Hacker Uses Parity Wallet Vulnerability to Steal $30 Million Worth of Ethereum

in #ethereum7 years ago

An unknown hacker has used a vulnerability in an Ethereum wallet client to steal over 153,000 Ether, worth over $30 million dollars.

The hack was possible due to a flaw in the Parity Ethereum client. The vulnerability allowed the hacker to exfiltrate funds from multi-sig wallets created with Parity clients 1.5 and later. Parity 1.5 was released on January 19, 2017.

Multi-sig wallets are Ethereum accounts over which multiple persons have control with their own keys. Multi-sig accounts allow owners to move funds only when a majority of owners sign a transaction with their key.

White-hats have also drained multi-sig accounts
The attack took place around 19:00-20:00 UTC and was immediately spotted by Parity, a company founded by Gavin Wood, Ethereum's founder. The company issued a security alert on its blog.

The Ether stolen from Parity multi-sig accounts was transferred into this Ethereum wallet, currently holding 153,017.021336727 Ether.

HackerWallet.png

According to messages posted on Reddit and in a Gitter chat, The White Hat Group appears to be formed of security researchers and members of the Ethereum Project that have taken it into their own hands to secure funds in vulnerable wallets.

Based on a message the group posted online, they plan to return the funds they took. Their wallet currently holds 377,116.819319439311671493 Ether, which is over $76 million.

Parity working on a fix
Parity developers said they are working on a fix to patch all multi-sig Parity clients.

Users who still hold funds in multi-sig wallets created with a Parity 1.5+ client that have not been mysteriously drained by now should move funds to a secure single-user wallet.

Ethereum was trading at around $230 just before the hack. After the hack, the price dropped and is currently trading at around $200, a 14% drop.

Various cryptocurrency experts commenting online believe this is the file that holds the vulnerable code exploited by the attacker.

Not the first time (this week)
Earlier this week, a hacker made off with over $7 million worth of Ethereum after taking over the website of the CoinDash platform and replacing an Ethereum address during the company's ICO.

At the start of the month, Bithumb, the fourth largest cryptocurrency exchange in the world was hacked. Attackers stole an unknown amount of Bitcoin and Ethereum.

Also at the start of the month, a n unknown attacker has gained control over the web domain of Classic Ether Wallet, a client-side wallet system for the Ethereum Classic (ETC) cryptocurrency. He used his control over the site to log user credentials, which he later used to siphon Ethereum from victims' wallets.

Last year, another unknown hacker stole over $50 million worth of Ether from DAO in the largest Ethereum hack known to date. The hack was so damaging that the Ethereum team had to fork the blockchain in order to reverse the hacker's actions.

Sort:  

Congratulations @kanak! You have received a personal award!

1 Year on Steemit
Click on the badge to view your Board of Honor.

Do not miss the last post from @steemitboard!


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @kanak! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!

Coin Marketplace

STEEM 0.19
TRX 0.17
JST 0.031
BTC 84134.59
ETH 3240.44
USDT 1.00
SBD 2.80