Hack Alert: Profanity Vanity Addresses Suffer Another Exploit

Vanity addresses created using the Profanity vanity wallet address generator have suffered yet another hack leading to $966k in losses. The recent exploit follows a previous hack in similar fashion targeting Ethereum vanity addresses, with the Profanity tool as a common denominator.

The hacker moved 732 ETH to Tornado Cash

Leading security entity PeckShield uncovered the exploit through the official Twitter account of its PeckShieldAlert chrome extension. The firm brought the attention of the crypto community to the transfer of approximately 732 ETH (worth $966k against prevailing rates as of press time).

As an attempt to conceal its trail, the wallet address 0x9731F involved in the exploit transferred the stolen funds to the OFAC-sanctioned Tornado Cash Mixer. The hacker carried out the transfer of the funds to Tornado Cash in successive fashion. The individual has already emptied the wallet as of press time, leaving a balance of 0.05 ETH.

The hack comes shortly after several other vanity addresses generated using Profanity lost over $3 million in an exploit. Last week, reports of a hack leading to the loss of $3.3 million surfaced. The affected addresses appear to have been generated using Profanity.

The profanity tool appears to have a security issue

The exploit from last week followed several calls for caution from decentralized exchange aggregator 1inch, highlighting the vulnerabilities of Profanity. 1inch issued a warning via Twitter, asking investors to transfer their funds in Profanity addresses elsewhere.

According to 1inch, Profanity’s practice of using a 32-bit vector to generate 256-bit seed easily sets it up for an attack. Reports of the hack which surfaced on September 18 came three days after the 1inch warning.

Vanity addresses are typically wallet addresses that contain personalized phrases chosen by the user. Users generate these addresses using a tool such as Vanity-ETH and Profanity. Notwithstanding, it appears Profanity has a vulnerability issue.

One of the developers of the tool advised people against using it, citing security concerns, as he notes that he has abandoned the project. As previously reported by Coingape, market maker Wintermute recently suffered a hack. Apparently, the exploit was possible due to a private key compromise resulting from a Profanity vulnerability.