Vanity Addresses in the Spotlight Again as Hacker Gets Away With $950,000
Just a week after the Wintermute hit, $950,000 worth of Ether was stolen from a crypto wallet using the vanity address exploit again. On-chain data shows that the hacker then transferred the funds to the Tornado Cash service, where it was mixed with other crypto funds and sent to the hacker’s wallet.
Hackers Continue Exploiting Bugs in Profanity-generated Vanity Addresses
Blockchain security company PeckShield reported that a hacker has stolen $950,000 worth of Ether (ETH) from a crypto wallet. The funds were looted using the same vanity address exploit that was used in the $160 million hack on Wintermute last week.
According to PeckShield, the hacker stole 732 ETH on Sunday from a crypto wallet and used the sanctioned Tornado Cash to mix it with other funds. The funds were then withdrawn to the hacker’s own crypto wallet.
It appears that the hacker has exploited the vanity address generated with a tool known as Profanity. A vanity address refers to a crypto address that contains certain patterns or words, making them more personal and identifiable.
“Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer”– @PeckShieldAlert said in a tweet
A large number of vanity addresses were generated via Profanity, and those created that way are easier to breach through a brute force attack, according to decentralized exchange (DEX) 1inch. Such an attempt would require significant computing power, however, it depends on the number of crypto funds kept in the wallet, says 1inch.
Join our Telegram group and never miss a breaking digital asset story.
Crypto Woes Worsen as DeFi Exploits Persist
The new vanity address exploit comes just a week after hackers stole $160 million from the crypto asset algorithmic market maker Wintermute. The attack was aimed at Wintermute’s decentralized finance (DeFi) operations, the firm’s CEO Evgeny Gaevoy said in a tweet.
The Wintermute hack was also made possible due to a bug in Profanity. In this case, the attacker exploited a Profanity-generated address that started with several zeroes.
Just like in 2021, the crypto space has witnessed numerous hacks and exploits this year as hackers continue to exploit DeFi weaknesses. However, this time the timing is much worse as the ongoing ‘crypto winter’ continues to take its toll on prices, pushing investors away from risk assets.
Do you think the number of DeFi attacks will drop in the following years? Let us know in the comments below.