Hackers have managed to steal $500,000 worth of tokens from the Layer 2 scaling solution from the Arbitrum airdrop on March 23. The theft was carried out through the use of vanity addresses, personalized cryptocurrency addresses that contain specific words or phrases chosen by the user to make them more personal and identifiable. While custom addresses offer a level of personalization and identification, their security is questionable, as they can compromise the security of users’ private keys.
The hacker compiled custom addresses that were eligible to receive ARB tokens and generated similar addresses using custom address generators. This allowed them to redirect airdropped tokens to their own addresses, making it impossible for the original owners to claim their ARB tokens. Several crypto users have expressed sadness over their stolen ARB tokens, with many unaware of the reason for the loss and have no idea what to do about it.
Creating a custom address requires the use of special software or services that could compromise the security of users’ private keys. Hackers who gain access to the private key could steal any crypto assets tied to that address. This is not the first time scammers have compromised vanity addresses in the crypto space. In January, MetaMask warned cryptocurrency users about address poisoning.
The Arbitrum token giveaway caused a lot of excitement and overwhelmed several websites. However, according to blockchain analytics platform Nansen, there are still 428 million ARB tokens available to claim. As of Thursday, March 22, around 240,000 addresses had yet to claim governance tokens, although 61% of eligible crypto wallets had already done so. The 428 million unclaimed tokens, worth nearly $596 million at press time, represent 37% of the total 1.1 billion ARB allocated for the Arbitrum airdrop.
It is important to note that using custom addresses to claim crypto assets is not a secure practice. Personalized addresses require the use of special software or services that can compromise the security of users’ private keys, making them vulnerable to hackers. Therefore, cryptocurrency users should be careful when using custom addresses and prioritize the security of their private keys.