Just a week after the Wintermute hit, $950,000 worth of Ether was stolen from a crypto wallet using the vanity address exploit again. On-chain data shows that the hacker then transferred the funds to the Tornado Cash service, where it was mixed with other crypto funds and sent to the hacker’s wallet.
Hackers Continue Exploiting Bugs in Profanity-generated Vanity Addresses
Blockchain security company PeckShield reported that a hacker has stolen $950,000 worth of Ether (ETH) from a crypto wallet. The funds were looted using the same vanity address exploit that was used in the $160 million hack on Wintermute last week.
According to PeckShield, the hacker stole 732 ETH on Sunday from a crypto wallet and used the sanctioned Tornado Cash to mix it with other funds. The funds were then withdrawn to the hacker’s own crypto wallet.
It appears that the hacker has exploited the vanity address generated with a tool known as Profanity. A vanity address refers to a crypto address that contains certain patterns or words, making them more personal and identifiable.
“Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer”
– @PeckShieldAlert said in a tweet
A large number of vanity addresses were generated via Profanity, and those created that way are easier to breach through a brute force attack, according to decentralized exchange (DEX) aggregator 1inch. Such an attempt would require significant computing power, however, it depends on the number of crypto funds kept in the wallet, says 1inch.
Crypto Woes Worsen as DeFi Exploits Persist
The new vanity address exploit comes just a week after hackers stole $160 million from the crypto asset algorithmic market maker Wintermute. The attack was aimed at Wintermute’s decentralized finance (DeFi) operations, the firm’s CEO Evgeny Gaevoy said in a tweet.
The Wintermute hack was also made possible due to a bug in Profanity. In this case, the attacker exploited a Profanity-generated address that started with several zeroes.
Just like in 2021, the crypto space has witnessed numerous hacks and exploits this year as hackers continue to exploit DeFi weaknesses. However, this time the timing is much worse as the ongoing ‘crypto winter’ continues to take its toll on prices, pushing investors away from risk assets.
This article originally appeared on The Tokenist
Sponsored: Find a Qualified Financial Advisor
Finding a qualified financial advisor doesn’t have to be hard. SmartAsset’s free tool matches you with up to 3 fiduciary financial advisors in your area in 5 minutes. Each advisor has been vetted by SmartAsset and is held to a fiduciary standard to act in your best interests. If you’re ready to be matched with local advisors that can help you achieve your financial goals, get started now.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.
Editors' Picks
