Hacker Steals $950,000 from Crypto Vanity Address as Exploits Continue

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

According to PeckShield, a blockchain security firm, a hacker has stolen $950,000 in Ether (ETH) from an Ethereum “vanity address” generated with a tool known as Profanity. The matter was reported on Monday.

The hacker stole 732 Ethereum on September 25 and sent it to the authorized digital currency blending administration Cyclone Money, as indicated by on-chain data from PeckShield. Here the funds were blended in with other cryptocurrencies and removed to the programmer’s own wallet.

The hack was done through weaknesses associated with the popular Profanity vanity address generator. While vanity addresses are made through an instrument called Obscenity, this strategy for generating such addresses makes them simpler to penetrate through a beast force assault. The penetration requires a ton of processing power and may be counterbalanced by how much cryptographic money is in the wallet.

In the aftermath of the attacks, the developers’ team behind Profanity took steps to ensure that no one continued using the tool.

The exploit was done in a similar way Wintermute was exploited last week. On Tuesday, September 20, the U.K.-based algorithmic crypto market maker Wintermute was hacked and lost $162.2 million in DeFi operations. A vulnerable private key generated by the Profanity app was attacked in the Wintermute hack.

The Profanity vulnerability has been known since January. Still, the decentralized exchange 1inch Network disclosed the apparent risk on September 13 and warned Twitter crypto community members about the risks facing the Profanity wallets.

Last week on September 18, attackers executed a similar hack that saw $3.3 million worth of cryptocurrencies stolen from users of a vanity Ethereum wallet. The hacker managed to steal the tokens from a number of Ethereum addresses that were generated with the Profanity tool.

According to Certik blockchain cybersecurity company, about $273.9 million has been lost this year because of compromised private keys, making the method one of the largest attack vectors.

Image source: Shutterstock

This article was originally reported on Blockchain News.