Profanity Tool Vulnerability Drains $3.3M Despite 1-Inch Warning
1Inch investigations highlighted ambiguity in custom address creation, suggesting Profanity wallets were secretly hacked.
New
Decentralized exchange aggregator 1inch Network has issued a warning to crypto investors after identifying a vulnerability in Profanity, an Ethereum (ETH) custom address generation tool. Despite the proactive warning, apparently the hackers managed to seize $3.3 million worth of cryptocurrencies.
On September 15, 1Inch disclosed the insecurity of using Profanity, as it used a 32-bit random vector to seed 256-bit private keys. Other investigations pointed to ambiguity in the creation of personalized addresses, suggesting that Profanity wallets were secretly hacked. The warning came in the form of a tweet, as shown below.
RUN, YOU CRAZY
⚠️ Spoiler: Your money is NOT SAFE if your wallet address was generated with the Profanity tool. Transfer all your assets to another wallet as soon as possible!
➡️ Learn more: https://t.co/oczK6tlEqG#Ethereum #crypto #vulnerability #1inch
— 1inch Network (@1inch) September 15, 2022A subsequent investigation by blockchain investigator ZachXBT showed that a successful exploit of the vulnerability allowed hackers to drain $3.3 million in crypto.
It appears $3.3 million worth of crypto was mined by 0x6ae from this vulnerability.
Interestingly, Indexed Finance Exploiter was the first address drained by 0x6ae.
Attackers address: 0x6AE09AC63487FCf63117A6D6FAFa894473d47b93 https://t.co/gnQHHytI1m pic.twitter.com/5TYccNIpdq
— ZachXBT (@zachxbt)
1Inch investigations highlighted ambiguity in custom address creation, suggesting Profanity wallets were secretly hacked.
New
Decentralized exchange aggregator 1inch Network has issued a warning to crypto investors after identifying a vulnerability in Profanity, an Ethereum (ETH) custom address generation tool. Despite the proactive warning, apparently the hackers managed to seize $3.3 million worth of cryptocurrencies.
On September 15, 1Inch disclosed the insecurity of using Profanity, as it used a 32-bit random vector to seed 256-bit private keys. Other investigations pointed to ambiguity in the creation of personalized addresses, suggesting that Profanity wallets were secretly hacked. The warning came in the form of a tweet, as shown below.
RUN, YOU CRAZY
⚠️ Spoiler: Your money is NOT SAFE if your wallet address was generated with the Profanity tool. Transfer all your assets to another wallet as soon as possible!
➡️ Learn more: https://t.co/oczK6tlEqG#Ethereum #crypto #vulnerability #1inch
— 1inch Network (@1inch) September 15, 2022A subsequent investigation by blockchain investigator ZachXBT showed that a successful exploit of the vulnerability allowed hackers to drain $3.3 million in crypto.
It appears $3.3 million worth of crypto was mined by 0x6ae from this vulnerability.
Interestingly, Indexed Finance Exploiter was the first address drained by 0x6ae.
Attackers address: 0x6AE09AC63487FCf63117A6D6FAFa894473d47b93 https://t.co/gnQHHytI1m pic.twitter.com/5TYccNIpdq
— ZachXBT (@zachxbt)What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
