$3.3 Million Stolen Via “Abandoned” Wallet Creator

Reading Time: 2 minutes
$3.3 million worth of cryptocurrencies were stolen from vanity Ethereum wallets last week
Anyone using the Profanity tool to generate their addresses was at risk
Exchange 1inch alerted users and forced the hackers to withdraw funds early

$3.3 million worth of cryptocurrencies have been stolen from users of a vanity Ethereum wallet creator that developers have since said was abandoned years ago. The hacker managed to steal the coins from a number of Ethereum addresses that were generated with the Profanity tool, months after decentralised exchange aggregator 1inch learned about a vulnerability within Profantiy which was putting hundreds millions of dollars at risk.

Profanity Weakness Allowed Brute Force Attacks

The potential for a theft of this size was first mooted by 1inch earlier in 2022, when some of its contributors noticed that Profanity used a random 32-bit vector to seed 256-bit private keys for addresses and suspected it could be unsafe. This supposition was backed up in June this year when a 1inch contributor was pointed towards suspicious action within one of the 1inch deployer wallets.

An investigation led to 1inch realising a few weeks ago that vanity addresses whose private keys had been created through Profanity were at risk through brute force attacks, and indeed some had already been hacked. The exchange posted about this last week, warning that “at this point it looks like tens of millions of dollars in cryptocurrency could be stolen, if not hundreds of millions.”

Fortunately this doesn’t seem to have been the case, with $3.3 million identified as having been stolen, with quick reactions from 1inch and other crypto community members saving some from losing seven figures worth of crypto and NFTs.

1inch Exposé Forced Hackers’ Hand

A Profanity developer on Github noted on the day of 1inch’s report that the project had been abandoned some time ago and that, as a result, there may well have been vulnerabilities in the code:

This project was abandoned by me a couple of years ago. Fundamental security issues in the generation of private keys have been brought to my attention. I strongly advice against using this tool in its current state. This repository will soon be further updated with additional information regarding this critical issue.

Further conclusions were drawn that the hackers could have been squatting in wallets for some time, trying to get access to as many as possible before withdrawing all at once, but that 1inch’s report forced their hand. This certainly reduced the amount that was stolen.

The post $3.3 Million Stolen Via “Abandoned” Wallet Creator appeared first on FullyCrypto.

Related Posts

Transit Swap ‘hacker’ returns lion’s share of $23M in stolen funds: Finance Redefined

Majority of the DeFi tokens in Top-100 traded in red barring a few, thanks to the weekend rout in the market correction towards the end of the…

New Zealand Rugby Buys 33 World Of Women Galaxy NFTs

The New Zealand Rugby Commercial, NZ’s commercial arm of the popular sport, has purchased a staggering 33 World of Women Galaxy (WoWG) NFTs. This is the team’s…

Decentraland Gains New Betting Casino: Holy Temple

Decentraland, the popular metaverse world, has a brand new attraction – The Holy Temple Casino. Built by Metaskins, the fully customizable, one-stop-shop for all metaverse and NFTs…

Gold and Silver Prices Slide Lower Following US Jobs Report — Analyst Says Data Suggests ‘Market Bottom Is in Place’

On Friday, October 7, 2022, the precious metals gold and silver dropped in U.S. dollar value following the recent U.S. jobs report for September. The USD value…

Luna Foundation Wants to Repay Small-Time UST Investors, but Why Can’t They?

Crypto researcher FatManTerra slams Terra Luna Foundation Guard’s defense on why it can’t repay bereft TerraUSD (UST) investors. FatManTerra responded to a tweet by the Luna Foundation…

BNB Chain to Conduct Governance Votes on What to Do With the Stolen Funds

After losing millions of dollars worth of assets in a cross-chain hack, the team behind BNB Chain – formerly Binance Smart Chain (BSC) – plans to conduct…

Generated by Feedzy