Almost $1M in crypto stolen from vanity address exploit




Hacks and exploits continue to plague the decentralized finance (DeFi) sector as another vanity wallet address joins the roster of DeFi victims that collectively lost more than $1.6 billion in 2022. 

In an alert published by blockchain security firm PeckShield, a hacker was detected after stealing 732 Ether (ETH), around $950,000, from an address created at the Ethereum vanity wallet address generator called Profanity. After draining the wallet, the exploiters have sent the crypto to the recently sanctioned crypto mixer Tornado Cash.

Vanity addresses are customized crypto wallet addresses that are generated to include words or specific characters chosen by the owner. However, as pointed out by recent exploits, the safety of vanity addresses remains questionable.

Earlier in September, decentralized exchange (DEX) 1inch Network warned community members that their addresses were not safe if it was generated using Profanity. The DEX called out crypto holders with vanity addresses to transfer their assets immediately. According to 1inch, the vanity address generator used a random 32-bit vector to seed 256-bit private keys, which means that it lacks safety.

Following the DEX's warnings, ZachXBT, a blockchain investigator, has announced that an exploit of the vulnerability in Profanity has already allowed some hackers to get away with $3.3 million worth of digital assets. 

On Sept. 20, the United Kingdom-based crypto market maker suffered an exploit that led to $160 million in losses. According to researcher Ajay Dhingra, the exploit may be due to the firm's hot wallet being compromised and manipulating a bug in the smart contract. Evgeny Gaevoy, the firm's founder and CEO, called out the attackers to get in touch as they are open to treating the exploit as a white hat hack.

by Mark Twain
Total views
Get In Touch

Brown Street, Brooklyn New York 11829.

info[at]AssessCrypto.com

Follow Us

Copyright © 2021-2024 AssessCrypto All rights reserved.