Several Ethereum custom addresses have lost $3.3 million in a new exploit scheme. According to 1inch, the exploited addresses suffered from a vulnerability that allowed hackers access to the respective private keys.
Unlike the usual wallet address, the addresses were generated from a tool known as Profanity. These addresses are vanity addresses and contain identifiable names or numbers within them. While they have no specific utility, they are often used to showboat, just like customized license plates.
Anonymous on-chain sleuth ZachXBT had drawn attention to the exploit, which began on September 16th.
Meanwhile, decentralized exchange protocol 1inch had earlier published a security report noting that vanity addresses generated with the Profanity tool were exposed to security risks. Thus, the hacker extracted private keys linked to the addresses.
However, the reported vulnerability was not addressed immediately to forestall the exploit. But according to Profanity’s developer, Johguse, development activity on the tool had halted a few years ago. Nevertheless, Johguse had recognized the tool’s vulnerability and warned users against its use.
Apparently, the hacker had capitalized on 1inch’s report to perpetrate the exploit. However, according to ZachXBT, the exploit across the addresses occurred soon after the report. The hacker, thereafter, transferred the stolen assets to a new Ethereum address.
Commenting on the exploit, experts noted that the hacker was aware of the security risks beforehand. Per Tal Be’ery, security lead and chief technology officer at ZenGo;
“Seems like the attackers were sitting on this vulnerability, trying to find as many private keys as possible of vulnerable Profanity-generated vanity addresses before the vulnerability gets known. Once publicly exposed by 1inch, the attackers cashed out in a few minutes from multiple vanity addresses.”
The $3.3 million exploit is one of several exploit cases the cryptocurrency ecosystem has witnessed in recent years.
Read also;
Resourced Lands: Seedify Announces Metaverse Launch
Why Google Cloud is Important in Web3
Telegram to Explore More Web3 Features Soon