Hackers Steal Nearly $1M in Ether from a Crypto Vanity Address

Vanity address generator, Profanity, has become the bane of many Ethereum users as hackers proceed to carry out brute force attacks to steal cryptocurrency from vulnerable wallets

Hackers Steal Nearly $1M in Ether from a Crypto Vanity Address
Photo by Nahel AbdulHadi / Unsplash

The road to decentralized finance (DEFI) for many developers, crypto enthusiasts and retail investors is a slippery slope that can be described as a poignant combination of wild possibilities and tragic history.

Nearly two weeks after decentralized exchange (DEX) aggregator, 1inch Network, published a report on the vulnerability in an Ethereum vanity address tool, Profanity, many wallet addresses created via the tool have become fodder for exploiters, as millions of dollars worth of crypto assets have been reportedly stolen.

In a security alert tweeted by Blockchain security firm, Peckshield, a hacker made away with 723 Eth, around $950,000, from a crypto wallet using the same vanity address vulnerability related to a recent attack on the algorithmic market maker, Wintermute, resulting in a staggering loss of $160 million.

After stealing the crypto assets from the wallet, the exploiter transferred the crypto to the sanctioned crypto tumbler Tornado Cash.

Here, it will have been blended with other crypto assets, to mask the origin and recipient of the transaction.

Vanity addresses are randomized, custom-made crypto wallet addresses that are created to begin or end with special characters. However, some of the 1inch contributors noticed Profanity's failure to create the 256-bit private key with enough randomness, resulting in addresses easier to breach through a brute force attack

Due to its high efficiency, many vanity addresses were created through profanity and have become major targets for hackers. Earlier this month, $3.3 million was drained from multiple profanity-based Ethereum addresses.

The Profanity vanity address generator was abandoned by its anonymous creator years ago. To mitigate the risk attributed to the profanity tool, the developer has left the code in an uncompilable state, with the repository archived, ensuring no one continues to use the tool.


Opinions expressed at Vestorportal.com are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. Vestorportal.com does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is Vestorportal.com an investment advisor. Please note that Vestorportal.com participates in affiliate marketing.

Support us:

BTC-(BTC): bc1qrja84qhn7299lmad79ch7flnca0lyq0alp6pdv

ETH-(ERC20): 0xEC06cbAfF0261e6Da0122Ae579a641B3e2303523