Hackers likely employed a “brute force” attack using a previously exploited weakness related to the vanity address generator Profanity.

vanity address, profanity, crypto, cryptocurrencies, ethereum, eth

Roughly $950,000 worth of crypto has been stolen from an Ethereum “vanity address” generated with a tool called Profanity. The exploit leveraged a similar vulnerability related to the recent $160 million attack on market maker Wintermute.

A “vanity address” is a type of crypto address that conforms to certain parameters laid out by the creator, often representing their brand or name. 

Instead of the crypto address being a random, machine-generated string of numbers and letters, a vanity address would be human-generated. It’s for this reason that users on GitHub have indicated these types of addresses are more vulnerable to brute force attacks.

The hacker stole 732 Ethereum on September 25 before transferring the funds straight to the now-sanctioned crypto mixer Tornado Cash, according to the data from PeckShield.

#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4

— PeckShieldAlert (@PeckShieldAlert) September 26, 2022

Though it was GitHub’s users who first unearthed details about the attack, it was then publicized by the decentralized exchange (DEX) aggregator 1Inch Network who told users to “transfer all of your assets to a different wallet ASAP,” sharing a blog on how the exploit is likely to have worked. 

In the aftermath of the attacks, the developers behind Profanity have taken steps to ensure that no one continues to use the tool.

Profanity’s code has been left in an uncompilable state by its developers, with the repository being archived. The code is not set to receive any more updates.

Vanity addresses and crypto hacks

Wintermute CEO Evgeny Gaevoy recently admitted on Twitter that the mammoth scale attack on his company “was likely linked to the Profanity-type exploit of our DeFi trading wallet.” 

Gaevoy said his company, which provides algorithmic market-making services, used “Profanity and an internal tool to generate addresses with many zeroes in front” but maintained “the reason behind this was gas optimization, not vanity.”

We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected

— wishful cynic (@EvgenyGaevoy) September 20, 2022

As of yet, no perpetrator has come forward regarding the Wintermute attack or the most recent incident, and no funds have been recovered. The market maker is threatening legal action and has offered a $16 million bounty reward for the return of the funds. 

Yesterday’s exploit and Wintermute’s may also just be the tip of the iceberg.

In its blog post, 1Inch suggested that additional exploits have yet to be uncovered, adding that “1inch contributors are still trying to determine all the vanity addresses which were hacked” and that it “looks like tens of millions of dollars in cryptocurrency could be stolen, if not hundreds of millions.”

Stay on top of crypto news, get daily updates in your inbox.

TECH NEWS RELATED

How to fix ‘stuck on loading screen’ error in World of Warcraft: Dragonflight

Image via Blizzard Looks like the dragons aren’t taking flight too well in the World of Warcraft: Dragonflight expansion. While a few people are able to stay online with no issues, a large portion of the player base is encountering disconnects that end up trapping them in a loading ...

View more: How to fix ‘stuck on loading screen’ error in World of Warcraft: Dragonflight

2024 Audi RS6 Avant and RS7 Blast into 600-HP Territory

The Audi RS6 Avant and RS7 gain a new Performance trim with extra power and other tweaks. The twin-turbo 4.0-liter V-8 engine produces 621 hp and 627 pound-feet of torque, an increase over the previous model’s 591 hp and 590 pound-feet. Audi says these models will arrive in the ...

View more: 2024 Audi RS6 Avant and RS7 Blast into 600-HP Territory

Get a month of Crave Total free with a large three-topping pizza

If you're a fan of Pizza Pizza this is a steal

View more: Get a month of Crave Total free with a large three-topping pizza

Shoppers Drug Mart offering 45,000 bonus PC Optimum points for Cyber Monday

Keep your coffee hot at your desk all day with the best insulated mug I've ever used

I'm an expert coffee drinker and this Yeti mug, which is on sale during Cyber Monday, is the best for keeping it hot for hours.

View more: Keep your coffee hot at your desk all day with the best insulated mug I've ever used

How to increase Shiny odds in Pokémon Scarlet and Violet

Screenshot by Gamepur Shiny Pokémon are some of the rarest forms of Pokémon you can find while playing any Pokémon game, and they return in Pokémon Scarlet and Violet. It’s incredibly difficult to find a shiny Pokémon in the wild, and the odds of having one appear are extremely ...

View more: How to increase Shiny odds in Pokémon Scarlet and Violet

Malicious Android app found powering account creation service

​A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook. A researcher says the infected devices are then rented out as “virtual ...

View more: Malicious Android app found powering account creation service

Acer fixes UEFI bugs that can be used to disable Secure Boot

Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot on targeted systems. The Secure Boot security feature blocks untrusted operating systems bootloaders on computers with a Trusted Platform Module (TPM) chip and Unified Extensible Firmware Interface (UEFI) firmware ...

View more: Acer fixes UEFI bugs that can be used to disable Secure Boot

Do field abilities work in Pokémon Scarlet and Violet?

FTX Resumes Post-Bankruptcy Payments To Employees

MagSafe charging is more efficient on the iPhone 14 Pro Max

How to Use the ”Show Windows” Button on Your Chromebook

XRP Price Prediction as XRP Jumps 8% in 7 Days – How High Can it Go?

Elon Musk declares war on Apple

The 10 best Water-type Pokémon in Pokémon Scarlet and Violet

Where to find Wingull in Pokémon Scarlet and Violet

Popular Ski App Slopes Adds Apple Watch Ultra Action Button Support

Gary Vee-Backed NFT Startup Candy Digital Cuts Staff in Mass Layoffs

Amazon offering rare $20 discount on Switch games like Smash Bros., Mario Kart

Apple TV+ offering Ryan Reynolds for Cyber Monday

OTHER TECH NEWS

Top Car News Car News