Hackers stole about $3.3 million in cryptocurrency from Ethereum users who generated addresses via the Profanity tool. Earlier, the 1inch Network team warned about the vulnerability.
Some rug pulls of 2022 could be actually “profanity” exploits of their deployer wallets 👀 https://t.co/vdwdMX0g2I
— Anton Bukov 🦇🔊 ⚖️ (@k06a) September 17, 2022
The Profanity tool allowed generating readable Ethereum addresses (vanity addresses) containing words, names or phrases. Development of the tool was abandoned several years ago, but wallets created with it still function today.
On September 15, the 1inch team warned the community, that the keys to such addresses could be brute-forced — a systematic enumeration of all possible character combinations. The service used a 32-bit vector to fill 256-bit private encoders.
At the time, the developers said that the vulnerability could allow assets to be stolen “in the tens, if not hundreds of millions of dollars.” 1inch Network co-founder Anton Bukov noted that some of the rug pull schemes recorded in 2022 could be linked to it.
The theft drew the attention of a researcher going by the handle ZachXBT. He also warned one of the users that the hackers had gained access to their wallet and helped save NFTs and tokens worth more than $1.2 million.
Update: Earlier I noticed the 0x6ae attacker hadn’t fully drained one of the wallets they interacted with.
Am pleased to share I helped alert the owner saving their $1.2m+ worth of crypto & NFTs (they’ve since moved everything)
0xDA0Da0Da0Da0a77740bB62c5c9D45423533d0CE2 pic.twitter.com/zP9LaovCv8
— ZachXBT (@zachxbt) September 17, 2022
In September 2022, Ethereum developer Peter Szilágyi described a vulnerability through which the attacker could take down the Avalanche network.
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.