Hacker takes $3.3 million from Profanity’s Ethereum addresses

Since the crypto industry’s expansion, it has become the most popular target for cybercriminals. The Ethereum vanity addresses created by the Profanity tool are the most recent vulnerability to defraud millions of cryptocurrency users.

Etherscan, a service that provides market intelligence, reports that a hacker stole about $3.3 million from many bespoke ETH addresses that were established using the Profanity tool.

ZachXBT, an expert who was monitoring the hacker’s behaviour, was the first to notice and report the breach, which started on September 16. The anonymous detective also conserved $1.2 million in NFTs belonging to a user who relocated his assets from vanity addresses after being notified.

Vanity addresses are comparable to the golden number of automobiles for which passengers pay a premium in order to display their wealth. Typically, vanity addresses consist of a person’s name or desired information to seem like a distinguishing address, generated using software such as Profanity.

Notably, decentralized exchange aggregator 1Inch, which had previously encouraged utilizing the tool, cautioned the community prior to the attack that vanity addresses presented a greater risk. In a report released last week, the company advised users to transfer their assets from wallet addresses containing profanity.

According to 1Inch, Profanity became a significant method for generating millions of addresses per second, and the broader crypto community adopted it. Then, however, 1Inch’s contributors discovered the used process was not faultless and exploitable.

The tool’s technique employs a 32-bit vector to generate 256-bit code, known as private keys, according to experts. In addition, this procedure was deemed dangerous in the study.

Contributors of 1inch examined the wealthiest vanity addresses on popular networks and determined that the majority of them were not generated through the Profanity tool. However, owing to its effectiveness, profanity is among the most used techniques. Sadly, this could only imply that the majority of Profanity wallets were compromised.

According to ZachXBT, the hacker instantly stole funds from the targeted wallet addresses once the 1Inch article revealed the flaws. The hacker then transferred the stolen funds to a new Ethereum address.

Also Read: Arbitrum Announces A Bug Bounty Reward Of 400 ETH