As another vanity wallet address joins the list of DeFi victims, hacks and exploits that could lose more than $1.6 billion by 2022 continue to plague the decentralized finance (DeFi) sector.
According to an alert published by blockchain security firm PeckShield, a hacker was found to have stolen 732 Ether (ETH) worth around $950,000 from the address generator of an Ethereum vanity wallet called Profanity. After draining the wallet, the exploiters sent the cryptocurrency to recently approved crypto mixer Tornado Cash.
#PeckShield alert $950k worth of crypto was apparently stolen from an Ethereum “void address” at 0x9731F by a tool called Profanti. The exploiter has already transferred ~732 $ETH to the mixer pic.twitter.com/QOZfnE49H4
— PeckShieldAlert (@PeckShieldAlert) September 26, 2022
Vanity addresses are crypto wallet addresses created to include words or certain characters chosen by the owner. However, as recent exploits have shown, the security of null addresses is questionable.
In early September, Decentralized Exchange (DEX) 1inch Network warned community members that their addresses are not secure if we create them using Profe. The DEX called on crypto holders with null addresses to transfer their holdings immediately. According to 1inch, the vanity address generator generated 256-bit private keys using a random 32-bit vector, which means it is insecure.
Following DEX’s warnings, ZachXBT, a blockchain researcher, discovered that exploiting a vulnerability in Profanti allowed some hackers to make off with $3.3 million worth of digital assets.
Related: White Hat: I recovered most of the stolen nomad coins and what I found was this stupid NFT.
On September 20, the UK-based crypto market maker was hit by an exploit that cost around $160 million. According to researcher Ajay Dhingra, the exploit could be due to the company’s hot wallet being compromised and exploiting a bug in the smart contract. The company’s founder and CEO, Evgeniy Gevoi, has asked the attackers to contact them because they are open to treating attacks as white hat hacking.