Roughly $950,000 in crypto has been stolen from an Ethereum “vanity address” generated with a tool called Profanity. The exploit took advantage of a similar vulnerability related to recent attack of 160 million dollars on market maker Wintermute.
A “vanity address” is a type of crypto address that conforms to certain parameters set by the creator, often representing their brand or name.
Instead of the crypto address being a random, machine-generated string of numbers and letters, a vanity address will be human-generated. It is for this reason that users on GitHub have indicated that this type of address is more vulnerable to brute force attacks.
The hacker stole 732 Ethereum September 25 before transferring the funds straight to the now-sanctioned crypto mixer Tornado Cash, according to data from PeckShield.
Although it was GitHub’s users who first uncovered details of the attack, it was then published by decentralized exchange (DEX) aggregator 1Inch Network asking users to “transfer all your assets to another wallet ASAP.” share a blog about how the exploit is likely to have worked.
In the wake of the attacks, the developers behind Profanity have taken steps to ensure that no one continues to use the tool.
Profanity’s code has been left in an uncompilable state by the developers, and the repository is being archived. The code is not set to receive any more updates.
Vanity addresses and crypto hacks
Wintermute CEO Evgeny Gaevoy recently admitted on Twitter that the giant attack on his company “was likely related to the profanity-type exploit of our DeFi trading wallet.”
Gaevoy said his company, which offers algorithmic market-making services, used “bans and an internal tool to generate addresses with lots of leading zeros”, but maintained “the reason behind this was gas optimization, not vanity.”
So far, no perpetrator has come forward regarding the Wintermute attack or the latest incident, and no funds have been recovered. The market maker is threatening legal action and has offered a $16 million reward for the return of the funds.
Yesterday’s exploitation and Wintermutes may also just be the tip of the iceberg.
In its blog post, 1Inch hinted that additional exploits have yet to be uncovered, adding that “1inch contributors are still trying to figure out all the vanity addresses that were hacked” and that “it looks like tens of millions of dollars in cryptocurrency could be stolen, if not hundreds of millions.”
Stay up to date on crypto news, get daily updates in your inbox.
