It is reported that the keys to the wallets created using the service can be calculated by brute force

1inch team warns about vulnerability in Ethereum vanity address generating tool Profanity

16.09.2022 - 13:20

122

2 min

What’s new? On September 15, representatives of decentralized exchange (DEX) aggregator 1inch warned that Ethereum accounts created with the Profanity tool are under threat. Anton Bukov, the founder and CEO of 1inch, reported on Twitter that users’ assets are at risk of loss following a hack or exploit. He urged ETH holders not to use personalized addresses created through the Profanity service. The 1inch team later recommended transferring all assets to another wallet “as soon as possible.”

1inch Blog

What is known about the vulnerability? According to a 1inch report, keys to addresses created through Profanity can be calculated by brute force. The company said that the vulnerability may have allowed hackers to “secretly” siphon millions of dollars from the wallets of generator users for years. 1inch developers are working to identify all the hacked wallets.

An anonymous developer of Profanity, registered on GitHub under the pseudonym johguse, reported that the project was “abandoned” several years ago. This happened after the team found out about “fundamental security issues in the generation of private keys.”

Ethereum uses a combination of public and private keys to generate wallet addresses, a long list of random alphanumeric characters. Those with a private key to an address can authorize the transfer of funds from one account to another. Profanity, in turn, allows users not only to create human-readable addresses but also to search through them. Experts at 1inch called Profanity’s address generation method unreliable.

In June, MetaMask and Phantom crypto wallets fixed a critical vulnerability in a browser software extension. The bug, discovered by Halborn back in September 2021, allowed hackers to extract seed phrases from users’ computers.

In September, developer Péter Szilágyi published a report on fixing the vulnerability on the Avalanche network. The problem was discovered on March 29, 2022, and threatened to completely disable the blockchain.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy