Hackers Profit from Ethereum’s ‘Vanity Adress’ Exploit for Nearly $1 Million in Crypto

Published on:

Last Updated on September 28, 2022 by Bitfinsider

Approximately $950,000 in cryptocurrency has been stolen from an Ethereum “vanity address” generated with the Profanity tool. The exploit took advantage of a vulnerability similar to the recent $160 million attack on market maker Wintermute.

A “vanity address” is a type of crypto address that adheres to the creator’s specifications, frequently representing their brand or name.

A vanity address, as opposed to a random, machine-generated string of numbers and letters, would be generated by a human. As a result, users on GitHub have indicated that these addresses are more vulnerable to brute force attacks.

According to PeckShield data, the hacker stole 732 Ethereum on September 25 before transferring the funds to the now-sanctioned crypto mixer Tornado Cash.

Though GitHub users were the first to discover the attack, it was then publicized by the decentralized exchange (DEX) aggregator 1Inch Network, who advised users to “transfer all of your assets to a different wallet ASAP,” sharing a blog on how the exploit is likely to have worked.

Following the attacks, the developers of Profanity have taken steps to ensure that the tool is no longer used.

Profanity’s code has been archived after its developers left it in an uncompilable state. The code is no longer set to receive updates.

Hardware wallets are safe and secure devices that can be used offline. They keep your cryptocurrency offline, making it impossible for you to be hacked. To find out more on the leading hardware wallets, you may view our reviews here: Ledger & Trezor
Disclaimer: The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, legal, tax or other advice. Investing in or trading cryptocurrency or stocks comes with a risk of financial loss.