The Profanity Address Hack — How are Vanity Addresses Generated?
Hi friends, how was your week? Excellent, let’s keep moving.
You may have noticed that cryptocurrency wallet addresses are long strings of gibberish. There is a method behind the madness of those addresses.
Still, some individuals and companies want memorable branding for their wallet accounts. There weren’t any options to customize a wallet address when cryptocurrencies first kicked off.
In 2011, close to Bitcoin’s genesis, a tool called Vanitygen came to market. With Vanitygen, users could create a custom prefix for their Bitcoin wallet address.
Bitcoin addresses usually look like this:
‘ 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa’
And could now look like this:
‘1FirsteP5QGefi2DMPTfTL5SLmv7DivfNa’.
Good times.
In this example, the first five characters were changed after the initial ‘1’ to the word ‘First.’
Fast forward to 2022, and vanity addresses are commonplace across networks, including Ethereum.
Intro
_______________________________
Profanity is an open-source vanity address generator developed for Ethereum.
Last week, it came to light that addresses generated by Profanity were being hacked.
What we’ll explore in this article:
- why addresses generated using Profanity are vulnerable
- how Ethereum addresses are generated
- how vanity addresses are generated
- are Bitcoin addresses also at risk?
What Happened?
_______________________________
First is a synopsis of the recent discovery of Profanity’s vulnerabilities.
Earlier this year, contributors to 1inch, including one of the founders, expressed their concern here. The issue lay in the 32-bit seed of the private key.
Fast forward a few months to last week, and it’s become clear that users were having their addresses emptied.
Why are 32-bit addresses a problem? Let’s start with a brief intro to addresses.
How are Ethereum Addresses Generated?
_______________________________
Your Ethereum address is your account or wallet.
You have a public key (the one you copy and send to others to send you tokens). And you have a private key (you usually don’t see it, and it’s tucked away somewhere in your wallet software).
A private key is randomly generated when you first create a new account. From that private key, a public key is generated using a cryptographic algorithm. Another algorithm then takes that public key and spits out a hash of it. That hash is your public key.
Here’s how that looks:
This usually works quite well.
Addresses are generated randomly. The boundaries of that randomization are broad. Broad enough to not need to worry about address collisions.
The odds of collisions change a bit when we actively select an address, even if we are selecting only a few of the characters.
Vanity Addresses
_______________________________
Recall from above that a vanity address selects for a few initial characters in a cryptocurrency wallet address.
Here is an example Ethereum address:
‘0x71C7656EC7ab88b098defB751B7401B5f6d8976F’.
A vanity address version could look like this:
‘0x1234566EC7ab88b098defB751B7401B5f6d8976F’.
Here the first six characters after ‘0x’ were replaced with ‘123456’. The number of characters selected can vary. The more characters you choose, the longer it will take to generate the vanity address.
Profanity Vanity Address Generation
_______________________________
Here is how Profanity generates a vanity address for users:
1. Randomly select an initial private key out of 4 billion possibilities
2. Deterministically expand this to another private key out of 2 million possibilities.
3. Derive the public keys from the private keys
4. Increment the public keys until the desired vanity address is found
Step 4 keeps generating addresses until it finds one that has as its prefix the one you selected.
The Vulnerability
_______________________________
The problem with Profanity lies in step 1 from above. Profanity used a 32-bit vector to seed the 256-bit private key.
That is the issue the 1inch contributors identified and raised the alarm about. As they estimated, a 32-bit string can be brute-forced in a few months by a GPU farm with thousands of GPUs.
That’s trivial by cryptographic standards. You wouldn’t feel very safe about holding money in a wallet that is almost assured of being hacked within a few months.
Hackers could use their GPUs to continuously generate 32-bit strings until they discover the seed used to generate the private key for a wallet. Not good.
Even worse, the 1inch contributors realized it would be possible to generate the private key deterministically. They coded a script that could do it in the same amount of time it would take for Profanity to do its work generating the vanity address from the seed.
Here is the process taken by their script:
1. Get a public key for a vanity address.
2. Expand it deterministically to 1 in 2 million possibilities.
3. Decrement that key until it reaches the seed public key (the 32-bit vector)
Now you have the seed for the private key associated with the public key for the vanity address.
The Profanity GitHub repo is still up. Please don’t use it.
Here is an alternative vanity address generator for Ethereum. This is not a recommendation to use it.
Bitcoin Vanity Address Implications
_______________________________
As mentioned, Bitcoin vanity addresses have been around since 2011 through Vanitygen. Are they safe?
They should be. Here is the process:
1. A private key is generated at random
2. The public key is derived from the private key
3. Repeatedly generate Bitcoin addresses until one is found that matches the address you selected
The starting point here is not a 32-bit seed. Trying to brute force the private key would take a very long time.
Vanity addresses in this process are just as secure and identical to other randomly generated Bitcoin addresses.
Step 3 needs quite a bit of computing power. How much depends on how many characters you select.
For example, if the vanity part is two characters, it takes < 1 millisecond of search time to find the address. Twelve characters would take 2.5 million years.
Each character increases the difficulty by a factor of 58 since characters follow a Base58 alphabet.
Given the compute required, Bitcoin miners that are no longer competitive can be re-purposed for vanity address search. There are pools that dedicate their mining power to finding vanity addresses for you for a small fee.
Never a dull day in our wonderful world of Crypto/Web3, eh?
Thank you for reading. A quick message below
Newsletter
_______________________________
I produce market and developer-related content from across our beloved ecosystem.
This article is an example of a feature article from my free weekly newsletter. There you’ll also find exclusive content, so be sure to signup!
Your email won’t be used for anything else (I don’t even look at them).
_______________________________
Also be sure to follow me on Twitter for threads and other important content from across the space.
https://twitter.com/TheCryptoClimax
Until next time, from your premier Crypto/Web3 publication.
Max — TheCryptoClimax
New to trading? Try crypto trading bots or copy trading
