The wallet of the hacker labeled as the Profanity exploiter has transferred 2.5m DAI and 421 ETH to 0xc53 months after remaining dormant for three months.
The hacker got away with $950,000 worth of ethereum (ETH) on Sept.25.
A costly vulnerability
According to CertiKAlert notification on the wallet, DAI has been swapped for ETH, with funds transferred to 0x3d9. Notably, the event was the first time the Profanity exploiter has been active since September.
According to an earlier report by PeckShield, the hacker stole over 700 ethereum and mixed it with other cryptocurrencies Tornado Cash. The funds then successfully went to the attacker’s private wallet.
The hacker was successful because of a vulnerability in the vanity address generators discovered in January 2022 on GitHub. Details about the security issues with Profanity emerged in September after 1inch, a decentralized exchange, discovered the issue.
1inch noted that the vulnerability could allow an attacker to access a user’s private wallet and steal their vanity addresses. This method requires a lot of computing power to perform successfully.
Defi exploits show no signs of slowing down
According to Elliptic, the value of DeFi protocols has lost over 75% over the past 11 months. Data from the DeFi Llama platform shows that the total amount of money locked in the various DeFi protocols decreased from $166.58 billion at the beginning of the year to around $39 billion at the end of December.
Weeks after the Profanity hack, on Oct.6, hackers stole over $100 million from Binance’s BSC Token Hub. Just weeks later, Avraham Eisenberg took over the liquidity of a decentralized exchange, Mango Markets, by holding over $112 million worth of its tokens ransom.
He then forced the company to use assets in its treasury to finance bad debt taken to bail out a large investor earlier in the year.