Vanity Gone Rogue: The Rise of Exploits Targeting Custom Blockchain Addresses

Daniel Liebau, Affiliate Faculty Member Singapore Management University and Roland Schwinn, Adviser
Author: Daniel Liebau, Affiliate Faculty Member Singapore Management University and Roland Schwinn, Adviser
Date Published: 19 April 2024

How is a new blockchain address generated? An individual provides a private key, a string only they are familiar with, and a hashing algorithm does the rest. It creates a public key as a derivative from the private key. A distinct feature of the algorithm is that it uses randomness in the creation process. This randomness is critical as it ensures nobody else can guess the private key from the public key. In contrast, generating a public key with pre-specified properties, such as a distinct sequence of characters (like MOON), should be challenging. And we like it this way. Randomness means security! Well, that's the theory. But in practice, freeware tools are available designed to help you do exactly that – create so-called vanity addresses.

For example, Vanity-ETH’s website states: “Vanity-ETH is an open-source tool that uses your web browser to generate Ethereum vanity addresses. Enter a short prefix and suffix of your choice and click Generate to start.” Wait, but how does that work? Further down, the website states: “Your browser will generate lots of random addresses until it finds one that matches your input. Once an address is found, you can choose to reveal the private key or click the Save button to download a password-encrypted keystore file.” Isn't this nice; now we can create addresses that look cool and are easier to memorize. It’s like requesting a specific number plate for our new car. But rogue actors can also figure out how to try to fool or even defraud regular users, which is what the remainder of this blog post will explore.

Exploring a Scenario

It is early 2024. BTC rose over 100% last year. The Decentralized Finance (DeFi) ecosystem is gaining momentum again. Airdrops, free tokens distributed by issuers, drop into users’ wallets across all kinds of ecosystems. An active DeFi user is busy wiring funds across different Ethereum wallets when she notices a new transaction in her wallet software that makes little sense to her. She intuitively checks the first seven characters of the sending address and immediately recognizes it. To be sure, she also confirms the last five characters of that wallet address, and they match her expectations.

All should be well – the address looks like one of her wallets. But did she really create this transaction? The transaction amount makes no sense; only a tiny fraction of ETH, so-called dust, is sent into her main wallet. After reviewing more details on etherscan.io, she established that the sending address in question was not hers. How so? It does look like hers; at least, the first five and seven last characters do. By looking at the entire address, she realizes that the characters eight to thirty-seven are entirely different to hers. The first seven and last five characters are precisely what Metamask shows its users, not what's in between. Maybe this was not a coincidence, but some rogue actor aimed to confuse her, knowing what she would see in her wallet software.

The Vanity Address Attack (VAA)

The Vanity Address Attack, or VAA, is an automation to confuse regular blockchain users.

An attacker can generate seemingly similar addresses automatically, similar to Vanity-ETH, but by using a bot. Beyond that, he can also automate spotting actors currently submitting transactions to the blockchain for processing just by looking at the blockchain's mempool. The mempool is a buffer that blockchains use to queue transactions before they store them immutably in the ledger later.

Identifying prey and presenting them with something familiar-looking, like an address with identical first five and last seven characters, can be done in seconds, assuming enough computing power is available. Once the attacker identifies a target user, they send a tiny amount of ETH to the prey’s wallet, and the associated transaction shows on top of the user’s transaction history. All that needs to happen next is, out of carelessness, a user copies the vanity address to execute their next transaction, not noticing that they are about to send a potentially large amount to a wallet she does not own.

Key Takeaway
We could not find a name for this type of attack, so we can now call it the Vanity Address Attack (VAA). Blockchain users today cannot rely on only checking the sequence of initial characters and the few last ones when submitting blockchain transactions. One is better off checking the entire address; this would lower the risks of attackers trying to confuse and eventually defraud users who only superficially check their addresses when transacting.

Additional resources