A vanity address vulnerability causes US$1 million worth of ETH hack

Published on:

  • The hacker was able to transfer 732 ETH valued at $950000
  • Professionals believe that there is a link between this blockchain security breach and the recent Wintermute hack experienced just mere weeks prior
  • 2022 has seen its fair share of crypto hacks, most recently occurring within the Ethereum network

Crypto hacks over the years have been a constant plague on the crypto ecosystem. There is a steady rate of the continuous evolution of Decentralized finance and the crypto and metaverse ecosystem. As a result, hackers continue to bypass average blockchain security daily.

This issue has caused some of the most significant losses within the crypto ecosystem. Crypto hacks forced some crypto exchange platforms, such as Mt Gox, to shut down, a fate many companies avoid. 2022 has seen its fair share of crypto hacks, most recently occurring within the Ethereum network.

An Unknown assailant hacked due to a vanity address vulnerability might want to understand what a vanity address is and why it has caused such damages over the past month.

What is a Vanity Address

To understand a vanity address vulnerability, you must first know what a vanity address is. Essentially they are personalized addresses created based on various parameters predefined by their user. The key concept behind vanity addresses is to increase the identifiability of a lesson without revealing any vital information.

Also, Read Yellow Card, Africa’s exchange platform, secures US$40 million in Series B funding.

Decentralized Finance wallets generate and create standard addresses by randomly ordering a series of alphanumeric characters without no particular sequence or meaning. A vanity address adds a touch of order into the mix, allowing users to remember their address easily.

How are Vanity Addresses generated?

The process used within the Ethereum network to generate a vanity address is the same as any other address. A private key is generated from which the Ethereum blockchain can derive the public key, standard blockchain security procedure. If the public key meets the vanity pattern desired thus, the creation of a custom address.

The primary reasoning behind vanity addresses is to make them human-generated. Contrary to the set of random machine-generated strings of numbers and letters. Although it is easier for the users to control and handle, it brings a fundamental flaw. A vanity address vulnerability exploited by hackers who intend to profit from decentralized finance.

Crypto Hack on the Ethereum Network.

The concept behind the vanity address gained a lot of popularity. Hence multiple cryptocurrency platforms have incorporated it into their system. This is, however, not the best of options since crypto hacks have been able to bypass blockchain security via such addresses.

crypto hack
Hacker was able to access 732 ETH worth $950,000.[Photo/NewsBTC]
In an alert published by PeckShield on September 25th, 2022, the Ethereum Network experienced a crypto hack. The hacker was able to transfer 732 ETH valued at $950000 at the time of writing. A vanity address vulnerability essentially aided this breach by using the Profanity tool. It is effective software that allows a user to scan the contents of a network and its various users to acquire vital information such as addresses.

After the attack, on-chain data estimated that the hacker shifted the stolen funds to the OFAC sanction crypto mixing tumbler, Tornado Cash. This brings about various issues.

Tornado is an open-source, fully decentralized tumbler that potentially mixes identifiable or ‘tainted’ crypto coins with others. This obscures or completely erases the trail of the cashback to the fund’s source. Once funds enter the Tornado ecosystem, tracing them is almost next to impossible.

Professionals believe that there is a link between this blockchain security breach and the recent Wintermute hack experienced just mere weeks prior.

There were a few reports and posts by 1inch, who first discovered the vanity address vulnerability within the Profanity tool. They tried to warn various companies using it, but most have yet to take action.

In the aftermath of the attack, developers of the Profanity tool have taken the necessary steps to shut down and restrict the use of their product. This prevents further damage to the decentralized finance ecosystem.

Final Remarks

At the time of writing, Ethereum has yet to make an official statement concerning the crypto hack, but we can make some assumptions. It is safe to estimate that the Ethereum Network will swiftly reimburse those affected by this loss. Its recent Ethereum Merge and the current rise in prices might shed some light.

As a result, the prominent crypto company desired to keep this decentralized finance incident under wraps. Getting hacked after a successful launch does not paint a good picture of their blockchain security. Despite this, their response time was adequate compared to Wintermute, which lost at least $160 million worth of crypto tokens.

Will the Ethereum Network address this brazen crypto hack, and how will it boost its blockchain security to prevent a similar scenario?

Also, Read The Dai Token: a decentralized stablecoin that rivals Tether.

Newsletter

Related

Ken Mutuku
Ken Mutuku
Your Guide to the Future of Tech, Web3, and Digital Storytelling. With a keen eye for detail and a knack for concise communication, Ken Mutuku is your go-to professional for decoding the next wave of technological evolution. Whether through captivating videos, insightful articles, or engaging presentations, he masterfully crafts messages that deeply resonate with his audience, setting him apart in the digital landscape.