Nearly $1 million in cryptocurrency was stolen using a vanity address flaw

The decentralized finance (DeFi) industry is still being plagued by hacks and exploits, as seen by the addition of yet another vanity wallet address to the roster of DeFi victims, who suffered a cumulative loss of more than $1.6 billion in 2022. An alert was made by the blockchain security company PeckShield after a hacker […]

The decentralized finance (DeFi) industry is still being plagued by hacks and exploits, as seen by the addition of yet another vanity wallet address to the roster of DeFi victims, who suffered a cumulative loss of more than $1.6 billion in 2022.

An alert was made by the blockchain security company PeckShield after a hacker was spotted after stealing 732 Ether (ETH), which is equivalent to around $950,000. The theft occurred using an address that was generated by the Ethereum vanity wallet address generator called Profanity. After depleting the wallet, the exploiters have transferred the cryptocurrency to the cryptocurrency mixer Tornado Cash, which was just just given a sanction.

Vanity addresses are a type of customized cryptocurrency wallet address that is generated to include words or certain characters specified by the owner of the wallet. Vanity addresses are also known as private keys. Recent breaches, on the other hand, have demonstrated that the security of vanity email addresses is still in issue.

The decentralized exchange (DEX) 1inch Network issued a warning to its community members earlier in the month of September, stating that their addresses were not secure if they were constructed using profanity. The DEX made it clear to cryptocurrency holders who used vanity addresses that they needed to move their holdings as soon as possible. According to 1inch, the vanity address generator employed a random 32-bit vector to seed 256-bit private keys, which means that it lacks safety.

ZachXBT, a blockchain investigator, has made an announcement in response to the concerns made by the DEX. He stated that the vulnerability in Profanity has already been exploited, and as a result, some hackers have been able to make off with digital assets worth $3.3 million.

On September 20, a crypto market maker situated in the United Kingdom was the victim of an exploit that resulted in losses of 160 million dollars. The researcher Ajay Dhingra suggests that the vulnerability could have been caused by a third party using a flaw in the smart contract in order to gain access to the company’s hot wallet. The company’s founder and current Chief Executive Officer, Evgeny Gaevoy, issued a call to the attackers, stating that the company is willing to consider the exploit to be a “white hat hack.”

Scroll to Top