Hack Alert: Profanity Vanity Addresses Suffer Another Exploit
Vanity addresses created using the Profanity vanity wallet address generator have suffered yet another hack leading to $966k in losses. The recent exploit follows a previous hack in similar fashion targeting Ethereum vanity addresses, with the Profanity tool as a common denominator.
The hacker moved 732 ETH to Tornado Cash
Leading security entity PeckShield uncovered the exploit through the official Twitter account of its PeckShieldAlert chrome extension. The firm brought the attention of the crypto community to the transfer of approximately 732 ETH (worth $966k against prevailing rates as of press time).
#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4
— PeckShieldAlert (@PeckShieldAlert) September 26, 2022
As an attempt to conceal its trail, the wallet address 0x9731F involved in the exploit transferred the stolen funds to the OFAC-sanctioned Tornado Cash Mixer. The hacker carried out the transfer of the funds to Tornado Cash in successive fashion. The individual has already emptied the wallet as of press time, leaving a balance of 0.05 ETH.
The hack comes shortly after several other vanity addresses generated using Profanity lost over $3 million in an exploit. Last week, reports of a hack leading to the loss of $3.3 million surfaced. The affected addresses appear to have been generated using Profanity.
The profanity tool appears to have a security issue
The exploit from last week followed several calls for caution from decentralized exchange aggregator 1inch, highlighting the vulnerabilities of Profanity. 1inch issued a warning via Twitter, asking investors to transfer their funds in Profanity addresses elsewhere.
According to 1inch, Profanity’s practice of using a 32-bit vector to generate 256-bit seed easily sets it up for an attack. Reports of the hack which surfaced on September 18 came three days after the 1inch warning.
Vanity addresses are typically wallet addresses that contain personalized phrases chosen by the user. Users generate these addresses using a tool such as Vanity-ETH and Profanity. Notwithstanding, it appears Profanity has a vulnerability issue.
One of the developers of the tool advised people against using it, citing security concerns, as he notes that he has abandoned the project. As previously reported by Coingape, market maker Wintermute recently suffered a hack. Apparently, the exploit was possible due to a private key compromise resulting from a Profanity vulnerability.
- XRP to $9? Analysts Tip ‘XRP Is a Buy’ as Price Targets 200% Surge
- CZ Endorses Hyperliquid Rival Aster DEX, Token Rallies 1,500%
- Tom Lee’s BitMine Adds $84M in ETH as Expert Predicts Ethereum Rally to $5K
- Grayscale’s Crypto Index Fund Sees ‘Solid Start’ as SOL, XRP Institutional Demand Climbs
- Senate Democrats Urge Republicans for ‘True Collaboration’ to Quickly Pass CLARITY Act
- PUMP Price Forecast: Whale Buys 1B Tokens as Bullish Pennant Signals 65% Breakout
- Bitcoin Price Prediction: Analyst Highlights Breakout Patterns as Coinbase CEO Backs Crypto Structure Bill
- Dogecoin Price Prediction: Grayscale ETF Move Aligns With Cycle Breakout
- Chainlink Price Prediction: Whales Scoop 2M LINK as Analysts Eye 184% Breakout Rally
- Shiba Inu (SHIB) Price Prediction: Massive SHIB Burn and 80-Week Cycle Mirroring Past Rallies: Will History Repeat?
- Cardano Price Stays Above Ichimoku Cloud as Grayscale ADA ETF Approval Nears
Why Trust CoinGape
CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights Read more…to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
