Ethereum’s Vanity Addresses Exploited for $3 Million
- Hackers may have had access to Profanity customers’ wallets for years.
- ZachXBT, a blockchain investigator, issued a warning on the theft.
Several Ethereum addresses created using the “Profanity” program were compromised, and the hacker made off with cryptocurrencies worth $3.3 million. After 1inch, a decentralized exchange aggregator notified customers of a critical vulnerability that might compromise millions of dollars, but the money was nonetheless stolen.
Users having wallet addresses produced by the Profanity tool were previously urged to move their funds to a new wallet.
Despite the Warning
Early in 2022, developers of 1inch saw that Profanity employed a random 32-bit vector to seed 256-bit private keys, and they worried that this may leave users vulnerable. More strange behavior was discovered after additional examination, indicating that Profanity wallets had been hacked.
The aggregator stated:
“The 1inch contributors checked the richest vanity addresses on popular networks and came to the conclusion that most of them were not created by the Profanity tool. But Profanity is one of the most popular tools due to its high efficiency. Sadly, that could only mean that most of the Profanity wallets were secretly hacked.”
According to 1inch, users may generate millions of addresses every second with the help of the “highly efficient” program known as Profanity. Nonetheless, Profanity’s method for generating addresses was not bulletproof and might be exploited by malicious actors.
According to 1inch’s security disclosure report from last week, hackers may have had access to Profanity customers’ wallets for years and stolen millions of dollars. There may be many compromised vanity addresses, and the contributors are working to identify them all.
ZachXBT, a blockchain investigator, issued a warning on the theft of more than $3 million shortly after it occurred. Thankfully, his post prevented a hacker from stealing $1.2 million worth of cryptocurrency and NFTs from a user’s wallet.