Hackers drain nearly $1M using Vanity Address Exploit

Around 732 ETH was stolen and is currently being siphoned through crypto mixer Tornado Cash.
Hackers drain nearly $1M using Vanity Address Exploit

According to scam alert provider Peckshield, roughly $950k worth of crypto was stolen from an Ethereum vanity address – generated using the Profanity tool. 

What is a Vanity Address?

A vanity address is a customized crypto address that includes specific words or numbers specified by the creator. Such addresses don’t use a machine-generated randomized string of characters. For this reason, the vulnerability of these types of addresses remains questionable. 

The hacker drained 732 ETH on Sept 25 to wallet address 0x9731F and later transferred the funds to the recently sanctioned crypto mixer Tornado Cash

1inch warns community

In early Sept, decentralized exchange (DEX) aggregator 1inch Network cautioned users on the safety of addresses generated through Profanity. “Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP! Moreover, if you used Profanity to get a vanity smart contract address, make sure to change the owners of that smart contract.”

According to 1inch, the addresses generated via vanity tools use “a random 32-bit vector to seed 256-bit private keys,” which means it might be unsafe. 

Users on Github have also previously expressed doubts about the security issues linked with vanity addresses and their vulnerability to brute force attacks. 


Despite that, a similar vulnerability was exploited last week to hack $160M worth of funds from algorithmic market maker Wintermute. The company CEO Evgeny Gaevoy had explained the hack “was likely linked to the Profanity-type exploit of our DeFi trading wallet.”

He has now offered a 10% bounty to the hacker in a bid to recover the stolen funds. 

In the aftermath, Profanity developers are trying to stop the tool’s usage. The codes of the tool are left in an incompatible state, and the repository is archived with no further upgrades. 

All articles published on Coinmash are strictly for informational purposes only. Coinmash has no involvement with any assets discussed and urges everyone to do their own research before making any financial decisions. Read our disclaimer to learn more.


Himan Mohapatra
Himan Mohapatra
Himan Mohapatra is an industry expert within the crypto-sphere and the primary journalist for Coinmash. He is an expert in finance and disruptive tech, such as blockchain.