Hacked vanity addresses have reportedly been used to steal $500,000 worth of tokens from layer 2 scaling solution Arbitrum’s March 23 airdrop.
A vanity address is a custom encrypted currency address that contains specific words or phrases chosen by the user, designed to make them more personal and recognizable. However, the security of vanity addresses is questionable.
The tweet explained that the tokens were stolen by someone who compiled vanity addresses eligible to receive ARB tokens and then used a vanity address generator to generate similar addresses directing the airdropped tokens to them. Hacking of these vanity addresses made it impossible for the original owners to claim their ARB tokens.
Some cryptocurrency users tweeted their grief over the stolen ARB tokens. Most of those affected are unaware of the reasons behind the loss and do not know what to do about it. Creating a personalized address requires the use of special software or services that may compromise the security of the user's private key. A hacker who gains access to a private key can steal any crypto assets associated with that address.
Arbitrum’s token giveaway caused quite a stir and flooded several websites. However, there are still 428 million ARB tokens available to claim, according to blockchain analytics platform Nansen. As of late Thursday, March 22, roughly 240,000 addresses had yet to claim governance tokens, despite 61% of eligible crypto wallets having done so. As of publication, the 428 million unclaimed tokens are worth nearly $596 million, or 37% of the total 1.1 billion ARB allocated to the Arbitrum airdrop.
Given these numbers, some eligible addresses that were unable to claim their tokens may fall into the category of hacked addresses.
This isn't the first time scammers have compromised vanity addresses in the crypto space. In January, MetaMask warned cryptocurrency users of address poisoning.
