Almost $1M in crypto stolen from vanity address exploit

cointelegraph.com:

Hacks and exploits continue to plague the decentralized finance (DeFi) sector as another vanity wallet address joins the roster of DeFi victims that collectively lost more than $1.6 billion in 2022. 

In an alert published by blockchain security firm PeckShield, a hacker was detected after stealing 732 Ether (ETH), around $950,000, from an address created at the Ethereum vanity wallet address generator called Profanity. After draining the wallet, the exploiters have sent the crypto to the recently sanctioned crypto mixer Tornado Cash.

#PeckShieldAlert Seems like $950k worth of crypto has been stolen by 0x9731F from Ethereum “vanity address” generated with a tool called Profanity. The exploiter already transferred ~732 $ETH into Mixer pic.twitter.com/QOZfnE49H4

Vanity addresses are customized crypto wallet addresses that are generated to include words or specific characters chosen by the owner. However, as pointed out by recent exploits, the safety of vanity addresses remains questionable.

Earlier in September, decentralized exchange (DEX) 1inch Network warned community members that their addresses were not safe if it was generated using Profanity. The DEX called out crypto holders with vanity addresses to transfer their assets immediately. According to 1inch, the vanity address generator used a random 32-bit vector to seed 256-bit private keys, which means that it lacks safety.

Following the DEX's warnings, ZachXBT, a blockchain investigator, has announced that an exploit of the vulnerability in Profanity has already allowed some hackers to get away with $3.3 million worth of digital assets. 

Related: White hat: I returned most of the stolen Nomad funds and all I got was this silly NFT

On Sept. 20, the United Kingdom-based