$83,329.00
-2.20%$1,869.99
-2.21%$2.10
-5.91%$605.18
-4.11%$126.23
-3.77%$0.999976
0.02%$0.172533
-5.03%$0.676901
-3.33%$0.234078
1.43%$1,870.35
-2.04%$83,334.00
-2.08%$3.71
-7.45%$9.70
-1.06%$13.81
-3.62%$20.00
-2.45%$0.266948
-3.09%$2,242.13
-2.03%$1.001
0.10%$2.39
-6.79%$0.0000128
-3.16%$0.172597
-6.09%$86.08
-2.68%$4.12
-4.07%$6.29
-2.21%$305.58
-1.97%$0.829317
-0.15%$4.66
-3.08%$1,872.40
-1.99%$0.999559
0.07%$1.00
-0.07%$1,989.17
-2.07%$12.60
-7.32%$28.52
-1.32%$216.76
-0.58%$6.10
-4.16%$5.41
-2.42%$0.00000757
-4.11%$2.64
-5.47%$1.045
0.04%$48.86
-0.28%$36.00
-2.35%$22.67
-1.23%$0.10127
-5.00%$0.809653
-3.06%$83,425.00
-2.08%$176.87
0.59%$5.44
-4.09%$0.997673
-0.30%$16.87
-2.35%$0.805607
-6.40%$1.16
0.07%$10.09
-3.83%$0.02312405
-5.35%$232.41
-8.72%$4.46
-2.53%$0.372958
-4.65%$1.00
0.00%$3.27
-9.11%$3.62
-2.71%$2.79
-3.00%$83,124.00
-2.12%$0.20341
-4.93%$4.01
-0.25%$0.064797
-9.13%$0.186564
-7.18%$0.500193
-11.66%$0.337416
-5.57%$5.33
-0.44%$11.10
-0.81%$0.477381
-6.35%$83,339.00
-2.20%$0.795164
-5.93%$0.488279
-4.74%$1,398.57
-1.82%$1,943.99
-2.17%$0.46463
-1.63%$1,872.66
-2.09%$1.10
-1.09%$0.068804
-2.55%$131.70
-3.68%$0.572324
-2.68%$68.93
-4.70%$17.41
-4.09%$0.803276
-8.14%$0.635677
-5.86%$0.99965
0.02%$2,117.87
-2.13%$0.997666
0.00%$0.00001167
-7.28%$0.183985
-6.18%$8.96
-6.03%$1.00
0.07%$0.091242
-5.91%$0.85895
-6.22%$0.560615
-3.63%$7.83
-5.19%$0.999529
-0.03%$0.01312689
-5.02%$0.999385
0.01%$82,981.00
-2.31%$0.88993
-6.52%$3,107.85
0.87%$1.00
-0.05%$1,985.46
-2.05%$606.21
-3.94%$0.0157364
-7.09%$0.660927
-4.00%$3,100.65
0.56%$83,359.00
-1.88%$0.00000068
-0.89%$0.274123
-3.71%$2.14
-5.75%$0.175722
-6.32%$32.25
-3.64%$0.479449
-10.41%$0.99991
-0.03%$161.80
-3.40%$0.103434
-4.26%$0.38202
-4.45%$1.96
-9.19%$7.90
-4.39%$0.00006013
-6.87%$36.38
1.29%$1,950.52
-1.92%$0.01125103
-3.23%$3.01
-6.03%$0.147237
-5.94%$16.10
-4.74%$138.39
-3.45%$0.424742
-10.05%$0.99997
0.05%$0.076186
1.18%$1.75
-6.84%$0.665723
-4.08%$0.998177
-0.05%$0.999477
-0.04%$2.98
-6.17%$81,035.00
-2.16%$0.00506961
-8.50%$0.999863
-0.03%$16.62
-3.37%$0.247755
-7.53%$1.68
1.89%$0.424566
-4.38%$27.98
4.22%$6.39
-6.88%$0.477463
-13.66%$1,984.75
-2.12%$0.714488
-3.86%$0.172713
-4.71%$0.442314
-8.67%$6.67
-5.94%$1,872.00
-2.01%$0.00000043
-0.01%$83,400.00
-1.89%$0.421022
-14.98%$2.61
-5.04%$83,970.00
0.24%$0.1519
-6.55%$0.081887
-5.24%$1,872.59
-1.97%$1.08
-0.23%$0.999337
-0.06%$1,871.81
-2.11%$0.617701
-8.47%$0.401006
-1.62%$0.04197999
-4.91%$0.00002
-2.89%$1.13
-4.47%$1.096
1.28%$0.488625
-2.73%$110.49
0.02%$0.485753
-3.63%$0.00738864
-11.97%$0.00603498
-7.30%$1,950.77
-2.20%$0.00666833
-6.48%$83,308.00
-1.84%$0.204164
-4.50%$40.07
-4.83%$0.86022
-4.77%$0.371956
-7.93%$0.9991
0.01%$0.999741
-0.06%$0.995432
-0.47%$0.00403424
0.83%$82,965.00
-2.01%$1,887.32
-3.05%$0.00000165
-2.86%$0.167907
-6.38%$1,871.94
-1.89%$0.00005979
-4.30%$1.00
-0.49%$1.34
-6.31%$122.68
-1.51%$0.03181537
-6.70%$0.00944351
-5.96%$1.26
-2.39%$0.03137082
1.52%$0.24867
-3.01%$0.260142
-2.91%$1,857.05
-1.84%$0.00049826
-44.66%$3.81
0.12%$0.53748
-7.26%$2.65
-11.76%$0.665476
-2.66%$1.37
2.91%$1,873.12
-1.86%$2.90
-1.35%$83,298.00
-2.00%$0.792751
-6.48%$21.99
-4.85%$0.091492
-0.96%$82,427.00
-2.00%$0.193574
-4.03%$2,047.69
-2.12%$1.097
-2.47%$1,972.00
-2.25%$16.10
-5.46%$0.259782
-3.98%$3,083.30
0.38%$0.068232
-5.02%$0.03628997
-5.11%$0.0313156
-5.72%$2,034.33
-1.82%$0.106751
-7.22%$0.483808
-4.35%$0.117488
-0.84%$0.00321904
-5.25%$0.00232379
-7.89%$0.523602
-5.27%$0.03097712
-2.12%$1,871.40
-3.02%$0.999594
-0.02%$0.953858
-8.51%$1,676.85
-1.94%$0.00490957
-7.68%$0.664583
-4.28%$0.01135114
-5.03%$0.303328
-11.91%$20.19
-0.55%$0.529723
-2.58%$2.17
-0.51%$0.00244085
5.53%$0.999326
-0.03%$0.00239024
-6.82%$0.998445
0.23%Reading
Roughly $950,000 worth of crypto has been stolen from an Ethereum “vanity address” generated with a tool called Profanity. The exploit leveraged a similar vulnerability related to the recent $160 million attack on market maker Wintermute.
