1inch team warns about vulnerability in Ethereum vanity address generating tool Profanity
It is reported that the keys to the wallets created using the service can be calculated by brute force
16.09.2022 - 13:20
326
2 min
0
What’s new? On September 15, representatives of decentralized exchange (DEX) aggregator 1inch warned that Ethereum accounts created with the Profanity tool are under threat. Anton Bukov, the founder and CEO of 1inch, reported on Twitter that users’ assets are at risk of loss following a hack or exploit. He urged ETH holders not to use personalized addresses created through the Profanity service. The 1inch team later recommended transferring all assets to another wallet “as soon as possible.”
⚠️ Attention, Ethereans! Funds are not SAFU! Beware of using vanity addresses generated by the “profanity” tool! Moreover, check the ownership of your deployer wallets of vanity contracts. https://t.co/5D9obk2tP9— Anton Bukov 🦇🔊 ⚖️ (@k06a) September 15, 2022
What is known about the vulnerability? According to a 1inch report, keys to addresses created through Profanity can be calculated by brute force. The company said that the vulnerability may have allowed hackers to “secretly” siphon millions of dollars from the wallets of generator users for years. 1inch developers are working to identify all the hacked wallets.
An anonymous developer of Profanity, registered on GitHub under the pseudonym johguse, reported that the project was “abandoned” several years ago. This happened after the team found out about “fundamental security issues in the generation of private keys.”
Ethereum uses a combination of public and private keys to generate wallet addresses, a long list of random alphanumeric characters. Those with a private key to an address can authorize the transfer of funds from one account to another. Profanity, in turn, allows users not only to create human-readable addresses but also to search through them. Experts at 1inch called Profanity’s address generation method unreliable.
In June, MetaMask and Phantom crypto wallets fixed a critical vulnerability in a browser software extension. The bug, discovered by Halborn back in September 2021, allowed hackers to extract seed phrases from users’ computers.
In September, developer Péter Szilágyi published a report on fixing the vulnerability on the Avalanche network. The problem was discovered on March 29, 2022, and threatened to completely disable the blockchain.
Useful material?
Market
Funds can be seized by law enforcers due to links to illegal activity
Apr 26, 2024
Market
Tether Finance division will be responsible for the issuance and redemption of USDT stablecoins
Apr 18, 2024
Trends
The first project introduced on the platform will be BounceBit (BB)
Apr 18, 2024
Business
The rate exchange of the native ACH token reacted with a 10% increase
Apr 18, 2024
Market
Miners are hunting for the first block after halving as the value of the first satoshi could exceed $1 million
Apr 18, 2024
Market
The platform will be non-custodial and accessible to everyone
Apr 15, 2024