PeckShield analysts recorded a theft of around 732 ETH (about $950,000) from an Ethereum address generated with the Profanity vanity-address generator.
On September 25, the hacker stole the funds and sent them to the cryptocurrency mixer Tornado Cash, which had previously been sanctioned by the United States.
The Profanity vulnerability was discovered on GitHub back in January, but it gained wide attention thanks to the 1inch Network team.
The tool allowed generating readable Ethereum addresses (vanity addresses) containing words, names or phrases. 1inch Network experts warned that keys to such addresses can be brute-forced—a systematic enumeration of all possible character combinations.
This incident marked the third vanity-address theft in the month.
Earlier, using the vulnerability, attackers drained Ethereum wallets around $3.3 million. Later, the exploit was used for the $160 million theft from market maker Wintermute.
Follow ForkLog’s bitcoin news on our Telegram — crypto news, prices and analytics.