A hacker managed to get away with 732 ETH worth around $950,000 from a crypto wallet.
Interestingly, blockchain security firm PeckShield revealed that the theft was carried out via the same vanity address hack connected to the UK-based crypto market maker Wintermute.
- On-chain data suggested that the hacker moved the stolen funds to the OFAC-sanctioned crypto mixing tumbler Tornado Cash.
- The latest exploit comes days after decentralized finance aggregator 1inc first discovered a severe vulnerability in the Profanity tool and stated that user funds are at risk of loss following a potential exploit.
- Launched in 2017, Profanity is a tool designed to enable Ethereum users to create “vanity addresses,” which are essentially custom crypto wallets with identifiable names or numbers within them.
- As per 1inch’s report, the vanity address generator uses a random 32-bit vector to seed 256-bit private keys, thereby making it unsafe.
- The Profanity address generator was abandoned by its developers a few years ago after detecting fundamental security issues in the generation of private keys.
- Shortly after the security report by 1inch, a hacker stole $3.3 million worth of cryptocurrencies from several Ethereum addresses generated with the tool last week.
- The Wintermute exploit came next, wherein perpetrators compromised decentralized finance operations while the centralized finance and over-the-counter verticals were safe.
- As per the report, more than $162k was stolen in over 13 transactions. The exploit was speculated to have transpired from a brute force attack on the Profanity wallet.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.
Source: https://cryptopotato.com/profanity-exploit-continues-as-hackers-drain-another-732-eth-from-crypto-wallet/