Just a week after the Wintermute hit, $950,000 worth of Ether was stolen from a crypto wallet using the vanity address exploit again. On-chain data shows that the hacker then transferred the funds to the Tornado Cash service, where it was mixed with other crypto funds and sent to the hacker’s wallet.
Hackers Continue Exploiting Bugs in Profanity-generated Vanity Addresses
Blockchain security company PeckShield reported that a hacker has stolen $950,000 worth of Ether (ETH) from a crypto wallet. The funds were looted using the same vanity address exploit that was used in the $160 million hack on Wintermute last week.
According to PeckShield, the hacker stole 732 ETH on Sunday from a crypto wallet and used the sanctioned Tornado Cash to mix it with other funds. The funds were then withdrawn to the hacker’s own crypto wallet.
It appears that the hacker has exploited the vanity address generated with a tool known as Profanity. A vanity address refers to a crypto address that contains certain patterns or words, making them more personal and identifiable.
“Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer”
– @PeckShieldAlert said in a tweet
A large number of vanity addresses were generated via Profanity, and those created that way are easier to breach through a brute force attack, according to decentralized exchange (DEX) 1inch. Such an attempt would require significant computing power, however, it depends on the number of crypto funds kept in the wallet, says 1inch.
Crypto Woes Worsen as DeFi Exploits Persist
The new vanity address exploit comes just a week after hackers stole $160 million from the crypto asset algorithmic market maker Wintermute. The attack was aimed at Wintermute’s decentralized finance (DeFi) operations, the firm’s CEO Evgeny Gaevoy said in a tweet.
The Wintermute hack was also made possible due to a bug in Profanity. In this case, the attacker exploited a Profanity-generated address that started with several zeroes.
Just like in 2021, the crypto space has witnessed numerous hacks and exploits this year as hackers continue to exploit DeFi weaknesses. However, this time the timing is much worse as the ongoing ‘crypto winter’ continues to take its toll on prices, pushing investors away from risk assets.
This article originally appeared on The Tokenist
Sponsored: Tips for Investing
A financial advisor can help you understand the advantages and disadvantages of investment properties. Finding a qualified financial advisor doesn’t have to be hard. SmartAsset’s free tool matches you with up to three financial advisors who serve your area, and you can interview your advisor matches at no cost to decide which one is right for you. If you’re ready to find an advisor who can help you achieve your financial goals, get started now.
Investing in real estate can diversify your portfolio. But expanding your horizons may add additional costs. If you’re an investor looking to minimize expenses, consider checking out online brokerages. They often offer low investment fees, helping you maximize your profit.
Source: Read Full Article