Profanity tool vulnerability drains $3.3M despite 1Inch warning

1Inch’s investigations pointed out the ambiguity in the creation of vanity addresses, suggesting that Profanity wallets were secretly hacked.

Decentralized exchange aggregator 1inch Network issued a warning to crypto investors after identifying a vulnerability in Profanity, an Ethereum (ETH) vanity address generating tool. Despite the proactive warning, apparently, hackers were able to make away with $3.3 million worth of cryptocurrencies.

On Sept. 15, 1Inch revealed the lack of safety in using Profanity as it used a random 32-bit vector to seed 256-bit private keys. Further investigations pointed out the ambiguity in the creation of vanity addresses, suggesting that Profanity wallets were secretly hacked. The warning came in the form of a tweet, as shown below.

RUN, YOU FOOLS

⚠️ Spoiler: Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP!

➡️ Read more: https://t.co/oczK6tlEqG#Ethereum #crypto #vulnerability #1inch

— 1inch Network (@1inch) September 15, 2022

A subsequent investigation by blockchain investigator ZachXBT showed that a successful exploit of the vulnerability allowed hackers to drain $3.3 million in crypto.

Appears $3.3m worth of crypto has been exploited by 0x6ae from this vulnerability.

Interestingly the Indexed Finance Exploiter was the first address drained by 0x6ae.

Attackers address:
0x6AE09AC63487FCf63117A6D6FAFa894473d47b93 https://t.co/gnQHHytI1m pic.twitter.com/5TYccNIpdq

— ZachXBT (@zachxbt) September 17, 2022

Moreover, ZachXBT helped a user save over $1.2 million in crypto and nonfungible tokens (NFTs) after alerting them about the hacker who had access to the user’s wallet. Following the revelation, numerous users confirmed that their funds were safe, as one stated:

“Wtf 6h after the attack my addresses was still vuln but the attacker didnt drained me? had 55k at risk lol”

However, hackers tend to attack the bigger wallets before moving over to wallets with lesser value. Users owning wallet addresses generated with the Profanity tool have been advised to “Transfer all of your assets to a different wallet ASAP!” by 1Inch.

Related: Law enforcement recovers $30 million from Ronin Bridge hack with the help of Chainalysis

While some hackers prefer the traditional method of draining users’ funds after illegally accessing the crypto wallets, others try out new ways to fool investors into sharing their private keys.

One of the recent innovative scams involved the hacking of a YouTube channel for playing fabricated videos of Elon Musk discussing cryptocurrencies. On Sept. 3, the South Korean government’s YouTube channel was momentarily hacked and renamed for sharing live broadcasts of crypto-related videos.

The compromised ID and password of the YouTube channel were identified as the root cause of the hack.

Related Posts

European Parliament members vote in favor of crypto and blockchain tax policies

The resolution recommended authorities in the parliament’s 27 member states consider a “simplified tax treatment” for crypto users involved in occasional or small transactions. Members of the…

If Credit Suisse collapses, will it bring more volatility to the crypto market? Watch The Market Report

On this week’s episode of The Market Report, Cointelegraph’s resident experts discuss the Credit Suisse situation and what impact it would have on the cryptocurrency market if…

Mastercard Debuts Blockchain Surveillance Tool for Banks and Crypto-Centric Card Issuers

On Tuesday, the multinational financial services corporation Mastercard revealed that it is launching a new crypto monitoring product called Crypto Secure. The Crypto Secure software aims to…

Crypto Nomads Start to Settle Down as Threat from Pandemic Subsides and Prices Tumble

Some crypto nomads have decided to settle down following the COVID-19 pandemic, despite the decentralized lifestyle being somewhat conducive to the industry. To investigate the recent phenomenon,…

DeSo: The Answer To Elon Musk and Jack Dorsey’s Call for a Decentralized Social Media?

DeSo, a decentralized social blockchain, recently announced the release of its ambitious roadmap to decentralize social media and build the social layer of Web3. The released roadmap…

Shiba Inu (SHIB) Introduces Canyon HUB For SHIB: The Metaverse

The developer team of SHIB: The Metaverse posted more conceptual black & white artwork for the third upcoming HUB in the Web3 series. The Canyon HUB, as…

Generated by Feedzy