s crucial to memorize commonly used protocol URLs or manage official websites using browser bookmarks. Additionally, be meticulous in checking whether the entity being authorized during signing is a blank (EOA) address, as this might pose a significant risk.