Hacker Carts $1M in Another Vanity Address Breach

https://cryptoadventure.com/hacker-carts-1m-in-another-vanity-address-breach/

Amidst a rise in DeFi breaches, yet another address from Ethereum vanity wallet address generator Profanity has fallen victim to an attack. A malicious actor was able to exploit a vulnerability in the tool and make off with almost $1M worth of ETH. This comes roughly a week after DEX aggregator 1Inch spotted and highlighted the weakness in Profanity-generated addresses.

Hacker Steals 732 ETH

Blockchain security company Peckshield called attention to the latest attack early on Monday. The firm published a Twitter report noting that a large sum of funds had exited an Ethereum vanity address. Indeed, the culprit had siphoned off 732 ETH and transferred them to controversial crypto mixer Tornado Cash.

“Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer,” the tweet read.

Profanity Addresses Unsafe

As stated earlier, a short time ago, 1Inch Network shared a general warning regarding Profanity addresses. The Profanity tool allows users to generate vanity addresses; personalized crypto wallet addresses that feature certain words or characters the owner desires. However, the recent onslaught of breaches has caused vanity addresses to emerge as unsafe.

Crypto wallets generally consist of public keys and private keys. The former allows the owner to receive digital assets from others. However, private keys prevent unauthorized access to a person’s wallet address.

1Inch’s notice pointed out that hackers can discover the private keys for Profanity’s vanity addresses using “brute force” calculations.

“Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP!” the platform warned.

Recent Exploits Involving Vanity Wallet Addresses

Just over a week ago, an attacker was able to drain over $3M from several Profanity-generated addresses. On-chain data revealed that the hacker had simultaneously looted funds from multiple wallets generated by the tool. Not long after the breach a Twitter blockchain expert identified the attacker’s wallet address.

By then, however, the culprit had already moved the majority of the tokens into the Curve liquidity pool.

Leading liquidity provider Wintermute was also a victim in the ongoing wave of DeFi exploits. CEO Evgeny Gaevoy posted a Twitter thread announcing that a hacker had stolen over $160M. It took 13 transactions involving 90 assets.

Blockchain security firm CertiK later joined the conversation noting that the Profanity wallet likely had a role in the hack. Crypto researcher Ajay Dhingra stated that the attacker may have exploited a bug in the smart contract for the firm’s hot wallet.