1inch team warns about vulnerability in Ethereum vanity address generating tool Profanity
It is reported that the keys to the wallets created using the service can be calculated by brute force
16.09.2022 - 13:20
388
2 min
0
What’s new? On September 15, representatives of decentralized exchange (DEX) aggregator 1inch warned that Ethereum accounts created with the Profanity tool are under threat. Anton Bukov, the founder and CEO of 1inch, reported on Twitter that users’ assets are at risk of loss following a hack or exploit. He urged ETH holders not to use personalized addresses created through the Profanity service. The 1inch team later recommended transferring all assets to another wallet “as soon as possible.”
⚠️ Attention, Ethereans! Funds are not SAFU! Beware of using vanity addresses generated by the “profanity” tool! Moreover, check the ownership of your deployer wallets of vanity contracts. https://t.co/5D9obk2tP9— Anton Bukov 🦇🔊 ⚖️ (@k06a) September 15, 2022
What is known about the vulnerability? According to a 1inch report, keys to addresses created through Profanity can be calculated by brute force. The company said that the vulnerability may have allowed hackers to “secretly” siphon millions of dollars from the wallets of generator users for years. 1inch developers are working to identify all the hacked wallets.
An anonymous developer of Profanity, registered on GitHub under the pseudonym johguse, reported that the project was “abandoned” several years ago. This happened after the team found out about “fundamental security issues in the generation of private keys.”
Ethereum uses a combination of public and private keys to generate wallet addresses, a long list of random alphanumeric characters. Those with a private key to an address can authorize the transfer of funds from one account to another. Profanity, in turn, allows users not only to create human-readable addresses but also to search through them. Experts at 1inch called Profanity’s address generation method unreliable.
In June, MetaMask and Phantom crypto wallets fixed a critical vulnerability in a browser software extension. The bug, discovered by Halborn back in September 2021, allowed hackers to extract seed phrases from users’ computers.
In September, developer Péter Szilágyi published a report on fixing the vulnerability on the Avalanche network. The problem was discovered on March 29, 2022, and threatened to completely disable the blockchain.
Useful material?
Incidents
Scammers took advantage of the former US president’s recent announcement of a real DeFi protocol
Sep 4, 2024
Technologies
The upgrade is aimed at implementing a new decentralized project governance system
Sep 2, 2024
Incidents
The company placed $2б4 billion in bonds maturing in 2026, but their value has fallen dramatically since the entrepreneur’s arrest
Aug 30, 2024
Incidents
In both cases, depending on the outcome of the investigations, the messenger could be blocked
Aug 29, 2024
Market
The project will offer a decentralized alternative to traditional banking services
Aug 29, 2024
Trends
Within a week of its launch, the platform managed to overtake its main competitor, Pump.fun on the Solana network
Aug 28, 2024