Hackers withdrew about $1 million from a personalized Ethereum address

Article Reading Time:
2 minutes.

The attackers stole about $1 million fromEthereum addresses generated using the Profanity service. They used the same method used by the hackers who hacked the Wintermute market maker.

During the hack, the attackers used thisThe same vulnerability as in the recent attack on market maker Wintermute, which resulted in the theft of $160 million. According to cybersecurity company PeckShield, the hacker withdrew 732 ETH from the so-called “Vanity Address” and then transferred the funds to the Tornado Cash mixer. Note that despite sanctions from the US Treasury Department, suspicious transactions are still taking place in the mixer.

#PeckShieldAlert Seems like $950k worth ofcrypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4

— PeckShieldAlert (@PeckShieldAlert) September 26, 2022

 

"Vanity Address" is a type of cryptocurrencyaddresses that look more readable than standard addresses. That is, it is not a random set of letters, numbers and symbols, but contains real words or numbers that mean something. It is believed that such addresses are more susceptible to hacking - it is much easier for a hacker to associate the address with the victim and try to gain access to the wallet using standard methods.

GitHub users were the first to learn about the attack.It was then revealed by decentralized exchange aggregator 1Inch, which advised users to transfer their assets to another wallet as soon as possible. Shortly after the attack, Profanity developers suspended the service. The Profanity code has been left in an uncompiled state and no longer receives updates from the server, and the repository has been archived. 

Previously, the official Twitter account of the Indian crypto exchange CoinDCX was hacked and used by attackers to publish fake XRP promotions with phishing links.