A “vanity address” is a type of crypto address that conforms to certain parameters laid out by the creator, often representing their brand or name.
Instead of the crypto address being a random, machine-generated string of numbers and letters, a vanity address would be human-generated. It’s for this reason that users on GitHub have indicated these types of addresses are more vulnerable to brute force attacks.
The hacker stole 732 Ethereum on September 25 before transferring the funds straight to the now-sanctioned crypto mixer Tornado Cash, according to the data from PeckShield.
#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4
— PeckShieldAlert (@PeckShieldAlert) September 26, 2022
Though it was GitHub’s users who first unearthed details about the attack, it was then publicized by the decentralized exchange (DEX) aggregator 1Inch Network who told users to “transfer all of your assets to a different wallet ASAP,” sharing a blog on how the exploit is likely to have worked.
In the aftermath of the attacks, the developers behind Profanity have taken steps to ensure that no one continues to use the tool.
Profanity’s code has been left in an uncompilable state by its developers, with the repository being archived. The code is not set to receive any more updates.
Wintermute CEO Evgeny Gaevoy recently admitted on Twitter that the mammoth scale attack on his company “was likely linked to the Profanity-type exploit of our DeFi trading wallet.”
Gaevoy said his company, which provides algorithmic market-making services, used “Profanity and an internal tool to generate addresses with many zeroes in front” but maintained “the reason behind this was gas optimization, not vanity.”
We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected
— wishful cynic (@EvgenyGaevoy) September 20, 2022
As of yet, no perpetrator has come forward regarding the Wintermute attack or the most recent incident, and no funds have been recovered. The market maker is threatening legal action and has offered a $16 million bounty reward for the return of the funds.
Yesterday’s exploit and Wintermute’s may also just be the tip of the iceberg.
In its blog post, 1Inch suggested that additional exploits have yet to be uncovered, adding that “1inch contributors are still trying to determine all the vanity addresses which were hacked” and that it “looks like tens of millions of dollars in cryptocurrency could be stolen, if not hundreds of millions.”
The solo miner of Bitcoin block 888,737—won last week with a $266,000 BTC reward—shared their story with Bitcoin mining hardware creator FutureBit, whose Apollo miners helped lead to the sizable score. The anonymous miner, who took home more than 3.15 BTC or around $266,000 last week between the fixed reward and transaction fees, did so with a home setup composed of three FutureBit Apollo miners and one Bitmain SK19pro, according to the shared email posted to X. “I usually have the Apollo miner...
DFZ Labs, the creators of the Ethereum NFT project Deadfellaz, will launch a new asset verification tool that allows users to connect online and offline assets without signing blind transactions or smart contract approvals. Coldlink, now in beta, enables blockchain users to connect their blockchain address to any asset in Web2, Web3, or real life without incurring the security risk of blind signing or smart contract approvals, DFZ Labs said. “To ‘Coldlink’ something is to connect any digital ass...
Scammers are using cracked versions of TradingView Premium to drain crypto wallets. The app is disguised as a “cracked” version of the real TradingView Premium app. Downloads of the malware infused versions are being distributed via Reddit and have often been found in cryptocurrency sub Reddits. Victims have reported having their entire crypto wallets emptied. They were then impersonated by the scammers, who used their details to send out phishing attempts encouraging the victims’ contacts to d...
