According to scam alert provider Peckshield, roughly $950k worth of crypto was stolen from an Ethereum vanity address – generated using the Profanity tool.
#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4
— PeckShieldAlert (@PeckShieldAlert) September 26, 2022
What is a Vanity Address?
A vanity address is a customized crypto address that includes specific words or numbers specified by the creator. Such addresses don’t use a machine-generated randomized string of characters. For this reason, the vulnerability of these types of addresses remains questionable.
The hacker drained 732 ETH on Sept 25 to wallet address 0x9731F and later transferred the funds to the recently sanctioned crypto mixer Tornado Cash.
1inch warns community
In early Sept, decentralized exchange (DEX) aggregator 1inch Network cautioned users on the safety of addresses generated through Profanity. “Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP! Moreover, if you used Profanity to get a vanity smart contract address, make sure to change the owners of that smart contract.”
According to 1inch, the addresses generated via vanity tools use “a random 32-bit vector to seed 256-bit private keys,” which means it might be unsafe.
Users on Github have also previously expressed doubts about the security issues linked with vanity addresses and their vulnerability to brute force attacks.
Wintermute
Despite that, a similar vulnerability was exploited last week to hack $160M worth of funds from algorithmic market maker Wintermute. The company CEO Evgeny Gaevoy had explained the hack “was likely linked to the Profanity-type exploit of our DeFi trading wallet.”
He has now offered a 10% bounty to the hacker in a bid to recover the stolen funds.
In the aftermath, Profanity developers are trying to stop the tool’s usage. The codes of the tool are left in an incompatible state, and the repository is archived with no further upgrades.