A hacker has stolen $950,000 in ether from a crypto wallet via the same vanity address exploit linked to an attack on trading firm Wintermute last week.
The hacker stole 732 ETH on Sept. 25 and sent it directly to the sanctioned cryptocurrency mixing service Tornado Cash, according to PeckShield citing on-chain data. Here it will have been mixed with other cryptocurrency and withdrawn to the hacker’s own wallet.
The exploit was made possible due to the recent vanity address weakness that was picked up on GitHub in January but only made widely known by DEX aggregator 1inch on Sept. 15. A vanity address is a cryptocurrency address designed in a certain way, often to feature a pattern or word in the address, similar to a custom license plate on a car.
Many vanity addresses were created through a tool called Profanity. Yet 1inch highlighted that its method of creating such addresses made them easier to breach through a brute force attack. While this would require a lot of computing power, it might be offset by the amount of cryptocurrency in the wallet.
A number of smaller hacks have taken place so far. Earlier this month, $3.3 million was drained from multiple Ethereum addresses that had used Profanity. On Sept. 20, crypto market making firm Wintermute said it had been hacked for $160 million — later acknowledging it was likely due to this exact issue.