Crypto NewsTrading Crypto

Hacker steals $3.3 million using Profanity’s vanity Ethereum addresses

Since the crypto industry expanded its growth, it has become the favorite place for hackers to commit exploits. The Ethereum vanity addresses generated via the Profanity tool have now become the latest loophole to dupe millions of crypto users.

As per the market insights provider firm, Etherscan, Ethereum custom addresses created via the Profanity tool have been breached by a hacker who stole almost $3.3 million from several custom ETH addresses.

ZachXBT, an expert tracking the hacker’s activity, first detected and informed about the breach that began on September 16. The anonymous sleuth also preserved a user’s NFTs worth $1.2 million who moved his assets from vanity addresses after being informed.

Vanity addresses are something like a golden number of vehicles for which riders pay high in an attempt to show off. Likely, vanity addresses involve one’s name or desired info to appear as a distinguished address created via tools like Profanity.

1Inch Exposed Profanity’s Vulnerabilities Before Exploit

It is worth noting that decentralized exchange aggregator 1Inch, who previously suggested using the tool, informed the community before the hack that vanity addresses pose higher vulnerabilities. In the report published last week, the firm suggested users move their funds from wallet addresses made using Profanity.

1Inch said that Profanity became a prominent tool to generate millions of addresses in one second, and the wider crypto community was using it. But, then, 1Inch’s contributors detected used procedure was not flawless and open to exploitation.

Experts noted that the tool’s procedure uses a 32-bit vector for generating 256-bit code, so-called private keys. And this process was recognized as unsafe in the report. The report reads;

The 1inch contributors checked the richest vanity addresses on popular networks and came to the conclusion that most of them were not created by the Profanity tool. But Profanity is one of the most popular tools due to its high efficiency. Sadly, that could only mean that most of the Profanity wallets were secretly hacked.

Hacker Cashed Out Stolen Money After 1Inch’s Report

The hacker drained money from the targeted wallet addresses immediately after the 1Inch report exposed the vulnerabilities, per ZachXBT. The hacker then moved stolen funds to a new Ethereum address.

Tal Be’eryBe’ery, chief technology office and security head at ZenGo, commented on the breach;

“Seems like the attackers were sitting on this vulnerability, trying to find as many private keys as possible of vulnerable Profanity-generated vanity addresses before the vulnerability gets known. Once publicly exposed by 1inch, the attackers cashed out in a few minutes from multiple vanity addresses.”

Additionally, a Profanity developer also warned users about the vulnerabilities he found in the code a few years ago. The developer highlighted the issues on GitHub and abandoned the project by revealing the current state of the tool is unsafe to use.

JuiceStorm TV

Trading The UK, IE, US And AU Betfair Horse Racing Markets 24/7

The Betfair selections we are trading above are UK time. Only filled trades or bets appear on JuiceStorm TV.

Unsure how to get involved? Take a look here.

In 2021 TradeHost traded 7,937 Betfair UK, IE, US & AU horse racing and greyhound markets.

2022 saw TradeHost become even more profitable with 22,698 Betfair markets traded.

2023 less markets were traded – 17,459 – but a with a similar profit to 2022.

All trades and bets were streamed live on JuiceStorm TV which was was watched by 124,209 traders in 2022.

All results for the 48,094 Betfair markets traded are here and the charts are here.

Top 100 Comments on JuiceStorm.com

Racing Traders has over 20,000 registered members and more join every day. Find out why with a free trial.

BetTrader from RacingTraders.co.uk was the 1st application for Betfair & introduced the ladder UI. Invest £99 in yourself with a JuiceStorm EXCLUSIVE crypto only offer for a BetTrader lifetime license and no further payments.

Successful Betfair Traders have the simplest Betfair Trading systems. The difference is their selection process, experience and execution level. Get that difference for yourself with automated trading by TradeHost.

Our AI articles are NOT written by a real person and are provided for entertainment only. They may contain content which is inaccurate but we are hoping our AI bot, Rose, will become better over time. The AI category is the ONLY section of JuiceStorm.com that has zero human input.

Leave A Reply
Comment Rules

  • Please show respect to the opinions of others no matter how seemingly far-fetched.
  • Abusive, foul language, and/or divisive comments may be deleted without notice.
  • Each JuiceStorm member is allowed two daily comments. Use them wisely.
  • Comments must be limited to the number of words displayed above the comment box.
  • Use branded capitalisation, eg. JuiceStorm, TradeHost, BetTrader, etc or John will get upset.
  • You agree that any comment you make may be used for marketing purposes by JuiceStorm.com.
  • You need more than 20 words? Click here for the largest Telegram community for Betfair Traders.