Decentralized exchange aggregator (DEX) Network 1inch has issued a warning to cryptocurrency investors after identifying vulnerabilities of vanity addresses. Despite the warning, hackers were still able to steal $3.3 million worth of cryptocurrency.
A vanity address is a type of custom wallet that contains a special name or digit for identification. In the cryptocurrency sector, they are used for investors to show off, similar to how car drivers pay for expensive license plates. These addresses can be generated using certain tools, one of which is Profanity.
On Thursday, 1inch revealed a lack of security in using Profanity, as it uses a random 32-bit vector to generate 256-bit private keys. Further investigations have pointed to ambiguity in the creation of vanity addresses, suggesting that the Profanity wallet was secretly hacked.
🚨 RUN, YOU FOOLS 🚨
⚠️ Spoiler: Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP!
➡️ Read more: https://t.co/oczK6tlEqG#Ethereum #crypto #vulnerability #1inch
— 1inch Network (@1inch) September 15, 2022
A follow-up investigation by blockchain investigator ZachXBT last Friday (09/16) found that the successful exploitation of the vulnerability allowed hackers to withdraw $3.3 million in funds electron. The funds were transferred from the victim’s address to the hacker’s Ethereum address. This incident led analysts to suspect that malicious actors had written about the vulnerability of the network in advance.
Appears $3.3m worth of crypto has been exploited by 0x6ae from this vulnerability.
Interestingly the Indexed Finance Exploiter was the first address drained by 0x6ae.
Attackers address:
0x6AE09AC63487FCf63117A6D6FAFa894473d47b93 https://t.co/gnQHHytI1m pic.twitter.com/5TYccNIpdq— ZachXBT (@zachxbt) September 17, 2022
After alerting them to hackers who have accessed users’ wallets, many confirm that their funds are safe:
6 hours after the attack, the attackers did not steal my property. 55K was in jeopardy.
However, hackers tend to attack larger wallets before moving on to lower-value wallets. Users who own wallet addresses created with Profanity have been advised by 1inch to “Transfer all your assets to another wallet as soon as possible!”.
Earlier, 1inch reviewed the private keys of vanity addresses generated with Profanity using GPU chips and warned of a security vulnerability exploited by hackers to steal millions of dollars.
While some hackers use the traditional type of attack of withdrawing users’ funds after gaining unauthorized access to cryptocurrency wallets, others trick investors into sharing their private keys.
One of the recent new-style scams involves hacking a YouTube channel to play fabricated videos of Elon Musk discussing cryptocurrencies. On September 3, the South Korean government’s YouTube channel was immediately hacked and renamed to share a live broadcast of crypto-related videos.
IDs and passwords stolen by the YouTube channel were identified as the root cause of the attack.
