$1 million in cryptocurrency was stolen as a result of a vanity address exploits
Cyberattacks continue to afflict the decentralized finance (DeFi) sector, with another vanity wallet address joining the list of DeFi victims, who collectively lost more than $1.6 billion in 2022. According to an alert issued by blockchain security firm PeckShield, a hacker was discovered after stealing 732 Ether (ETH), or approximately $950,000, from an address generated by the Ethereum vanity wallet address generator Profanity. After draining the wallet, the exploiters transferred the cryptocurrency to the recently approved cryptocurrency mixer Tornado Cash.
#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4
— PeckShieldAlert (@PeckShieldAlert) September 26, 2022
Earlier in September, decentralized exchange (DEX) aggregator, 1inch Network warned community members that address generated with profanity were not secure. The DEX urged cryptocurrency holders with vanity addresses to transfer their assets as soon as possible. According to 1inch, the vanity address generator seeded 256-bit private keys with a random 32-bit vector, indicating that it is unsafe.
Following the DEX aggregator’s warnings, blockchain investigator ZachXBT announced that an exploit of the Profanity vulnerability has already allowed some hackers to escape with $3.3 million in digital assets.