Hackers have managed to steal $500,000 worth of tokens from layer-2 scaling solution Arbitrum’s March 23 airdrop. The theft was carried out through the use of vanity addresses, customized cryptocurrency addresses that contain specific words or phrases chosen by the user to make them more personal and identifiable. While vanity addresses offer a level of personalization and identification, their safety is questionable, as they can compromise the security of users’ private keys.
The hacker compiled vanity addresses that were eligible to receive ARB tokens and generated similar addresses using vanity address generators. This allowed them to redirect the airdropped tokens to their own addresses, making it impossible for the original owners to claim their ARB tokens. Several crypto users have expressed sadness about their stolen ARB tokens, with many being unaware of the reason behind the loss and having no idea what to do about it.
Creating a vanity address requires using special software or services that could potentially compromise the security of users’ private keys. Hackers who gain access to the private key could steal any crypto assets tied to that address. This is not the first time scammers have compromised vanity addresses in the crypto space. In January, MetaMask warned crypto users about address poisoning.
Arbitrum’s token giveaway caused a lot of excitement and overwhelmed several websites. However, according to the blockchain analytics platform Nansen, 428 million ARB tokens are still available to claim. As of late Thursday, March 22, around 240,000 addresses had not yet claimed governance tokens, even though 61% of eligible crypto wallets had already done so. The 428 million unclaimed tokens, worth nearly $596 million as of publication time, represent 37% of the total 1.1 billion ARB allocated for Arbitrum’s airdrop.
It is important to note that the use of vanity addresses to claim crypto assets is not a secure practice. Vanity addresses require the use of special software or services that can compromise the security of users’ private keys, making them vulnerable to hackers. Therefore, crypto users should exercise caution when using vanity addresses and prioritize the security of their private keys.