Ethereum’s Vanity Addresses Drained of Over $3M Despite 1inch’s Warning

A hacker managed to steal $3.3 million worth of cryptocurrencies from several Ethereum addresses generated with the “Profanity” tool. The funds were drained even after the decentralized exchange aggregator 1inch warned users about discovering a severe vulnerability putting millions of dollars at risk.

It had previously advised users owning wallet addresses generated with the Profanity tool to transfer their assets to a different wallet.

1inch Security Report

In early 2022, 1inch contributors observed that Profanity used a random 32-bit vector to seed 256-bit private keys and suspected it could be unsafe. Upon further investigation, more suspicious activity was noted, signaling that Profanity wallets were compromised.

“The 1inch contributors checked the richest vanity addresses on popular networks and came to the conclusion that most of them were not created by the Profanity tool. But Profanity is one of the most popular tools due to its high efficiency. Sadly, that could only mean that most of the Profanity wallets were secretly hacked.”

According to 1inch, Profanity happens to be a popular and “highly efficient” tool with which users are able to create millions of addresses per second. However, the procedure used by Profanity to generate the addresses was not flawless either and was susceptible to attacks.

The security disclosure report published by 1inch last week also noted that the vulnerability may have enabled hackers to “secretly” steal millions of dollars from Profanity users’ wallets for years. The contributors are currently trying to determine all the compromised vanity addresses.

Soon after the warning, blockchain investigator ZachXBT notified the attack draining over $3 million in funds. Fortunately, his tweet helped a user save $1.2 million in crypto and NFTs from the hacker who had access to their wallet.

Profanity Devs Abandon Project

According to Tal Be’ery, ZenGo’s security lead and chief technology officer, the malicious entities could have been “sitting” on the vulnerability in an attempt to get their hands on as many private keys as possible of bug-ridden Profanity-generated vanity addresses before the vulnerability was detected. However, they cashed out after it was publicly exposed by 1inch.

Meanwhile, one of the Profanity developers, who goes by the pseudonym ‘johguse’ on Github, said that they have already “abandoned” the project a few years ago. The comment regarding the same read,

“This project was abandoned by me a couple of years ago. Fundamental security issues in the generation of private keys have been brought to my attention. I strongly advise against using this tool in its current state. This repository will soon be further updated with additional information regarding this critical issue.”

The post Ethereum’s Vanity Addresses Drained of Over $3M Despite 1inch’s Warning appeared first on CryptoPotato.

Related Posts

Crypto Biz: NYDIG stacks sats, Elon buys Twitter

Amid the bear market, positive signs of crypto adoption continue to emerge. Also, Elon Musk is finally moving ahead with plans to acquire Twitter. For all the…

Bitcoin price finally made a move, and fireworks are sure to follow

New crypto market trends are starting to emerge now that Bitcoin and equities markets move closer to make-or-break levels, which will determine the markets’ direction. This week,…

How The Cardano Foundation Supported Launch Of This Hybrid NFT Project

The Cardano Foundation announced its support for the launch of a new non-fungible token (NFT) collection that will bridge the physical world with the digital. Created by…

FTT Spiked to 3-Week High as Visa, FTX Revealed Crypto Debit Card

The financial services corporation – Visa – collaborated with the cryptocurrency exchange – FTX – to offer debit cards in 40 countries across the globe. The cards…

Pace Gallery Announces Latest Artblocks NFT Drop

New York-based contemporary gallery Pace Gallery has announced a new development in its partnership with Artblocks. Launching on October 10, 2022, the new project is an NFT…

When Will Terra Victims Be Compensated?

It has been almost five months since Terra collapsed, and UST users are yet to be compensated as promised. The Luna Foundation Guard announced today that victims…

Generated by Feedzy