1inch warns community about new threat
Profanity address generator contains a vulnerability
Hundreds of users could have been affected, the exact extent of the disaster is unknown
Experts recommend urgently transferring funds to other accounts
Yesterday, September 15, 1inch announced that hundreds of Ethereum accounts created through Profanity are at risk. The keys to these addresses could be hacked using “brute force”.
Head of aggregator 1inch Anton Bukov addressed the community with this message:
“Attention, ether holders! Your funds are not SAFU! Do not use personalised addresses, created through Profanity service! Check your wallets as well.”
The platform’s report states that keys to such addresses can be picked up “by brute force”. The fact is that the service uses a 32-bit vector to populate 256-bit private encoders.
Consistent expansion of the sample significantly reduces the total number of hidden keys. Analysts at 1inch concluded that many of the addresses allegedly created by Profanity had already been replaced with compromised ones.
Using this exploit, hackers could secretly “siphon off” funds for several years. The exact amount of damage is unknown, but we are probably talking about tens of millions of dollars.
See the full report here. The 1inch team recommends that all funds be transferred to other accounts as a matter of urgency, and that the smart contract provider be changed if the chain involves an address created in Profanity.
Read last post about hackers – KyberSwap hacked.