- The hack used the same flaw as the previous $160 million heist.
- With a vanity address, one may choose their own unique string of letters and numbers.
An Ethereum “vanity address” valued around $950,000 was compromised; this address was created using a program called Profanity. The hack used the same flaw as the previous $160 million heist on market maker Wintermute.
When it comes to crypto addresses, “vanity address” are the ones that are tailored to the exact specifications of the creator, usually symbolizing the author’s brand or name.
With a vanity address, one may choose their own unique string of letters and numbers to use as their crypto address, rather than having one assigned to them by a computer. Users on GitHub have noted that this sort of address is particularly susceptible to brute force assaults because of this.
Similar Exploit Patterns
According to PeckShield data, the hacker took 732 Ethereum on September 25 and sent the money to the now-prohibited crypto mixer Tornado Cash. Decentralized exchange (DEX) aggregator 1Inch Network shared a blog post explaining how the vulnerability was likely to have worked and urged users to “transfer all of your assets to a new wallet ASAP” after GitHub users discovered data about the assault.
The creators of Profanity have taken measures in the wake of the assaults to stop its further usage. The repository for Profanity has been archived after its creators abandoned it in an uncompilable condition.
CEO of Wintermute, Evgeny Gaevoy, recently stated on Twitter that the massive assault on his firm “was likely linked to the Profanity-type exploit of our DeFi trading wallet.”
For their algorithmic market-making services, Gaevoy’s organization employed “Profanity and an internal tool to generate addresses with many zeroes in front,” but he insisted that “the reason behind this was gas optimization, not vanity.”
Recommended For You: