Back to blog
Date: September 21st 2022
Published on: Global News, Investigation
Crypto AML, Crypto investigation, Hack,
Last week, hackers exploited a vulnerability in the vanity address generator Profanity and stole over $3 million in ETH and various ERC20 tokens.
Profanity is a tool that can generate vanity crypto addresses on the Ethereum blockchain. On September 15, 1inch decentralized exchange (DEX) alerted that Ethereum addresses created with Profanity can be exploited due to a vulnerability in the private keys generated by the tool.
As reported on September 17 by ZachXBT on Twitter, hackers drained funds from several addresses created through Profanity for a total of $3.3 million.
This vulnerability in the Profanity tool is also likely the cause of Wintermute’s hot wallet compromise, which resulted in the loss of $160 million.
When users create cryptocurrency addresses, they are randomly generated. However, some tools allow users to create addresses that look less randomized. With such tools, users can include a recognizable suffix or a prefix in the address, for instance.
The address reported as Profanity exploiter is 0x6ae09ac63487fcf63117a6d6fafa894473d47b93 and has been active since September 15, 2022. It received funds from 14 addresses, including the Indexed Finance exploit address 0xba5ed1488be60ba2facc6b66c6d6f0befba22ebe.
In total, the hackers drained over $3.3 million across several cryptocurrencies in 30 transactions. The details of the stolen funds are as follows:
On September 15, the hackers performed several DEX swaps with the stolen assets to obfuscate the trail of funds. They used Uniswap to swap:
However, the majority of funds remained at address 0x6ae09 until September 20. The hackers had only sent WOO and UMA tokens to 0xda0da0da0da0a77740bb62c5c9d45423533d0ce2 and then to Gnosis Safe and an unknown wallet 0x815e7d1530b0493747e07c4813e6c177fb916878.
Then, on September 20, we were notified that the hackers started making more DEX swaps through Scorechain’s alert system.
Indeed, the hackers traded the following assets for DAI:
For now, the Profanity Exploiter address has a current balance of around $3.1 million and holds 2 558 622,283 DAI, 421,487 ETH, and 4,107 LOOKS.
The Profanity exploit is yet another one in the long list of hacks and exploits targeting crypto wallets since the start of 2022. In the most common hack cases, we often see stolen funds reach various entities such as crypto exchanges, mixers, and illicit platforms as part of the laundering process. It is, therefore, crucial for crypto businesses to screen their transactions against high-risk activities, including hacks and exploits, to avoid unnecessary exposure and ensure compliance with AML/CFT regulations.
Discover how Scorechain’s blockchain analytics helps companies easily strengthen their crypto compliance policies. Request a free demo now.
Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped over 200 customers in 45 countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.
Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, Tezos, Tron with TRC10 and TRC20 tokens, and BSC with BEP20 tokens. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. In addition, 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.