Hackers likely employed a “brute force” attack using a previously exploited weakness related to the vanity address generator Profanity.

Hackers Nab Nearly $1 Million in Crypto From Ethereum ‘Vanity Adress’ Exploit

Roughly $950,000 worth of crypto has been stolen from an Ethereum “vanity address” generated with a tool called Profanity. The exploit leveraged a similar vulnerability related to the recent $160 million attack on market maker Wintermute.

A “vanity address” is a type of crypto address that conforms to certain parameters laid out by the creator, often representing their brand or name. 

Instead of the crypto address being a random, machine-generated string of numbers and letters, a vanity address would be human-generated. It’s for this reason that users on GitHub have indicated these types of addresses are more vulnerable to brute force attacks.

The hacker stole 732 Ethereum on September 25 before transferring the funds straight to the now-sanctioned crypto mixer Tornado Cash, according to the data from PeckShield.

#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4

— PeckShieldAlert (@PeckShieldAlert) September 26, 2022

Though it was GitHub’s users who first unearthed details about the attack, it was then publicized by the decentralized exchange (DEX) aggregator 1Inch Network who told users to “transfer all of your assets to a different wallet ASAP,” sharing a blog on how the exploit is likely to have worked. 

In the aftermath of the attacks, the developers behind Profanity have taken steps to ensure that no one continues to use the tool.

Profanity’s code has been left in an uncompilable state by its developers, with the repository being archived. The code is not set to receive any more updates.

Vanity addresses and crypto hacks

Wintermute CEO Evgeny Gaevoy recently admitted on Twitter that the mammoth scale attack on his company “was likely linked to the Profanity-type exploit of our DeFi trading wallet.” 

Gaevoy said his company, which provides algorithmic market-making services, used “Profanity and an internal tool to generate addresses with many zeroes in front” but maintained “the reason behind this was gas optimization, not vanity.”

We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected

— wishful cynic (@EvgenyGaevoy) September 20, 2022

As of yet, no perpetrator has come forward regarding the Wintermute attack or the most recent incident, and no funds have been recovered. The market maker is threatening legal action and has offered a $16 million bounty reward for the return of the funds. 

Yesterday’s exploit and Wintermute’s may also just be the tip of the iceberg.

In its blog post, 1Inch suggested that additional exploits have yet to be uncovered, adding that “1inch contributors are still trying to determine all the vanity addresses which were hacked” and that it “looks like tens of millions of dollars in cryptocurrency could be stolen, if not hundreds of millions.”

Stay on top of crypto news, get daily updates in your inbox.

NEWS RELATED

Give the gift of a Google Pixel 6 for less than £400 in this pre-Christmas deal

As Christmas approaches, you can find some bargains on popular smartphones at Amazon

View more: Give the gift of a Google Pixel 6 for less than £400 in this pre-Christmas deal

Binance Hires Former Donald Trump Auditors For Proof of Reserves Effort

Source: AdobeStock / hamara Major crypto exchange Binance has appointed the accounting firm Mazars, which worked for former US President Donald Trump’s company, to assist with its Proof of Reserves (PoR) effort. In order to help assure investors that its coins are covered by reserves, Binance decided to use ...

View more: Binance Hires Former Donald Trump Auditors For Proof of Reserves Effort

Road closures for south Etobicoke’s 2022 Santa Claus Parade

Toronto police have released a list of road closures and expected times ahead of the Santa Claus Parade in south Etobicoke on Saturday. The parade will start at 10 a.m. and take place along Lake Shore Boulevard West, between Royal York Road to Thirty-Seventh Street. Road closures will begin at ...

View more: Road closures for south Etobicoke’s 2022 Santa Claus Parade

‘The Prince of Wales understands Africa – he’s the most suitable young leader for our world’

Oops! Something went wrong. Please try again later. Patrick Mavros – Rii Schroer When the Prince of Wales steps on stage to award the 2022 Earthshot prize in Boston, his fellow environmental campaigner Patrick Mavros will be watching from Zimbabwe with particular pride. Having worked with the Prince for ...

View more: ‘The Prince of Wales understands Africa – he’s the most suitable young leader for our world’

Netflix fans react to Barbie as the Princess and the Pauper being added to the site

How Netflix fans reacted to iconic Barbie movie YouTube – Lionsgate We don’t mean to alarm anyone, but we have some very important news to share. Barbie as the Princess and the Pauper is now available on Netflix in the UK. Yes, we’re still screaming too. The iconic Barbie ...

View more: Netflix fans react to Barbie as the Princess and the Pauper being added to the site

LastPass Hacked for Second Time This Year

Password management app LastPass says it is investigating a security incident after an “unauthorized party” compromised its systems on Wednesday and gained access to some customer information. The information was stored in a third-party cloud service shared by LastPass and parent company GoTo, said LastPass CEO Karim Toubba in a ...

View more: LastPass Hacked for Second Time This Year

Australian Stock Exchange Fires 200 Contractors Working on Canceled Blockchain Project

Shortly after axing its blockchain project, the Australian Securities Exchange has now laid off 200 contractors working on the project.

View more: Australian Stock Exchange Fires 200 Contractors Working on Canceled Blockchain Project

Diablo Immortal update that helps casual players is coming soon

A future Diablo Immortal update will help players who have fallen behind level characters faster, in turn bringing them up to speed in Blizzard's action RPG

View more: Diablo Immortal update that helps casual players is coming soon

The Midnight Club Won't Get A Season 2 On Netflix

More patrons dining out as F&B sector reopens fully, but customer satisfaction dips

Eruption of Hawaii's Mauna Loa volcano boosts Big Island tourism during slow season

Amended SAFE-T Act Now Heads to Pritzker's Desk. What It Says, And What Happens Next

Formula 1 2023 Chinese Grand Prix cancelled due to Covid-19 restrictions

Terrifying moment a rat scurries from Christmas tree as dad leaps on cabinet and mum tries to shoot it with an air rifle

Meghan and Harry reignite war on Wills and Kate with ‘deliberately’ timed release of Netflix trailer to ‘ruin’ US tour

NFL Week 13 Bettors Guide: Don’t look for Giants to get back on track against Commanders

Ministers and civil servants could have to sign contracts vowing to abide by sleaze rules for TWO YEARS after quitting

Crypto Whales Are Swimming to This New Trading Platform in the Aftermath of the FTX Implosion – Time to Buy?

Korean Prosecutors Seek Arrest of Terra Co-Founder Over $105M LUNA Sale

Sajid Javid resigns: former health secretary to stand down as MP at next general election

OTHER NEWS

Breaking thailand news, thai news, thailand news Verified News Story Network