Profanity tool vulnerability drains $3.3M despite 1Inch warning

cointelegraph.com:

Decentralized exchange aggregator 1inch Network issued a warning to crypto investors after identifying a vulnerability in Profanity, an Ethereum (ETH) vanity address generating tool. Despite the proactive warning, apparently, hackers were able to make away with $3.3 million worth of cryptocurrencies.

On Sept. 15, 1Inch revealed the lack of safety in using Profanity as it used a random 32-bit vector to seed 256-bit private keys. Further investigations pointed out the ambiguity in the creation of vanity addresses, suggesting that Profanity wallets were secretly hacked. The warning came in the form of a tweet, as shown below.

RUN, YOU FOOLS ⚠️ Spoiler: Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP!➡️ Read more: https://t.co/oczK6tlEqG#Ethereum #crypto #vulnerability #1inch

A subsequent investigation by blockchain investigator ZachXBT showed that a successful exploit of the vulnerability allowed hackers to drain $3.3 million in crypto.

Appears $3.3m worth of crypto has been exploited by 0x6ae from this vulnerability. Interestingly the Indexed Finance Exploiter was the first address drained by 0x6ae. Attackers address:0x6AE09AC63487FCf63117A6D6FAFa894473d47b93 https://t.co/gnQHHytI1m pic.twitter.com/5TYccNIpdq

Moreover, ZachXBT helped a user save over $1.2 million in crypto and nonfungible tokens (NFTs) after alerting them about the hacker who had access to the user’s wallet. Following the revelation, numerous users confirmed that their funds were safe, as one stated:

However, hackers tend to attack the bigger wallets before moving over to wallets with lesser value. Users owning wallet addresses generated with the Profanity tool have been