Hacker steals $3.3 million using Profanity’s vanity Ethereum addresses

Since the crypto industry expanded its growth, it has become the favorite place for hackers to commit exploits. The Ethereum vanity addresses generated via the Profanity tool have now become the latest loophole to dupe millions of crypto users.

As per the market insights provider firm, Etherscan, Ethereum custom addresses created via the Profanity tool have been breached by a hacker who stole almost $3.3 million from several custom ETH addresses.

Related Reading: Crypto Trading Firm Wintermute Has Suffered $160 Million Hack

ZachXBT, an expert tracking the hacker’s activity, first detected and informed about the breach that began on September 16. The anonymous sleuth also preserved a user’s NFTs worth $1.2 million who moved his assets from vanity addresses after being informed.

Vanity addresses are something like a golden number of vehicles for which riders pay high in an attempt to show off. Likely, vanity addresses involve one’s name or desired info to appear as a distinguished address created via tools like Profanity. 

1Inch Exposed Profanity’s Vulnerabilities Before Exploit

It is worth noting that decentralized exchange aggregator 1Inch, who previously suggested using the tool, informed the community before the hack that vanity addresses pose higher vulnerabilities. In the report published last week, the firm suggested users move their funds from wallet addresses made using Profanity.

1Inch said that Profanity became a prominent tool to generate millions of addresses in one second, and the wider crypto community was using it. But, then, 1Inch’s contributors detected used procedure was not flawless and open to exploitation.

Experts noted that the tool’s procedure uses a 32-bit vector for generating 256-bit code, so-called private keys. And this process was recognized as unsafe in the report. The report reads;

The 1inch contributors checked the richest vanity addresses on popular networks and came to the conclusion that most of them were not created by the Profanity tool. But Profanity is one of the most popular tools due to its high efficiency. Sadly, that could only mean that most of the Profanity wallets were secretly hacked.

Ethereum’s price is currently trading above $1,300. | Source: ETHUSD price chart from TradingView.com
Hacker Cashed Out Stolen Money After 1Inch’s Report

The hacker drained money from the targeted wallet addresses immediately after the 1Inch report exposed the vulnerabilities, per ZachXBT. The hacker then moved stolen funds to a new Ethereum address.

Tal Be’eryBe’ery, chief technology office and security head at ZenGo, commented on the breach;

“Seems like the attackers were sitting on this vulnerability, trying to find as many private keys as possible of vulnerable Profanity-generated vanity addresses before the vulnerability gets known. Once publicly exposed by 1inch, the attackers cashed out in a few minutes from multiple vanity addresses.”

Related Reading: Bearish Crypto Market Sentiment Sends Investors Back To Stablecoins

Additionally, a Profanity developer also warned users about the vulnerabilities he found in the code a few years ago. The developer highlighted the issues on GitHub and abandoned the project by revealing the current state of the tool is unsafe to use.

Featured image from Pixabay and chart from TradingView.com

Related Posts

US Treasury yields are soaring, but what does it mean for markets and crypto?

The 10-year U.S. Treasury yield recently hit its highest level in 12 years, but how might this impact investors’ sentiment toward stocks and cryptocurrencies? Across all tradeable…

SEC alleges fintech and ‘market maker’ firms manipulated crypto market in token scheme

Though the SEC has pursued many enforcement actions related to initial coin offerings, the regulator’s stance on airdrops’ role in alleged token schemes is unclear. The United…

ECB reports on digital euro validation, privacy one year into investigative phase

The ECB’s two-year investigative phase is halfway completed, with key use and policy issues clarified; more stakeholder engagement is planned before the decision is made to proceed….

Kazakhstan Completes First Crypto Purchase With Local Currency, Eyes Regulation: Report

President Tokayev said Kazakhstan will give full legal recognition to digital assets if demand persists while they continue testing security concerns. The first purchase of cryptocurrency with…

Diana Sinclair “Phases” NFT Collection To Drop On Christie’s 3.0

Diana Sinclair, the 18-year-old top NFT creator, kicks off Christie’s 3.0 with her first solo exhibit, Phases starting this week. On September 28, Christie’s launched its on-chain…

What Bear Market? A Single CryptoPunk NFT Just Sold For $4.5 Million

The NFT market has taken a good hit during the latest iteration of the crypto market bear run. But not all collections have lost favor in the…

Generated by Feedzy