Saturday, February 24, 2024

1inch discovers severe vulnerability in Ethereum vanity address, funds not safe.

1inch, a decentralized exchange aggregator, claims to have discovered a severe vulnerability in Ethereum vanity address generating tool Profanity. This may put millions of dollars in user money at the risk of a hack or exploit.

Anton Bukov, the CEO and founder of 1inch tweeted a warning that funds are not safe. He urged users to beware of using vanity addresses generated by the profanity tool. Bukov also advised users to check the ownership of their deployer wallets of vanity contracts.

The 1inch blog post explained that addresses usually look randomized, but the more addresses one generates, the higher the chances are for one to find any prefix, suffix, or middle part. There are tools available that allow users to generate millions of addresses per second – one such tool is Profanity. Some users earlier in the year noticed that Profanity used a random 32-bit vector to seed 256-bit private keys and suspected that it could be unsafe. Profanity works by randomly selecting 1 of 4 bln seed private keys, expanding it deterministically to 2 mln private keys, deriving public keys from the private keys, and repeatedly incrementing them until they reach the desired vanity address.

Initially, users thought it was possible to recompute all the vanity addresses by reseeding all 4 bln initial vectors. They said it would have required thousands of GPUs and months of time to recalculate all the 6 to 7-character vanity addresses. 1inch said private keys to addresses generated on Profanity could be calculated using brute force attacks. It added that the vulnerability may have allowed hackers to secretly siphon millions of dollars from Profanity users’ wallets for years.

Cryptured Team
Cryptured Team
The writers team at Cryptured.com is composed of passionate and experienced journalists who cover the latest developments in the crypto and blockchain space. They aim to provide accurate, unbiased and easy-to-understand news and information for their readers, as well as insights and analysis from industry experts. The writers team is always on the lookout for new and exciting stories that can help the general public learn more about the potential and challenges of these technologies.
RELATED ARTICLES

Most Popular