- 1inch warns the community about a new threat
- Profanity address generator contains a vulnerability
- Hundreds of users could have been affected, the exact scale of the disaster is unknown
- Experts recommend urgently transferring funds to other accounts
Yesterday, September 15, 1inch announced that hundreds of Ethereum accounts created through Profanity are at risk. The keys to these addresses can be cracked using “gchop of strength.”
Head of aggregator 1inch Anton Bukov addressed to the community with this message:
“Attention, holders of the ether! Your funds are not SAFU! Do not use personalized addresses created through the Profanity service! Check your wallets too.
The platform report says that the keys to such addresses can be picked up by “brute force”. The point is that the service uses a 32-bit vector to populate 256-bit private encoders.
Sequential expansion of the sample significantly reduces the total number of hidden keys. 1inch analysts have come to the conclusion that many of the addresses allegedly created by Profanity have already been replaced with hacked ones.
Using this exploit, hackers could covertly “pump out” funds. The exact amount of damage is unknown, but it is probably in the tens of millions of dollars.
You can view the full report at the link. The 1inch team recommends urgently transferring all funds to other accounts, as well as changing the provider of smart contracts if the address created in Profanity is involved in the chain.
Earlier, we talked about the New Free DAO protocol hack. As a result, the price of the native token of the platform fell by 99%.