Thursday, February 22, 2024
HomeBusinessProfanity Tool Vulnerability Costs $3.3M Despite 1-Inch Warning

Profanity Tool Vulnerability Costs $3.3M Despite 1-Inch Warning

1Inch’s investigation pointed to ambiguity in the creation of virtual addresses, indicating that Profanity wallets were secretly compromised.

702 Total Views

24 Total Shares

Decentralized exchange aggregator 1inch Network has warned crypto investors after discovering a vulnerability in Ethereum (ETH) vanity address generation tool Profanity. Despite proactive warnings, it is clear that hackers were able to steal $3.3 million worth of cryptocurrency.

On September 15th, 1Inch revealed a lack of security when using Profanity to seed a 256-bit private key with a random 32-bit vector. Further investigation pointed to the ambiguity in the creation of the dummy address, suggesting that the Profanity wallet was hacked in secret. The warning comes in the form of a tweet, as shown in the image below.

— 1inch Network (@1inch) September 15, 2022

A subsequent investigation by blockchain investigator ZachXBT revealed that a successful exploitation of the flaw allowed hackers to consume $3.3 million in cryptocurrency.

0x6ae exploited $3.3 million worth of cryptocurrency from this exploit.

Interestingly, Indexed Finance Exploiter was the first address to run out of 0x6ae.

Address of attacker: 0x6AE09AC63487FCf63117A6D6FAFa894473d47b93

– ZachXBT (@zachxbt) September 17, 2022

Plus, ZachXBT helped users save over 1.2 million Dollars are in crypto and non-fungible tokens (NFTs) after alerting them about hackers who could gain access to users’ wallets. After the news came to light, many users confirmed that their funds were safe, with one user saying:

“The attack happened After 6 hours my address is still vuln, but the attacker didn’t drain me? 55k at risk lol”

However, hackers tend to attack larger wallets and then transfer to wallets of lesser value. Users with wallet addresses generated using Profanity have been advised to “transfer all assets to a different wallet ASAP!” in 1-inch increments.

While some hackers prefer the traditional method of draining user funds after illicit access to crypto wallets, others Then try new ways to trick investors into sharing their private keys.

One of the most recent innovative scams involved hacking a YouTube channel to broadcast a fabricated video of Elon Musk discussing cryptocurrencies. On September 3, the South Korean government’s YouTube channel was temporarily hacked and renamed for sharing live broadcasts of encryption-related videos.

Leaked YouTube channel ID and password is the root cause of the hack.



Please enter your comment!
Please enter your name here


Featured NEWS