enes

Back to blog

Profanity tool exploit: $3+ million drained

By:

loading

SCORECHAIN

Date: September 21st 2022

Published on: Global News, Investigation

Tags:

Crypto AML, Crypto investigation, Hack,

Profanity tool exploit: $3+ million drained

Last week, hackers exploited a vulnerability in the vanity address generator Profanity and stole over $3 million in ETH and various ERC20 tokens.

Profanity vulnerability exploit leads to $3.3 million in losses

Profanity is a tool that can generate vanity crypto addresses on the Ethereum blockchain. On September 15, 1inch decentralized exchange (DEX) alerted that Ethereum addresses created with Profanity can be exploited due to a vulnerability in the private keys generated by the tool.

Source: https://twitter.com/1inch/status/1570291260002373633 

As reported on September 17 by ZachXBT on Twitter, hackers drained funds from several addresses created through Profanity for a total of $3.3 million.

Source: https://twitter.com/zachxbt/status/1570927217840132097

This vulnerability in the Profanity tool is also likely the cause of Wintermute’s hot wallet compromise, which resulted in the loss of $160 million.

What is a vanity address?

When users create cryptocurrency addresses, they are randomly generated. However, some tools allow users to create addresses that look less randomized. With such tools, users can include a recognizable suffix or a prefix in the address, for instance.

Profanity exploit track: hackers’ address receives funds from Indexed Finance hack

The address reported as Profanity exploiter is 0x6ae09ac63487fcf63117a6d6fafa894473d47b93 and has been active since September 15, 2022. It received funds from 14 addresses, including the Indexed Finance exploit address 0xba5ed1488be60ba2facc6b66c6d6f0befba22ebe.

In total, the hackers drained over $3.3 million across several cryptocurrencies in 30 transactions. The details of the stolen funds are as follows:

  • 754 1INCH worth $483;
  • 7,500.475 AAVE worth $628,259;
  • 188,407.748 BAT worth $61,712;
  • 5,712.005 COMP worth $343,215;
  • 1,377.881 ETH worth $1,844,520;
  • 4.107 LOOKS worth less than $1;
  • 1,168,507.424 REN worth $141,069;
  • 45,434.812 SNX worth $123,730;
  • 7,844.028 UMA worth $20,550;
  • 33,398.612 USDC worth $33,399;
  • 128,903.144 USDT worth $128,904; and
  • 2,440.74 WOO worth $362.

On September 15, the hackers performed several DEX swaps with the stolen assets to obfuscate the trail of funds. They used Uniswap to swap: 

  • USDC and USDT for DAI;
  • 1inch tokens for ETH;
  • Some ETH for MKR and;
  • BAT for ETH.

However, the majority of funds remained at address 0x6ae09 until September 20. The hackers had only sent WOO and UMA tokens to 0xda0da0da0da0a77740bb62c5c9d45423533d0ce2 and then to Gnosis Safe and an unknown wallet 0x815e7d1530b0493747e07c4813e6c177fb916878.

Then, on September 20, we were notified that the hackers started making more DEX swaps through Scorechain’s alert system.

Indeed, the hackers traded the following assets for DAI:

  • 5,712.005 COMP;
  • 7,500.475 AAVE;
  • 1,168,507.418 REN;
  • 45,434.813 SNX;
  • 317.764 MKR; and
  • 842,10 ETH.

For now, the Profanity Exploiter address has a current balance of around $3.1 million and holds 2 558 622,283 DAI, 421,487 ETH, and 4,107 LOOKS.

Protecting your business from high-risk exposure

The Profanity exploit is yet another one in the long list of hacks and exploits targeting crypto wallets since the start of 2022. In the most common hack cases, we often see stolen funds reach various entities such as crypto exchanges, mixers, and illicit platforms as part of the laundering process. It is, therefore, crucial for crypto businesses to screen their transactions against high-risk activities, including hacks and exploits, to avoid unnecessary exposure and ensure compliance with AML/CFT regulations.

Discover how Scorechain’s blockchain analytics helps companies easily strengthen their crypto compliance policies. Request a free demo now.

Request a free demo

About Scorechain

Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped over 200 customers in 45 countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.

Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, Tezos, Tron with TRC10 and TRC20 tokens, and BSC with BEP20 tokens. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. In addition, 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.