Funds are spendable by public keys and addresses contain public key hashes. Vanity addresses are created by hashing lots of public keys until the hash is in an expected range. What you mentioned is an example of a burn address, not a vanity address. Burn addresses are crafted by manually editing the public key hash with a specific the corresponding address in mind. Burn addresses do have corresponding public key(s), but since we it is impossible to find the public key from the public key hash, burn addresses cannot spend their funds. They are similar to addresses whose owners mistakenly deleted their wallets, where the funds are in a locked state.
The last digits of burn addresses is random is because addresses also contain a checksum which is the hash of everything else encoded in the address.