{"id":494016,"date":"2022-09-18T14:15:00","date_gmt":"2022-09-18T11:15:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/profanity-tool-vulnerability-drains-3-3m-despite-1inch-warning\/"},"modified":"2022-09-18T14:15:00","modified_gmt":"2022-09-18T11:15:00","slug":"profanity-tool-vulnerability-drains-3-3m-despite-1inch-warning","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/profanity-tool-vulnerability-drains-3-3m-despite-1inch-warning\/","title":{"rendered":"# Profanity tool vulnerability drains $3.3M despite 1Inch warning"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2e3ff82a5db\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2e3ff82a5db\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/profanity-tool-vulnerability-drains-3-3m-despite-1inch-warning\/#%E2%80%9D_Profanity_tool_vulnerability_drains_33M_despite_1Inch_warning_%E2%80%9C\" >&#8221; Profanity tool vulnerability drains $3.3M despite 1Inch warning &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Profanity_tool_vulnerability_drains_33M_despite_1Inch_warning_%E2%80%9C\"><\/span>&#8221; Profanity tool vulnerability drains $3.3M despite 1Inch warning &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDkvNzI0NzA4ZjQtMzZkOC00ZmY2LWEwMjQtYzRhYmVjM2I3ZmM0LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-6ebd806f>Decentralized exchange aggregator 1inch Network issued a warning to crypto investors after identifying a vulnerability in Profanity, an Ethereum (ETH) vanity address generating tool. Despite the proactive warning, <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>arently, hackers were able to make away with $3.3 million worth of cryptocurrencies.<\/p>\n<p>On Sept. 15, 1Inch revealed the lack of safety in using Profanity as it used a random 32-bit vector to seed 256-bit private keys. Further investigations pointed out the ambiguity in the creation of vanity addresses, suggesting that Profanity wallets were secretly hacked. The warning came in the form of a tweet, as shown below.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"> RUN, YOU FOOLS <\/p>\n<p>\u26a0\ufe0f Spoiler: Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP!<\/p>\n<p>\u27a1\ufe0f Read more: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/oczK6tlEqG\">https:\/\/t.co\/oczK6tlEqG<\/a><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/Ethereum?src=hash&amp;ref_src=twsrc%5Etfw\">#Ethereum<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/crypto?src=hash&amp;ref_src=twsrc%5Etfw\">#crypto<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/vulnerability?src=hash&amp;ref_src=twsrc%5Etfw\">#vulnerability<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/1inch?src=hash&amp;ref_src=twsrc%5Etfw\">#1inch<\/a><\/p>\n<p>\u2014 1inch Network (@1inch) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/1inch\/status\/1570291260002373633?ref_src=twsrc%5Etfw\">September 15, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nA subsequent investigation by blockchain investigator ZachXBT showed that a successful exploit of the vulnerability allowed hackers to drain $3.3 million in crypto.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Appears $3.3m worth of crypto has been exploited by 0x6ae from this vulnerability. <\/p>\n<p>Interestingly the Indexed Finance Exploiter was the first address drained by 0x6ae. <\/p>\n<p>Attackers address:<br \/>0x6AE09AC63487FCf63117A6D6FAFa894473d47b93 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/gnQHHytI1m\">https:\/\/t.co\/gnQHHytI1m<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/5TYccNIpdq\">pic.twitter.com\/5TYccNIpdq<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/zachxbt\/status\/1570927217840132097?ref_src=twsrc%5Etfw\">September 17, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Moreover, ZachXBT helped a user save over $1.2 million in crypto and nonfungible tokens (NFTs) after alerting them about the hacker who had access to the user\u2019s wallet. Following the revelation, numerous users confirmed that their funds were safe, as one <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/YannickCrypto\/status\/1570941815574102016\">stated<\/a>:<\/p>\n<blockquote><p>\u201cWtf 6h after the attack my addresses was still vuln but the attacker didnt drained me? had 55k at risk lol\u201d<\/p><\/blockquote>\n<p>However, hackers tend to attack the bigger wallets before moving over to wallets with lesser value. Users owning wallet addresses generated with the Profanity tool have been advised to \u201cTransfer all of your assets to a different wallet ASAP!\u201d by 1Inch.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Law enforcement recovers $30 million from Ronin Bridge hack with the help of Chainalysis<\/em><\/strong><\/p>\n<p>While some hackers prefer the traditional method of draining users\u2019 funds after illegally accessing the crypto wallets, others try out new ways to fool investors into sharing their private keys.<\/p>\n<p>One of the recent innovative scams involved the hacking of a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">YouTube<\/a> channel for playing fabricated videos of Elon Musk discussing cryptocurrencies. On Sept. 3, the South Korean government\u2019s YouTube channel was momentarily hacked and renamed for sharing live broadcasts of crypto-related videos. <\/p>\n<p>The compromised ID and password of the YouTube channel were identified as the root cause of the hack.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/profanity-tool-vulnerability-drains-3-3m-despite-1inch-warning\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Profanity tool vulnerability drains $3.3M despite 1Inch warning &#8220; Decentralized exchange aggregator 1inch Network issued a warning to crypto investors after identifying a vulnerability in Profanity, an Ethereum (ETH) vanity address generating tool. Despite the proactive warning, apparently, hackers were able to make away with $3.3 million worth of cryptocurrencies. On Sept. 15, 1Inch&#8230;<\/p>\n","protected":false},"author":1,"featured_media":494017,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDkvNzI0NzA4ZjQtMzZkOC00ZmY2LWEwMjQtYzRhYmVjM2I3ZmM0LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74894,74891,74882,74879,70944],"class_list":["post-494016","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-blockchain","tag-ethereum","tag-hacks","tag-wallet","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/494016","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=494016"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/494016\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/494017"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=494016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=494016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=494016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}