Private addresses created using the Profanity private wallet address generator have received an influx. Due to the stolen altcoin tokens, a loss of 966 thousand dollars is mentioned. The latest hack follows a precedent attack targeting Ethereum vanity addresses with the Profanity tool as a common stock.
Hacker moved stolen altcoin tokens to Tornado Cash
Leading security organization PeckShield revealed this hack. The security agency has drawn the attention of the crypto community to around 732 transfers. This amount corresponds to 966 thousand dollars compared to the current cost of ETH as of press time.
The wallet address 0x9731F involved in the attack transferred the stolen funds to Tornado Cash Mixer, which is on OFAC’s blacklist. In this form, he tried to hide his trace. The hacker repeatedly transferred the funds to Tornado Cash. The attacker emptied his wallet by press time, leaving behind a balance of 0.05 ETH.
More than 3 million dollars were lost in the attack against some other private addresses created using Profanity. The current attack took place shortly after this incident. Also, last week, reports emerged of a hack that cost $3.3 million in losses. The affected addresses appear to have been created using Profanity.
Profanity tool has a security issue
Last week’s attack followed several strikes from decentralized exchange aggregator 1inch highlighting Profanity’s vulnerabilities. Following this, 1inch issued a warning on Twitter. In this context, he asked investors to transfer their funds from Profanity addresses to other places.
Compared to 1inch, Profanity uses a 32-bit vector to generate a 256-bit seed. This makes it an easy target for an influx. The hack reports, which surfaced on September 18, came three days after the 1-inch warning. The report highlights the following:
Private addresses are wallet addresses that often contain user-selected personalized phrases. Users create these addresses using a tool like Vanity-ETH and Profanity. However, it is clear that Profanity has a vulnerability issue.
One of the developers of the tool stated that he has abandoned the project. Therefore, he advised people not to use the tool, citing safety concerns. Koindeks.com As we have previously reported, the market maker Wintermute has recently been attacked. Apparently, the exploit was made possible due to a private key compromise caused by a Profanity vulnerability.