Decentralized exchange aggregator 1inch Network issued an alert to crypto investors after identifying a vulnerability in Profanity, an Ethereum (ETH) vanity address generating tool. Regardless of the positive warning, apparently, online hackers could make away with $3.3 million price of cryptocurrencies.
On Sept. 15, 1Inch revealed the possible lack of safety in making use of Profanity because it used an arbitrary 32-bit vector to seed 256-bit private keys. Further investigations stated the ambiguity in the development of vanity addresses, suggesting that Profanity wallets were secretly hacked. The warning came by means of a tweet, as proven below.
RUN, YOU FOOLS
⚠️ Spoiler: Your hard earned money isn’t SAFU in case your wallet address was generated using the Profanity tool. Transfer all your assets to a new wallet As soon as possible!
➡️ Find out more: https://t.co/oczK6tlEqG#Ethereum #crypto #vulnerability #1inch
— 1inch Network (@1inch) September 15, 2022
A subsequent analysis by blockchain investigator ZachXBT demonstrated that the effective exploit from the vulnerability permitted online hackers to empty $3.3 million in crypto.
Seems $3.3m price of crypto continues to be exploited by 0x6ae out of this vulnerability.
Interestingly the Indexed Finance Exploiter was the very first address drained by 0x6ae.
Attackers address:
0x6AE09AC63487FCf63117A6D6FAFa894473d47b93 https://t.co/gnQHHytI1m pic.twitter.com/5TYccNIpdq— ZachXBT (@zachxbt) September 17, 2022
Furthermore, ZachXBT helped a person save over $1.two million in crypto and nonfungible tokens (NFTs) after alerting them concerning the hacker who’d accessibility user’s wallet. Following a thought, numerous users confirmed their funds were safe, as you mentioned:
“Wtf 6h following the attack my addresses was still being vuln however the attacker didnt drained me? had 55k in danger lol”
However, online hackers have a tendency to attack the larger wallets before moving to wallets with lesser value. Users owning wallet addresses generated using the Profanity tool happen to be advised to “Transfer all your assets to a new wallet As soon as possible!” by 1Inch.
Related: Police force recovers $$ 30 million from Ronin Bridge hack with the aid of Chainalysis
Although some online hackers like the traditional approach to draining users’ funds after unlawfully being able to access the crypto wallets, others check out new methods to fool investors into discussing their private keys.
Among the recent innovative scams involved the hacking of the YouTube funnel for enjoying fabricated videos of Elon Musk discussing cryptocurrencies. On Sept. 3, the South Korean government’s YouTube funnel was momentarily hacked and renamed for discussing live broadcasts of crypto-related videos.
The compromised ID and password from the YouTube funnel were recognized as the main reason for the hack.