The vulnerability in private keys generated by the popular Profanity vanity key generator was noted in January and has already been implicated in at least one major hack. Blockchain cybersecurity company Certik has said a vulnerable private key was attacked in the Wintermute hack. A vulnerability in private keys generated by the Profanity app was likely exploited. The vulnerability has been known since at least January. The U.K.-based algorithmic crypto market maker announced the hack on Tuesday and said over-the-counter and centralized finance operations were not affected. About $162.5 million worth of cryptocurrencies were taken. “We are solvent with twice over that amount in equity left,” Wintermute CEO Evgeny Gaevoy said in a tweet. Certik said in a blog post that the hack was due to a leaked or brute-forced private key, and not a smart contract vulnerability: “The exploiter used a privileged function with the private key leak to specify that the swap contract was the attacker controlled contract.”
The company added that a vulnerability in the popular Profanity vanity address generator was probably at fault in the hack.
Full story : Well-known vulnerability in private keys likely exploited in $160M Wintermute hack.