Profanity Exploit Continues as Hackers Drain Another 732 ETH From Crypto Wallet

A hacker managed to get away with 732 ETH worth around $950,000 from a crypto wallet.

Interestingly, blockchain security firm PeckShield revealed that the theft was carried out via the same vanity address hack connected to the UK-based crypto market maker Wintermute.

• On-chain data suggested that the hacker moved the stolen funds to the OFAC-sanctioned crypto mixing tumbler Tornado Cash.
• The latest exploit comes days after decentralized finance aggregator 1inc first discovered a severe vulnerability in the Profanity tool and stated that user funds are at risk of loss following a potential exploit.
• Launched in 2017, Profanity is a tool designed to enable Ethereum users to create “vanity addresses,” which are essentially custom crypto wallets with identifiable names or numbers within them.
• As per 1inch’s report, the vanity address generator uses a random 32-bit vector to seed 256-bit private keys, thereby making it unsafe.
• The Profanity address generator was abandoned by its developers a few years ago after detecting fundamental security issues in the generation of private keys.
• Shortly after the security report by 1inch, a hacker stole $3.3 million worth of cryptocurrencies from several Ethereum addresses generated with the tool last week.
• The Wintermute exploit came next, wherein perpetrators compromised decentralized finance operations while the centralized finance and over-the-counter verticals were safe.
• As per the report, more than $162k was stolen in over 13 transactions. The exploit was speculated to have transpired from a brute force attack on the Profanity wallet.