Profanity continues the damage – Not long ago, the 1inch teams revealed a major flaw in the Profanity tool. A warning that will not have prevented hackers from stealing millions of dollars in cryptocurrencies .
PROFANITY: THE TOOL BEHIND THE FLAW
On September 15, the 1inch protocol teams published a blog post exposing a massive flaw .
This flaw impacts the Profanity tool . In practice, this tool makes it possible to generate personalized addresses, also called vanity addresses . For example, the address 0x00000000000000000000000000000000000dEaD is a vanity address.
Hacker |
However, a flaw has been detected in the method of generating these addresses allowing the private keys of certain addresses to be regenerated.
Unfortunately, this warning was not enough to solve the problem. Indeed, only 5 days after the publication of the paper, this flaw began to claim its first victims.
Thus, the Wintermute market making platform was hacked to the tune of $160 million . In fact, the platform had a hot wallet whose address had been generated by Profanity.
Via its various communications, Wintermute explained that it had used this type of address to optimize the use of gas (transaction costs). An optimization that will have proven to be extremely costly.
At the same time, the Indexed Finance hacker was also the target of an attack on his Vanity address. As a result, an attacker managed to steal $3.3 million from him . He was probably the first to have been the victim of this type of attack.
Subsequently, this same attacker stole over an additional 1,200 ETH ($1.6 million) from a dozen other vanity addresses.
ANOTHER $950,000 STOLEN
Obviously, the Wintermute hacker was not the only one to take advantage of the flaw. Thus, on September 26, Peckshield , the company specializing in blockchain security, warned of a new attack.
In practice, the attacker stole $950,000 in cryptocurrency from an address generated using the Profanity tool.
“It appears that $950,000 in cryptocurrency was stolen by 0x9731F from an “Ethereum vanity address” generated with a tool called Profanity. The exploiter has already transferred ~732 $ETH to a mixer. »
Peckshield announces a new attack via the Profanity flaw - Source: Twitter. |
So, after realizing his larceny, the attacker quickly transferred his funds to the Tornado Cash protocol to cover his tracks.
There are many attack vectors in the crypto ecosystem. Most of the time, these are introduced by third-party tools. This is how around forty trading platforms found themselves at risk after using a JavaScript library. These attacks can create systemic risks, highlighted in our recent series on cyber insecurity .
Cryptocurrencies make central banks tremble? Leave them to their emotions! Instead, come and seek solid returns for your cryptocurrencies with AscendEX Earn.
Add Comments