The latest Profanity exploitation involves a $2.3 million hack of the FriesDAO

FriesDAO, a decentralized autonomous organization has had $2.3 million worth of tokens stolen by an unknown attacker. A number of breaches and attacks have occurred this month, and October is shaping up to be a rough one for cryptocurrencies.

A huge number of FRIES, the project’s governance tokens, were transferred out of the “deployer wallet” of FriesDAO and into the custody of the hacker. Using the deployer’s wallet as a channel, the criminal drained out tokens from a staking pool. 

FriesDAO informed its users of the hack by writing, “It has came to our knowledge that the refund deployer contract was attacked and managed to get FRIES tokens which were afterwards refunded for USDC and sold into the Uniswap pool.”

Last month, security experts at 1inch discovered that private keys of vanity addresses produced by Profanity could be computed by hostile hackers to steal money. After 1inch’s revelation, hackers used the weakness to steal $160 million in crypto assets from the market making business Wintermute. FriesDAO’s deployer wallet was built using Profanity, a wallet-generator program that is known to include a major flaw.

CertiK, a security company, informed The Block in a statement that the FriesDAO attack might have been averted if the team had been more vigilant and updated the deployer’s address in a timely manner. FriesDAO had also depended on Profanity to establish their deployer wallet address. Due to the weakness, the hacker retrieved the wallet’s private key to transfer cash out.

An official statement said, “This attack was avoidable, since the Profanity vulnerability has been public information for over a month. CertiK urges on any Web3 projects who have utilized the Profanity tool to immediately transfer ownership of any assets stored in impacted wallets to securely-generated addresses.”

Also Read: Thailand’s Central Bank Will Launch A CBDC Pilot But Remains Skeptical About Crypto

Disclaimer: The information provided in this article is for informational purposes only and should not be construed as financial or investment advice. Cryptocurrency investments are subject to market risks, and individuals should seek professional advice before making any investment decisions.

Comments are closed.