CVE-2022-40769 Information

Description

profanity through 1.60 has only four billion possible RNG initializations. Thus attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency as exploited in the wild in June 2022.

Reference

https://github.com/johguse/profanity/issues/61 https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c https://github.com/johguse/profanity