Hacked vanity addresses loot $500k as controversies surround Arbitrum airdrop

According to recent on-chain data, hacked vanity addresses were used in looting $500K worth of tokens. The looting occurred during the layer-2 scaling solution Arbitrum airdrop scheduled on March 23.

Someone who generated a list of vanity addresses that were eligible for ARB airdrops was the one who stole the tokens.

The tweet explained that the tokens had been stolen by an individual who had first compiled a list of vanity addresses qualified to receive ARB tokens. He then managed to generate similar addresses using vanity address generators. Finally, it directed the airdropped tokens to the newly developed addresses instead. Since these vanity addresses were hacked, the original owners of the ARB tokens will no longer be able to claim them.

Several cryptocurrency users have taken to Twitter to express their dismay following the theft of their ARB tokens. Most of those impacted need to be more knowledgeable regarding the cause of the loss and have no idea how to respond appropriately.

Arbitrum airdrop

The token giveaway hosted by Arbitrum generated a lot of buzzes and swamped several other websites. Even with this, the blockchain analytics tool Nansen reports that there are a total of 428 million ARB tokens that still need to be claimed. 

Although 61% of eligible crypto wallets had already claimed governance tokens as of late March 22, around 240,000 addresses still needed to do so.

The 428 million unclaimed tokens represent 37% of the 1.1 billion ARB allotted for Arbitrum’s airdrop. As of the time of writing, the value of these tokens was close to $596 million. Some eligible addresses without claiming their tokens are part of the hacked addresses category.

What are vanity addresses?

This is not the first time fraudsters have used hacked vanity addresses in cryptocurrencies. Users of MetaMask were sent a warning concerning address poisoning in January.

A vanity address is a unique crypto address incorporating a user’s chosen phrase or word. Cryptocurrency addresses with a vanity prefix are more memorable and easy to remember. On the other hand, the security of vanity addresses is a matter of debate.

To generate a vanity address, users must use specialized software or services, which introduces a possible vulnerability in the users’ private critical security. Cybercriminals who acquire access to the private key might steal any cryptographic assets linked to that address.