1inch Network, a decentralized exchange aggregator, had issued an alert about a vulnerability on Profanity, a generating tool for Ethereum vanity addresses. However, despite the early warning, hackers managed to walk away with $3.3 million worth of crypto assets.
Hackers steal $3.3M from Profanity
1inch Network issued the warning about Profanity’s vulnerability on September 15. In the warning, the DEX aggregator said that it was not safe to use Profanity because it used an arbitrary vector to seed 256-bit private keys.
1inch’s investigations on the tool’s safety led to the discovery of an ambiguity in the generation of vanity addresses. It showed that Profanity wallet addresses had been hacked secretly. 1inch Network had issued the alert in the form of a tweet.
“Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all your assets to a different wallet ASAP!” the tweet read.
A follow-up investigation by ZachXBT later revealed that the vulnerability revealed by 1inch had been exploited successfully. ZachXBT said that the hackers had drained $3.3 million worth of cryptocurrencies from the tool.
After the exploitation of the tool was made public, several users came out to state that their funds were safe. One of the users said that their wallet address was vulnerable to the attack and had $55,000, but the hacker had not stolen the funds.
ZachXBT also revealed that he was instrumental in helping one of the affected users save more than $1.2 million worth of cryptocurrencies and non-fungible tokens (NFTs) after alerting them of their wallet being compromised by the hacker.
It is important to note that in most cases, hackers tend to target large wallet addresses before moving to addresses that have smaller amounts. To enhance safety, 1inch has advised those with wallet addresses generated with the Profanity tool to transfer all their assets to another wallet.
Rise in crypto-related hacks
The cryptocurrency sector has grown significantly over the past year. Amid an influx in the number of new users joining the space, hackers have found an opportunity to exploit investors through scams and hacking attacks.
Most hackers use the traditional way of stealing funds from a user’s account by accessing their wallet addresses without the user’s authorization. However, some hackers take advantage of new users by fooling them into sharing sensitive information like their private keys.
One of the most popular methods hackers use to dupe investors is to hack the social media accounts of popular people in the cryptocurrency space. The recent scam involved exploiting the YouTube account used to play fake videos that showed Elon Musk promoting cryptocurrencies.
Earlier this month, the YouTube government of the South Korean government was hacked and even renamed by hackers. The attackers went ahead to share live broadcasts promoting cryptocurrencies. A post-analysis investigation on the exploit revealed that the hackers gained access to the YouTube channel through a compromised ID and password.
Related
- Where to Buy 1Inch in 2022
- How to Sell 1inch (1INCH)
- Wirex users to access wallet token swaps through the 1inch Network API
Tamadoge – Play to Earn Meme Coin
- Earn TAMA in Battles With Doge Pets
- Capped Supply of 2 Bn, Token Burn
- Presale Raised $19 Million in Two Months
- Upcoming ICO on LBank, Uniswap