Hacks and exploits continue to plague the decentralized finance (DeFi) sector, as yet another vanity wallet address joins the list of DeFi victims, who have collectively lost more than $1.6 billion in 2022.
In an alert published by blockchain security firm PeckShield, A hacker was caught after stealing 732 Ether (ETH), about $950,000, from an address created on Ethereum’s vanity wallet address generator called Profanity. After emptying the wallet, the exploiters sent the cryptocurrencies to the recently sanctioned cryptocurrency mixer Tornado Cash.
#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4
— PeckShieldAlert (@PeckShieldAlert) September 26, 2022
#PeckShieldAlert It appears that $950,000 worth of crypto has been stolen by 0x9731F from the Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH to a mixer
Vanity addresses are custom crypto wallet addresses that are generated to include specific words or characters chosen by the owner. Nevertheless, As recent exploits point out, the security of vanity addresses remains questionable.
Earlier in September, decentralized exchange (DEX) aggregator 1inch Network warned community members that their addresses were not safe if generated using Profanity. The DEX asked crypto holders with vanity addresses to transfer their assets immediately. According to 1inch, the vanity address generator used a 32-bit random vector to seed 256-bit private keys, which means it lacks security.
Following warnings from the DEX aggregator, ZachXBT, a blockchain researcher, has announced that an exploit of the vulnerability in Profanity has already allowed some hackers to make off with $3.3 million worth of digital assets.
The 20 of September, UK-based cryptocurrency market maker suffered an exploit resulting in $160 million worth of losses. According to researcher Ajay Dhingra, the exploit could be due to the firm’s hot wallet being compromised and manipulating a bug in the smart contract. Evgeny Gaevoy, founder and CEO of the firm, asked the attackers to get in touch as they are open to treating the exploit as a white hat hack.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.