1inch claims potential exploit on Profanity-generated Ethereum addresses

Quick Take

  •  1inch claimed that Profanity, a vanity address generator on Ethereum, suffered a severe vulnerability.
  • The team said was able to recompute private keys of addresses generated with Profanity.

Decentralized exchange aggregator 1inch has published a security disclosure report that claims certain Ethereum addresses created via a tool called Profanity suffers from a critical vulnerability.

The Thursday report — based on 1inch's own security research — alleged this vulnerability may have allowed hackers to secretly drain tens of millions of dollars from Profanity users’ wallets over the last few years, though the team did not provide evidence of this claim. 

"It’s not a simple task, but at this point it looks like tens of millions of dollars in cryptocurrency could be stolen, if not hundreds of millions. One good thing is that proofs of hacks are available on-chain forever," 1inch said in its report.

Launched in 2017, Profanity is a tool that allows Ethereum users to generate “vanity addresses,” a type of custom wallets that contain identifiable names or numbers within them. 

According to 1inch, the private keys to these Profanity-based addresses could be calculated using brute force attacks. It advised users who generated their addresses wit