Arbitrum airdrop: Hacked vanity addresses used to siphon $500K
Hacked vanity addresses have reportedly been used to steal $500,000 worth of tokens from the March 23 airdrop of the layer-2 scaling solution Arbitrum.
A vanity address is a customized cryptocurrency address that contains specific words or phrases chosen by the user, with the aim of making them more personal and easily identifiable. However, the disadvantage includes the security risk of a possible hack.
The tweet explained that the tokens were stolen by someone who compiled vanity addresses that were eligible to receive ARB tokens, generated similar addresses using vanity address generators and directed the airdropped tokens to them instead. The hacking of these vanity addresses makes it impossible for the original owners to claim their ARB tokens.
Several crypto users have expressed sadness as they tweeted about their stolen ARB tokens. The majority of individuals affected are unaware of the reason behind the loss and have no idea what to do about it.
Creating a vanity address requires using special software or services that could potentially compromise the security of users’ private key. If a hacker gains access to the private key, they could steal any crypto assets tied to that address.
Related: Arbitrum airdrop sells off at listing, but traders remain bullish on ARB
Arbitrum’s token giveaway caused a lot of excitement and overwhelmed several websites. However, according to Nansen, there are still 428 million ARB tokens available to claim. As of late Thursday, around 240,000 addresses had not yet claimed their governance tokens, even though 61% of eligible crypto wallets had already done so. The 428 million unclaimed tokens, worth nearly $596 million at press time, represent 37% of the total 1.1 billion ARB allocated for Arbitrum’s airdrop.
Considering these figures, certain eligible addresses that haven’t been able to claim their token could be in the category of hacked addresses.
This isn’t the first time vanity addresses have been compromised by scammers in the crypto space. In January, Metamask warned crypto users about address poisoning.
Magazine: Features ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide