Profanity Exploit Continues as Hackers Drain Another 732 ETH From Crypto Wallet

A hacker managed to get away with 732 ETH worth around $950,000 from a crypto wallet.

Interestingly, blockchain security firm PeckShield revealed that the theft was carried out via the same vanity address hack connected to the UK-based crypto market maker Wintermute.

  • On-chain data suggested that the hacker moved the stolen funds to the OFAC-sanctioned crypto mixing tumbler Tornado Cash.
  • The latest exploit comes days after decentralized finance aggregator 1inc first discovered a severe vulnerability in the Profanity tool and stated that user funds are at risk of loss following a potential exploit.
  • Launched in 2017, Profanity is a tool designed to enable Ethereum users to create “vanity addresses,” which are essentially custom crypto wallets with identifiable names or numbers within them.
  • As per 1inch’s report, the vanity address generator uses a random 32-bit vector to seed 256-bit private keys, thereby making it unsafe.
  • The Profanity address generator was abandoned by its developers a few years ago after detecting fundamental security issues in the generation of private keys.
  • Shortly after the security report by 1inch, a hacker stole $3.3 million worth of cryptocurrencies from several Ethereum addresses generated with the tool last week.
  • The Wintermute exploit came next, wherein perpetrators compromised decentralized finance operations while the centralized finance and over-the-counter verticals were safe.
  • As per the report, more than $162k was stolen in over 13 transactions. The exploit was speculated to have transpired from a brute force attack on the Profanity wallet.
SPECIAL OFFER (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.

Source: https://cryptopotato.com/profanity-exploit-continues-as-hackers-drain-another-732-eth-from-crypto-wallet/