Since the crypto industry expanded its growth, it has become the favorite place for hackers to commit exploits. The Ethereum vanity addresses generated via the Profanity tool have now become the latest loophole to dupe millions of crypto users.
As per the market insights provider firm, Etherscan, Ethereum custom addresses created via the Profanity tool have been breached by a hacker who stole almost $3.3 million from several custom ETH addresses.
Related Reading: Crypto Trading Firm Wintermute Has Suffered $160 Million Hack
ZachXBT, an expert tracking the hacker’s activity, first detected and informed about the breach that began on September 16. The anonymous sleuth also preserved a user’s NFTs worth $1.2 million who moved his assets from vanity addresses after being informed.
Vanity addresses are something like a golden number of vehicles for which riders pay high in an attempt to show off. Likely, vanity addresses involve one’s name or desired info to appear as a distinguished address created via tools like Profanity.
1Inch Exposed Profanity’s Vulnerabilities Before Exploit
It is worth noting that decentralized exchange aggregator 1Inch, who previously suggested using the tool, informed the community before the hack that vanity addresses pose higher vulnerabilities. In the report published last week, the firm suggested users move their funds from wallet addresses made using Profanity.
1Inch said that Profanity became a prominent tool to generate millions of addresses in one second, and the wider crypto community was using it. But, then, 1Inch’s contributors detected used procedure was not flawless and open to exploitation.
Experts noted that the tool’s procedure uses a 32-bit vector for generating 256-bit code, so-called private keys. And this process was recognized as unsafe in the report. The report reads;
The 1inch contributors checked the richest vanity addresses on popular networks and came to the conclusion that most of them were not created by the Profanity tool. But Profanity is one of the most popular tools due to its high efficiency. Sadly, that could only mean that most of the Profanity wallets were secretly hacked.
Ethereum’s price is currently trading above $1,300. | Source: ETHUSD price chart from TradingView.com
Hacker Cashed Out Stolen Money After 1Inch’s Report
The hacker drained money from the targeted wallet addresses immediately after the 1Inch report exposed the vulnerabilities, per ZachXBT. The hacker then moved stolen funds to a new Ethereum address.
Tal Be’eryBe’ery, chief technology office and security head at ZenGo, commented on the breach;
“Seems like the attackers were sitting on this vulnerability, trying to find as many private keys as possible of vulnerable Profanity-generated vanity addresses before the vulnerability gets known. Once publicly exposed by 1inch, the attackers cashed out in a few minutes from multiple vanity addresses.”
Related Reading: Bearish Crypto Market Sentiment Sends Investors Back To Stablecoins
Additionally, a Profanity developer also warned users about the vulnerabilities he found in the code a few years ago. The developer highlighted the issues on GitHub and abandoned the project by revealing the current state of the tool is unsafe to use.
Featured image from Pixabay and chart from TradingView.com
The FOMC meeting has been done and dusted, but its impact on the price of bitcoin has left a lasting market. Where the market had expected volatility following such an important meeting for the financial market, it was steeper than expected. Looking back, it has been one of the most volatile that the market has […]
KuCoin – a global cryptocurrency exchange, is celebrating its fifth anniversary, announcing several events, and thanking the community for its ongoing support. The jubilee is also marked by the release of a new development strategy that will see the exchange go global and accelerate efforts at penetrating Web3 space. The approach to globalizing the adoption […]
As a worldwide search for Do Kwon continues, the co-founder of the collapsed Terra network has come out to clarify that he did not move Luna Foundation Guard’s (LFG) reserves to digital wallets of KuCoin and OKX exchanges.
Ethereum has ditched Proof-of-Work (PoW) for Proof-of-Stake (PoS), but while enthusiasts are basking in the glory of a seamless switch, Cardano’s boss says Ethereum is late to the party.
STEPN, a crypto web3 app that enables people to earn rewards for exercising, announced a partnership with The Giving Block. According to a press release shared with Bitcoinist, the partners have enabled donations in the app’s native token GMT. Related Reading: Russia Plans To Roll-Out Its First Ever CBDC Soon The cooperation will focus on […]
Following months of extensive beta testing by Foundation and community builders, this one-of-a-kind Layer 1 (L1) network is made possible by the recent Stardust protocol upgrade and includes a highly modular tokenization framework. By providing the foundational basis of IOTA 2.0, this launch will have a domino effect, enabling the creation of the first chain […]