According to a blockchain security company called PeckShield, utilising on-chain data from EtherScan, an assault using the vanity-address generator dubbed Profanity resulted in the theft of about $950,000 in cryptocurrency.
A cryptocurrency address created by its users that has certain criteria is known as a “vanity address.” Because these addresses are human-generated rather than being a machine-generated random string of letters and numbers, they are more susceptible to brute force attacks, as GitHub users discovered earlier this year.
According to a tweet from blockchain security company PeckShield, the hackers took 732 $ETH on September 25 before transferring the funds to the US government-approved crypto mixer Tornado Cash.
The attack is similar to the recent $160 million attack on Wintermute, a cryptocurrency market maker.
On September 20, Wintermute CEO Evgeny Gaevoy tweeted that the attack was “likely linked to the Profanity-type exploit of our DeFi trading wallet.”
The hackers responsible for the Wintermute attack have yet to be identified, and no funds have been recovered. The company has offered a $16 million bounty for the funds’ return.