Hacker Carts $1M in Another Vanity Address Breach
As an affiliate, we may earn from qualifying purchases. We get commissions for purchases made through links on this website.
Receive $10 in Bitcoin when you buy or sell $100 or more on Coinbase! https://mathisenmarketing.com/coinbase
Amid the rise of DeFi breaches, another address from Ethereum’s vanity wallet address generator Profanity has fallen victim to an attack. A malicious actor was able to exploit a vulnerability in the tool and make nearly $1 million worth of ETH. This comes about a week after DEX aggregator 1Inch discovered and highlighted the weakness of addresses created by profanity.
Hacker steals 732 ETH
Blockchain security company Peckshield drew attention to the latest attack early Monday. The company launched Twitter report points out that a large amount of funds had left the Ethereum vanity address. Indeed, the culprit had siphoned 732 ETH and transferred it to the controversial crypto mixer Tornado Cash.
It appears that 0x9731F has stolen $950,000 worth of crypto from an Ethereum “vanity address” created using a tool called Profanity. Attacker has already transferred ~$732ETH to Mixer,” the tweet read.
Indecent addresses are dangerous
As stated earlier, not long ago 1Inch Network shared a general warning regarding obscenities. The Profanity tool allows users to create vanity addresses; personal crypto wallet addresses with certain words or characters that the owner wants. However, recent breaches have highlighted vanity addresses as dangerous.
Crypto wallets usually consist of public and private keys. The former allows the owner to receive digital assets from others. However, private keys prevent unauthorized access to a person’s wallet address.
1Inch’s note pointed out that hackers can find the private keys of Profanity’s vanity addresses using “brute force” calculations.
Your money is NOT SAFU if your wallet address was created with a cussing tool. Move all your assets to another wallet ASAP!” the platform warned.
Recent exploits involving vanity wallet addresses
A little over a week ago, the attacker was able to do that drain over $3 million from multiple addresses generated by swearing. On-chain data revealed that the hacker had looted funds simultaneously from multiple wallets created by the tool. Shortly after the breach, Twitter’s blockchain expert identified the attacker’s wallet address.
By then, however, the culprit had already transferred most of the tokens to Curve’s liquidity pool.
Leading liquidity provider Wintermute was also a victim in the constant wave of DeFi attacks. CEO Evgeny Gaevoy posted on Twitter that the hacker had stolen more than $160 million. It spanned 13 events with 90 assets.
Blockchain security firm CertiK later joined the conversation, noting that the Profanity wallet likely played a role in the hack. Crypto researcher Ajay Dhingra stated that the attacker may have exploited a flaw in the company’s hot wallet smart contract.