Hackers withdrew about $1 million from a personalized Ethereum address

Attackers stole about $1 million from an Ethereum address generated using the Profanity service. They used the same method used by the hackers who hacked the Wintermute market maker.

In the hack, the attackers used the same vulnerability as in the recent attack on the market maker Wintermute, which resulted in the theft of $160 million. According to cybersecurity company PeckShield, the hacker withdrew 732 ETH from the so-called “Vanity Address”, and then transferred the funds to the Tornado mixer cash. Note that despite the sanctions of the US Department of the Treasury, suspicious transactions are still being made in the mixer.

#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4

— PeckShieldAlert (@PeckShieldAlert) September 26, 2022

“Vanity Address” is a type of cryptocurrency address that looks more readable than standard addresses. That is, it is not a random set of letters, numbers and symbols, but contains real words or numbers that mean something. It is believed that such addresses are more susceptible to hacking – it is much easier for a hacker to associate the address with the victim and try to gain access to the wallet using standard methods.

GitHub users were the first to learn about the attack. It was then made public by decentralized exchange aggregator 1Inch, which advised users to transfer their assets to another wallet as soon as possible. Shortly after the attack, the Profanity developers suspended the service. The Profanity code has been left in a non-compiled state and no longer receives updates from the server, and the repository has been archived.

Earlier, the official Twitter account of the Indian crypto exchange CoinDCX was hacked and used by attackers to post fake XRP promotions with phishing links.