Roughly $950,000 in crypto was stolen in an attack using a vanity-address generator called Profanity, according to a blockchain security firm PeckShield, citing on-chain data from EtherScan.
A “vanity address” is a cryptocurrency address with defined parameters created by the users of the address. These addresses are more vulnerable to brute force attacks because they’re human-generated, instead of being a random string of letters and numbers created by a machine, something that GitHub users discovered earlier this year.
The hackers took 732 $ETH on Sep. 25 before moving the funds to the U.S. government sanctioned crypto mixer Tornado Cash, according to a tweet from blockchain security company PeckShield.
The attack resembles a recent $160 million attack on Wintermute, a crypto market maker.
Wintermute chief executive Evgeny Gaevoy tweeted on Sept. 20 that the attack on Wintermute was “likely linked to the Profanity-type exploit of our DeFi trading wallet.”
The hackers behind the Wintermute attack have yet to be identified, and none of the stolen funds have been recovered. The company has offered a $16 million bounty reward for the return of the funds.
In a blog post from Sep. 15 by decentralized exchange aggregator 1Inch Network, the authors state that additional exploits, similar to the one Sunday and Wintermute’s last week, have yet to be uncovered. 1Inch Network told users to “transfer all of your assets to a different wallet ASAP,” in the post highlighting how these exploits happen.