Profanity tool exploit drains $3.3 million despite 1 inch warning

The 1-inch decentralized exchange aggregator network has issued a warning to crypto investors after identifying a vulnerability in the profanity language, Ethereum (ETHVanity title generation tool. Despite a preemptive warning, it seems that the hackers managed to make $3.3 million in cryptocurrency.

On September 15, 1Inch revealed the lack of security in the use of profanity because it used a 32-bit random vector to seed 256-bit private keys. Additional investigations pointed to ambiguities in the creation of the vanity addresses, suggesting that the profanity wallets were secretly hacked. The warning came in the form of a tweet, as shown below.

A subsequent investigation by blockchain investigator ZachXBT revealed that the successful exploit of the vulnerability allowed hackers to drain $3.3 million in cryptocurrency.

Moreover, ZachXBT has helped the user save more than $1.2 million in cryptocurrency and Non-Foldable Tokens (NFTs) After alerting them about the hacker who has access to the user’s wallet. After the revelation, many users confirmed that their money was safe as one advertiser:

“wtf 6 hours after the attack my addresses were still open but the attacker didn’t drain me? 55k at risk lol”

However, hackers tend to attack larger wallets before moving on to wallets of lower value. Users who own wallet addresses generated with the profanity tool are advised to “move all your assets to a different wallet ASAP!” by 1 inch.

Related: Law enforcement recovers $30 million from Ronin Bridge hack with the help of Chainalysis

While some hackers prefer the traditional method of draining users’ funds after illegal access to crypto wallets, others are experimenting with new ways to trick investors into sharing their private keys.

One recent innovative scam involved hacking a file YouTube channel for playing fake Elon Musk videos Discussing cryptocurrencies. On September 3, the South Korean government’s YouTube channel was hacked and renamed to share live streams of crypto-related videos.

The hacked YouTube channel ID and password have been identified as the root cause of the hack.