These hackers get their hands on almost a million dollars in cryptocurrencies thanks to the exploitation of this flaw in Ethereum (ETH)

About $950,000 worth of cryptocurrency was stolen from an Ethereum “vanity address” generated by a tool called Profanity. The exploit exploited a similar vulnerability related to the recent $160 million attack on market maker Wintermute.

A “vanity address” is a type of cryptographic address that conforms to certain parameters set by the creator, often representing their brand or name.

Instead of the cryptographic address being a machine-generated random string of numbers and letters, a vanity address would be generated by a human. It is for this reason that GitHub users have reported that these types of addresses are more vulnerable to brute force attacks.

The hacker stole 732 Ethereum on September 25 before transferring the funds directly to now-sanctioned cryptocurrency mixer Tornado Cash, according to data from PeckShield.

Although GitHub users were the first to discover the details of the attack, it was later made public by decentralized exchange (DEX) aggregator 1Inch Network, which advised users to “move all their assets to a different wallet as soon as possible,” sharing a blog post about how the exploit is likely to have worked.

Following these attacks, Profanity developers took steps to ensure that no one continued to use the tool.

Profanity’s code was left in an uncompilable state by its developers, with the repository being archived. The code is not scheduled to receive further updates.

Fancy addresses and crypto hacks

Wintermute CEO Evgeny Gaevoy recently admitted on Twitter that the large-scale attack on his company “was likely related to the Profanity-style exploitation of our DeFi trading portfolio. This may interest you: Here is why the price of Ethereum jumps, when that of Ethereum Classic explodes in expectation of the merger!. »

Mr Gaevoy said his company, which provides algorithmic market making services, used “Profanity and an in-house tool to generate addresses with many leading zeros”, but claimed that “the reason behind this was the gas optimization, not vanity”.

We have been hacked for around $160 million in our defi operations. Cefi and OTC operations are not affected

— wishful cynic (@EvgenyGaevoy) September 20, 2022

So far, no perpetrators of the Wintermute attack or the most recent incident have come forward, and no funds have been recovered. The market maker is threatening to take legal action and has offered a $16 million reward for the return of funds.

Yesterday’s feat and Wintermute’s could also be just the tip of the iceberg.

In its blog post, 1Inch hinted that more exploits have yet to be uncovered, adding that “1Inch contributors are still trying to determine all of the vanity addresses that have been hacked” and that it “appears dozens millions of dollars in cryptocurrency could be stolen, even hundreds of millions. »

💎 Open an account for free to Invest in crypto!

CoinHouse allows you to easily invest in crypto-assets. Creating an account is free and takes just a few simple steps.

📈 Trade cryptos online in just a few clicks!

BitPanda allows you to trade crypto easily online. Creating an account is fast, free and very simple.

Be vigilant and consult your financial adviser before making any investment decision. Mirror-Mag cannot be held responsible in the event of bad investments. Before using any third-party service, you should do your own research.

Thomas E.
The latest articles by Thomas E. (see everything)

We wish to thank the writer of this write-up for this amazing web content

These hackers get their hands on almost a million dollars in cryptocurrencies thanks to the exploitation of this flaw in Ethereum (ETH)

Explore our social media accounts as well as other pages related to them