Ethereum Multisig Breach Continues Wreaking Havoc
News broke yesterday of a massive breach of the Ethereum system, allowing hackers to steal more than 83,000 ETH (~$18 mln) from three major multisig wallets and deposit them into a single wallet.
As previously reported by Cointelegraph, the breach was stopped by an alert white hat hacker group who immediately drained a substantial number of other vulnerable wallets, protecting over $85 million worth of ETH.
Multisig Vulnerability
The hacker exploited a little known flaw in the Parity software suite affecting the multisig wallet contract.
The hacker was able to send two transactions to each of the contracts and drain the entire contents.
The first transaction, called an initWallet, was used to cause all public functions from the library to be callable by anyone using delegatecall, including initWallet, which then allowed the hacker to change the owner of the contract.
The hackers then made their address the only owner, and required only one confirmation to execute any transaction. Finally, they were able to simply send a transaction to a wallet owned exclusively by them, and drain the entire contents of the wallet.
The hack could have been prevented simply by not using the ‘delegatecall' function to allow for all library functions to be invoked externally on the wallet.
ETH price is still a bit sluggish as a result of these hacks. I think ETH would be $300 right now if it wasn't for that. Check out my latest BTC forecast :) https://steemit.com/bitcoin/@hotsauceislethal/bitcoin-price-forecast-7-21-17