1inch Network, a decentralized exchange aggregator, issued a warning for crypto investors after identifying a vulnerability within Profanity (ETH vanity address generating software). Despite the warning, hackers apparently managed to steal $3.3 million worth cryptocurrencies.
1Inch, which used a random 32 bit vector to seed its 256-bit-long private keys, revealed Profanity’s lack of security on Sept. 15. Further investigation revealed the ambiguity of creating vanity addresses. This suggests that Profanity wallets may have been secretly hacked. As shown below, the warning was sent out in the form a tweet.
RUN, YOU FOOLS Spoiler! Your money is not SAFU if you created your wallet address with the Profanity tool. All of your assets should be transferred to a new wallet immediately! Read more: https://t.co/oczK6tlEqG#Ethereum #crypto #vulnerability #1inch
— 1inch Network (@1inch), September 15, 2022
The vulnerability was exploited by hackers in order to steal $3.3 million worth of crypto, according to ZachXBT, a blockchain investigator.
This vulnerability has apparently been exploited to extract $3.3 million worth of crypto by 0x6ae. The Indexed Finance Exploiter was, interestingly, the first to be drained by the 0x6ae. Attackers address: 0x6AE09AC63487FCf63117A6D6FAFa894473d47b93 https://t.co/gnQHHytI1m pic.twitter.com/5TYccNIpdq
— ZachXBT (@zachxbt) September 17, 2022
ZachXBT also helped a user save more than $1.2 million in cryptocurrency and nonfungible tokens after they alerted them to the hacker who had gained access to the user’s wallet. Many users confirmed that their funds were safe after the revelation. One user stated:
“Wtf 6h later my addresses were still vuln, but the attacker didn’t drain me?” had 55k at risk lol”
Hackers tend to target larger wallets first, then move to wallets of lower value. By 1Inch, Profanity tool users who have wallet addresses created with the Profanity software were advised to “Transfer all your assets to another wallet ASAP!”
Chainalysis helps law enforcement recover $30 million from Ronin bridge hack
Some hackers prefer to drain users’ funds using the traditional method, but others find new ways to trick investors into sharing their private keys.
A YouTube channel was hacked to play fabricated videos featuring Elon Musk talking about cryptocurrency. This is one of many innovative scams. The South Korean government’s YouTube channel was temporarily hacked on Sept. 3 and renamed to allow live broadcasts of crypto related videos.
Hackers were able to identify the root cause as the compromised password and ID of YouTube channel.