Ethererum wallet vulnerability: beware of this danger!

A certain type of Ethereum wallet address has a vulnerability that allows unauthorized access. Users can lose their entire assets stored there and should therefore react as soon as possible.

Ethereum: Vulnerability in wallet addresses

The five-year-old vanity address generator Profanity has a critical vulnerability that allows unauthorized users to gain access to the private keys.

Profanity creates so- called vanity addresses of the Ethereum blockchain . These are wallet addresses, some of which have a specific appearance. This can be determined by the respective user himself.

Profanity is just one of many vanity generators for Ethereum. Similar projects also exist for countless other blockchains. Due to the speed of Profanity, however, the service enjoyed great popularity for a few years.

The existence of this vulnerability was discovered by the programmer ZachXBT after the well-known coder samczsun became aware of the unusual behavior of an address of the DEX aggregator 1inch.

The address was a vanity address created with Profanity. 1inch employees have been investigating the incident since June and recently published details of the vulnerability.

Users of vanity addresses created by Profanity should transfer their funds to a secure wallet as soon as possible. Smart contracts administered by the same addresses should change their owner.

Ether losses in the millions due to vanity addresses

Vanity addresses are used to perform faster verification or to create a certain aesthetic – similar to individual license plates on motor vehicles.

Private users already lost the equivalent of more than 3.3 million US dollars after 1inch published the bug report. Apparently, the vulnerability was known to several attackers beforehand. These used public information to hijack as many wallets as possible.

Particularly bizarre: One of those affected is already marked as a hacker on Etherscan . Until a few days ago, all of this went unnoticed by the injured users. It was only when 1inch drew public attention to the problem that the trap struck.

Attackers used public transaction signatures to determine the public key of vanity addresses. Thanks to this, you can determine the respective private key using the brute force method.

In order to accomplish this, the attackers probably need up to a few hours. The number of possible goals is enormous. Profanity is one of the most popular vanity address generators on Ethereum, as the program is significantly more time-efficient than most alternatives.

The market maker Wintermute also used a vanity address from Profanity – and it is active as the administrator of its own Ethereum Vault. A hacker gained access and completely drained the service’s smart contract .

He stole the equivalent of around 160 million US dollars in the form of more than 70 different ETH tokens . The stablecoins USDT, USDC and DAI make up a large part of the loot.

Hacker uses booty in DeFi sector

SlowMist security experts have already been able to trace the funds stolen in the Wintermute hack. Accordingly, the hacker used the sanctioned ETH mixer Tornado.Cash to cover his tracks.

He then sent the equivalent of $114 million to DEX Curve Finance’s liquidity pool to earn interest on making funds available.

Wintermute CEO Evgeny Gaevoy asked the hacker on Twitter for a voluntary return of the funds.