Ever since the crypto industry expanded its growth, it has become a favorite place for hackers to commit exploits. Ethereum vanity addresses generated using the Profanity tool have now become the latest loophole to dupe millions of crypto users.
According to market intelligence provider Etherscan, custom Ethereum addresses created using the Profanity tool have been breached by a hacker who stole nearly $3.3 million from various custom ETH addresses.
Related reading: Crypto trading firm Wintermute has suffered a $160 million hack
ZachXBT, an expert in tracking hacker activity, first spotted and Find out more on the breach that began on September 16. The anonymous detective also kept $1.2 million worth of NFTs from a user who moved his assets from vanity addresses after being tipped off.
Vanity addresses are something like a golden number of vehicles that motorists pay a lot for in an attempt to show off. Vanity addresses likely involve one’s name or desired information to appear as a distinguished address created using tools such as profanity.
1 inch exposed profanity vulnerabilities before exploitation
It’s worth noting that decentralized exchange aggregator 1Inch, which previously suggested using the tool, informed the community before the hack that vanity addresses have higher vulnerabilities. In the report published last week, the company suggested that users move their funds from wallet addresses made with Profanity.
1Inch said Profanity became a prominent tool for generating millions of addresses in a second, and was being used by the broader crypto community. But then the 1Inch collaborators detected that the procedure used was not flawless and open to exploitation.
Experts noted that the tool’s procedure uses a 32-bit vector to generate 256-bit code, so-called private keys. And this process was recognized as unsafe in the report. The report says;
1 inch contributors checked the richest vanity addresses on popular networks and came to the conclusion that most of them were not created by the profanity tool. But profanity is one of the most popular tools because of its high efficiency. Unfortunately, this could only mean that most of the blasphemy wallets were secretly hacked.
Hacker cashed in stolen money after 1 Inch report
The hacker drained money from the targeted wallet addresses immediately after the 1Inch report exposed the vulnerabilities, according to ZachXBT. The hacker then moved the stolen funds to a new Ethereum address.
Tal Be’eryBe’ery, Chief Technology Officer and Head of Security at ZenGo, he commented on non-compliance;
“It appears that the attackers were sitting on this vulnerability, trying to find as many private keys as possible from vulnerable vanity addresses generated by blasphemy before the vulnerability became known. Once publicly exposed by 1″, the attackers cashed out within minutes of multiple vanity addresses.”
Related Reading: Bearish Crypto Market Sentiment Sends Investors To Stablecoins
Additionally, a Profanity developer also warned users about vulnerabilities he found in the code a few years ago. The developer highlighted the issues on GitHub and abandoned the project revealing that the current state of the tool is not safe to use.
Featured image from Pixabay and chart from TradingView.com