Ethereum: hackers continue to feast thanks to the fatal flaw Profanity

Profanity continues the damage – Not long ago, the 1inch teams revealed a major flaw in the Profanity tool. A warning that will not have prevented hackers from stealing millions of dollars in cryptocurrencies.

>> Looking for bold returns for your cryptos? Register on AscendEX (commercial link) <<

Profanity: the tool behind the flaw

On September 15, the protocol teams 1inch published a blog post revealing a major flaw.

This flaw impacts the tool Profanity. In practice, this tool makes it possible to generate personalized addresses, also called vanity addresses. For example, the address 0x00000000000000000000000000000000000dEaD is a vanity address.

However, a flaw has been detected in the method of generating these addresses allowing the private keys of certain addresses to be regenerated.

Unfortunately, this warning was not enough to solve the problem. Indeed, only 5 days after the publication of the paper, this flaw began to claim its first victims. begin

Thus, the market making platform Wintermute was hacked to the tune of $160 million. In fact, the platform had a hot wallet whose address had been generated by Profanity.

Through its various communications, Wintermute explained that it had used this type of address to optimize the use of gas (transaction fees). An optimization that will have proven to be extremely costly.

At the same time, the Indexed Finance hacker was also the target of an attack on his Vanity address. Therefore, an attacker managed to steal $3.3 million from him. He was probably the first to have been the victim of this type of attack.

Subsequently, this same attacker stole more than Additional 1,200 ETH ($1.6 million) from a dozen other vanity addresses.

Another $950,000 stolen

Obviously, the Wintermute hacker was not the only one to take advantage of the flaw. Thus, on September 26, peck shield the company specializing in blockchain security, has warned of a new attack.

In practice, the attacker stole $950,000 in cryptocurrency from an address generated using the Profanity tool.

“It appears that $950,000 in cryptocurrency was stolen by 0x9731F from an “Ethereum vanity address” generated with a tool called Profanity. The exploiter has already transferred ~732 $ETH to a mixer. »

Peckshield announces a new attack via the Profanity flaw – Source: Twitter.

So, after realizing his larceny, the attacker quickly transferred his funds to the protocol Tornado Cash to cover the tracks.

There are many attack vectors in the crypto ecosystem. Most of the time, these are introduced by third-party tools. This is how around forty trading platforms found themselves at risk after using a JavaScript library. These attacks can create systemic risks, highlighted in our recent series on cyber insecurity.

Cryptocurrencies make central banks tremble? Leave them to their emotions! Instead, come and seek solid returns for your cryptocurrencies with AscendEX Earn. Join AscendEX today (commercial link).

John R. Zepeda

I have extensive experience working as a content writer in the areas of cryptocurrencies and finance, where I create interesting pieces that both inform and engage their audiences.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button