A vulnerability in private keys generated by Profanity key generator seems to have been the door to the $160 million Wintermute hack.
in a blog post that the hack was due to a leaked or brute-forced private key, and not a smart contract vulnerability:
“The exploiter used a privileged function with the private key leak to specify that the swap contract was the attacker controlled contract.” The company added that a vulnerability in the popular Profanity vanity address generator was probably at fault in the hack.the apparent Profanity vulnerability in a Sept. 13 blogpost and subsequent warning on Twitter. 1inch users spotted the vulnerability after a suspicious airdrop took place in June. 1inch said on its blog:
“Profanity is one of the most popular tools due to its high efficiency. Sadly, that could only mean that most of the Profanity wallets were secretly hacked.”