Vanity address exploit steals nearly $1 million in cryptocurrency
Hacks and exploits continue to afflict the decentralised finance (DeFi) sector, with another vanity wallet address joining the list of DeFi victims, who collectively lost more than $1.6 billion in 2022.
A hacker was caught after stealing 732 Ether (ETH) from an address generated by Profanity, a vanity wallet address generator.
After draining the wallet, the exploiters transferred the cryptocurrency to the recently approved cryptocurrency mixer Tornado Cash.
Profanity’s address generator seeded 256-bit private keys with a random 32-bit vector, which means it is unsafe.
A vulnerability exploit has already allowed some hackers to escape with $3.3 million in digital assets.