Arbitrum airdrop: Hacked vanity addresses used to siphon $500K

Ethereum

Hacked vanity addresses have reportedly been used to steal $500,000 worth of tokens from layer-2 scaling solution Arbitrum’s March 23 airdrop.

A vanity address is a customized cryptocurrency address containing specific words or phrases chosen by the user, aiming to make them more personal and easily identifiable. However, the safety of vanity addresses is questionable.

The tweet explained that the tokens were stolen by someone who compiled vanity addresses that were eligible to receive ARB tokens, then generated similar addresses using vanity address generators, directing the airdropped tokens to them instead. The hacking of these vanity addresses makes it impossible for the original owners to claim their ARB tokens.

Several crypto users have expressed sadness as they tweeted about their stolen ARB tokens. Most individuals affected are unaware of the reason behind the loss and have no idea what to do about it.

Creating a vanity address requires using special software or services that could potentially compromise the security of users’ private keys. Hackers who gain access to the private key could steal any crypto assets tied to that address.

Related: Arbitrum airdrop sells off at listing, but traders remain bullish on ARB

Arbitrum’s token giveaway caused a lot of excitement and overwhelmed several websites. However, according to the blockchain analytics platform Nansen, 428 million ARB tokens are still available to claim. As of late Thursday, March 22, around 240,000 addresses had not yet claimed governance tokens, even though 61% of eligible crypto wallets had already done so. The 428 million unclaimed tokens, worth nearly $596 million as of publication time, represent 37% of the total 1.1 billion ARB allocated for Arbitrum’s airdrop.

Considering these figures, certain eligible addresses that haven’t been able to claim their token could be in the category of hacked addresses.

This isn’t the first time scammers have compromised vanity addresses in the crypto space. In January, MetaMask warned crypto users about address poisoning.

Magazine: Features ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide