In the Arbitrum airdrop hack, an individual reportedly compiled vanity addresses eligible for ARB airdrops, which were then used to steal $500,000 worth of tokens from the layer-2 scaling solution airdrop on March 23.
A vanity address is a personalized cryptocurrency address that comprises unique words or phrases chosen by the user to make it more recognizable and personal. Yet, the negative involves the possibility of a security breach.
The tweet explained that the tokens were stolen by an individual who compiled vanity addresses eligible to receive ARB tokens, generated similar addresses using vanity address generators, and routed the airdropped tokens to them instead. The compromise of these vanity addresses prevents the original owners from claiming their ARB tokens.
Numerous crypto users expressed regret on Twitter after their ARB tokens were taken. The majority of affected individuals are unaware of the cause of the loss and do not know what to do about it.
Establishing a vanity address necessitates the use of specialized software or services, which may undermine the security of the user’s private key. If a hacker obtains the private key, they can take any crypto assets associated with the address.
The excitement generated by Arbitrum’s token giveaway overwhelmed several websites. Nansen claims that there are still 428 million ARB tokens available for claim.
Approximately 240,000 addresses had not yet claimed their governance tokens as of late Thursday, despite the fact that 61% of eligible crypto wallets had already done so. The 428 million unclaimed tokens, valued at approximately $596 million at the time of publication, represent 37% of the total 1.1 billion ARB allocated for Arbitrum’s airdrop.
Considering these numbers, some eligible addresses that have not yet claimed their token may be compromised.
This is not the first time that crooks in the cryptocurrency industry have compromised vanity addresses. Metamask informed crypto users about address poisoning in January.