Hacker Exploits Profanity’s Vanity Address to Steal $950 in ETH – crypto.news
As an affiliate, we may earn from qualifying purchases. We get commissions for purchases made through links on this website.
Receive $10 in Bitcoin when you buy or sell $100 or more on Coinbase! https://mathisenmarketing.com/coinbase
Just a week after the Wintermute hack, $950,000 in Ether (ETH) has been stolen from a crypto wallet via a “vanity address” exploit, according to reports published on September 26, 2022.
Vanity addresses created with profanity as targets of attack
On September 26, Peckshield, a blockchain security company tweeted that a hacker stole $950,000 worth of Ether (ETH) from a cryptocurrency wallet. The hack bore many similarities to last week’s $160 million breach of Wintermute.
PeckShield says a hacker stole 732 ETH from a cryptocurrency wallet on September 25 and mixed it with other crypto funds using a sanctioned crypto mixing service, Tornado Cash. The funds were then successfully transferred to the bad actor’s crypto wallet.
Experts have revealed that the latest heist was made possible by a weakness in the vanity address generator that was first discovered on GitHub in January 2022. The vulnerabilities became public in September when the decentralized 1-inch exchange aggregator discovered fundamental security issues with the Profanity tool. .
For the uninitiated, the Profanity tool is a vanity wallet address generator, as already mentioned. While most Ethereum wallet addresses are randomly generated, these vanity addresses are generated with a specific term, such as someone’s name, somewhere within the address.
According to 1inch, many vanity addresses created with the Profanity tool are at risk of being exploited, which would require a brute force attack. Although this attack would require a huge amount of computing power to execute, hackers still find it a rewarding exercise to carry out these attacks if there is a large amount of crypto in the wallet.
Crypto and DeFi heists continue
Security breaches and hacks have become more common in the crypto industry, with DeFi protocols taking the biggest hit so far. A week ago, hackers stole $160 million from crypto market maker Wintermute. It was later revealed that the hack was possible because one of Wintermute’s addresses had the characteristics of a vanity address, which may have been the cause of the vulnerability.
Apparently the problem is getting worse. According to reports, cybercriminal hackers have stolen over $1.9 billion worth of crypto in July 2022, which is significantly more than the $1.2 billion stolen during the same period in 2021.
Ethereum Devs Float “Undo Button” Proposal
The rise of crypto hacks in 2022 has prompted a group of researchers to formulate a new proposal for two new Ethereum token standards: ERC20R and ERC721R. The proposed new token standards are extensions of the current ERC20 and ERC721, and would now include the ability to reverse malicious transactions.
The proposed token standards would combine a token agreement with a governance agreement, with the latter being overseen by a decentralized legal system. According to the proposal, users who have become victims of hacking would be able to provide evidence supporting the suspension of the administrative smart contract.
The freeze request is then submitted to a panel of decentralized judges who vote to decide whether there is substantial evidence to freeze the funds or for another reason.
If a majority of the judges vote for a stay, the trial will begin. During the trial, both sides (the victim and the hacker) can submit their evidence to the decentralized judges, who vote again on the outcome.
While the idea has the potential to reduce the risk of data breaches, many in the crypto space have criticized the proposal, saying such initiatives go against the basic principles of blockchain technology. Some critics also pointed out that adding a translatability feature to ERC20 token contracts can make their integration into decentralized applications challenging.