1inch Network Reveals Vulnerability In Profanity-Based Wallets

HomeCrypto wallets
Share this article
Subscribe for weekly updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
The blog post reads: “Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP! Moreover, if you used Profanity to get a vanity smart contract address, make sure to change the owners of that smart contract.”

A security report compiled by 1inch Network claimed that an exploit in Profanity-based wallet addresses could allow hackers to calculate the wallets' private keys.

Vanity address generators allow users to generate custom Ethereum wallet addresses, with Vanity being “one of the most popular and highly efficient” of such tools.

However, at the beginning of the year, some community members realized that Profanity uses a 32-bit private key generator, which could allow hackers with access to high-end hardware to calculate the keys using brute force attacks. 

Additionally, while investigating an event where five wallets claimed the same airdrop in June, 1inch contributors noticed that it was possible to recover all private keys generated using Profanity. Due to this vulnerability, 1inch expects that a significant number of Profanity based vanity addresses may have been secretly compromised.

The decentralized exchange, thus, warned users to transfer all their assets on Profanity-based vanity addresses to other wallets.

A contributor stated, 

“It seems that 1 GPU can do 7 symbols for 1 sec, this means 1000 GPUs can brute force all the 7-symbol vanity addresses in 50 days.”

The developer of Profanity also acknowledged the flaw in the tool and stated they had abandoned Profanity’s development a long time ago. Moreover, they updated the GitHub page today to leave the code in an “uncompilable state” to prevent users from accessing the flawed tool.

We’re glad you read to this point!

Every week, we publish an email newsletter highlighting all the juicy stories we covered in the crypto space, bringing all the major happenings to your doorstep.

So, if you want to have top stories delivered to your email inbox every week, subscribe to our newsletter!

Written by
Ayush Pande
The blog post reads: “Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP! Moreover, if you used Profanity to get a vanity smart contract address, make sure to change the owners of that smart contract.”

A security report compiled by 1inch Network claimed that an exploit in Profanity-based wallet addresses could allow hackers to calculate the wallets' private keys.

Vanity address generators allow users to generate custom Ethereum wallet addresses, with Vanity being “one of the most popular and highly efficient” of such tools.

However, at the beginning of the year, some community members realized that Profanity uses a 32-bit private key generator, which could allow hackers with access to high-end hardware to calculate the keys using brute force attacks. 

Additionally, while investigating an event where five wallets claimed the same airdrop in June, 1inch contributors noticed that it was possible to recover all private keys generated using Profanity. Due to this vulnerability, 1inch expects that a significant number of Profanity based vanity addresses may have been secretly compromised.

The decentralized exchange, thus, warned users to transfer all their assets on Profanity-based vanity addresses to other wallets.

A contributor stated, 

“It seems that 1 GPU can do 7 symbols for 1 sec, this means 1000 GPUs can brute force all the 7-symbol vanity addresses in 50 days.”

The developer of Profanity also acknowledged the flaw in the tool and stated they had abandoned Profanity’s development a long time ago. Moreover, they updated the GitHub page today to leave the code in an “uncompilable state” to prevent users from accessing the flawed tool.

We’re glad you read to this point!

Every week, we publish an email newsletter highlighting all the juicy stories we covered in the crypto space, bringing all the major happenings to your doorstep.

So, if you want to have top stories delivered to your email inbox every week, subscribe to our newsletter!

Written by
Ayush Pande