The hacker delivered 732 ETH, totaling about $950,000, to the authorized Tornado Cash mixer. Another wallet address that lost over $1.6B has been added to the list of victims of decentralized finance (DeFi).
The hacker was discovered after stealing 732 Ether (about $950,000) from an account created using Profanity’s Ethereum toilet wallet address generator, blockchain security firm PeckShield said in an alert. After emptying the wallet, the attackers transferred the cryptocurrency to Tornado Cash, a newly authorized cryptocurrency mixer. A vanity address is a cryptocurrency wallet address chosen by the owner using a combination of words or characters. However, recent breaches show that there are still concerns about the security of virtual addresses.
Should You Be Alarmed?
The 1inch Decentralized Exchange (DEX) aggregation network warned community members in early September that blasphemy is unsafe. DEX requires cryptocurrency holders with virtual addresses to transfer their assets immediately. 1inch compliant virtual address generators are not secure because they generate the 256-bit private key with a 32-bit random vector.
After the DEX aggregator sounded the alarm, blockchain researcher ZachXBT revealed that some hackers obtained $3.3M worth of digital assets through a Profanity bug.
On September 20, an exploit cost the UK-based bitcoin market creator $160M. Ajay Dhingra, a researcher, speculates that the vulnerability may have resulted from the firm’s hot wallet being hijacked and used to manipulate a smart contract flaw. Evgeny Gaevoy, the CEO and founder of the firm, asked the attackers to get in touch with him if they were interested in using the hole as a white hat hack.