Vanity addresses resemble custom car license plates or other name things. With them, the user can emphasize their personality, often including things like a person's name, as well as additional desired information.
According to market analysis company Etherscan, custom Ethereum addresses created with the Profanity tool were compromised by a hacker who stole nearly $3.3 million from several ETH user addresses.
1Inch revealed Profanity vulnerabilities before the exploit
It's worth noting that decentralized exchange aggregator 1Inch, which previously offered the tool, informed the community before the hack that vanity addresses had an increased vulnerability.
Experts noted that the tool's procedure uses a 32-bit vector to generate 256-bit code, the so-called private keys. And that process was deemed insecure in the report.
Hacker cashed in stolen money after 1Inch report.
According to ZachXBT, the hacker withdrew money from the target wallet addresses immediately after the 1Inch information discovered the vulnerabilities. The hacker then transferred the stolen funds to a new Ethereum address.