Posted on July 20, 2017 at 5:50 PM
Paritys Vulnerability the Cause of $30 Million Theft
Over 153,000 Ether has been stolen by an unknown hacker, making a damage worth over $30 million dollars. The hacker used a vulnerability in an Ethereum wallet to complete the hack.
Apparently, a flaw in the Parity Ethereum client is what made the hack possible. This let the hacker pull funds out of multi-sig wallets that were created with versions of Parity 1.5 and later. The 1.5 version’s release date was January 19th, 2017.
What multi-sig wallets are is Ethereum accounts that allow multiple people to control their accounts with their own keys. The only time owners are allowed to move their funds is when a majority of them sign a transaction with their key.
As soon as the attack happened, which was between 7 pm and 8 pm UTC, Parity spotted it. Parity is a company which founder is Gavin Wood, also the founder of Ethereum. He issued a security alert on the company’s blog.
The Ethereum wallet where the stolen Ether is currently stored holds 153,017.021336727 Ether. But what also happened is that a group of whitehats used the same vulnerability that made the steal possible to transfer the res to the funds in order to transfer them to a secure account. The wallet that holds the Ether transferred by the whitehats holds 377,116.819319439311671493 Ether, which is over $76 million.
According to people on Reddit and in Gitter chat, The White Hat Group, as they call themselves, is consisting of security researchers and members of the Ethereum Project who took it upon themselves to secure the Ether found in the vulnerable wallets.
Developers at Parity have stated that they are doing whatever they can to patch all multi-sig Parity clients. The owners of the multi-sig wallets that have not yet been broken into are strongly advised to move their funds to a secure account. The trading price for Ethereum was around $230 before the hack took place. Since then, the price has dropped around 14 percent to the price of around $200.
There are people claiming to have found the exact code that caused this security breach to happen.
This wasn’t the first time this week for the Ether to be stolen from people’s accounts. Just this Monday, a hacker managed to get away with $7 million worth of Ether when he took over CoinDash’s website and changed the Ethereum address while the company’s ICO was starting.
At the beginning of the month, Bithumb was hacked, with an unknown amount of BitCoin and Ethereum being stolen. Bithumb is the fourth biggest cryptocurrency in the world.
Last year, another unknown hacker stole over $50 million worth of Ether from DAO which was the largest Ethereum hack known to date. The hack was so damaging that the Ethereum team had to fork the blockchain in order to reverse the hacker’s actions.