Bug in Ethereum Wallet Parity: Crypto money worth 26 million euros stolen

Because of a fugitive error in the public code of the Parity Technologies Wallet software, which the developers did not discover on a monthly basis, users lost more than 26 million euros. A startup was made easier by 7.8 million euros.

Parity Technologies warns of a programming error that can cost users of the popular Ethereum Wallets of the company a lot of money. The error was noticeable because strangers had abused him to make it easier for different users of the wallets to pay a total of 150,000 ETHs (current value: 26.8 million euros). In addition, a further 377,000 ETH (67.4 million euros) were in danger, which were brought to safety by a group of "White Hats". White Hats are called in the hacker-jargon members of the hacker community, who use their skill for good purposes.

Tiny error, catastrophic effect
The bug is in a built-in multisig contract of the wallet software. Because of a flag that is not set, details of the SmartContract are public, which should remain secret (see point C6 in this list of common errors when writing Ethereum Contracts ). This means that unauthorized persons can redirect the ethereum stored in certain wallets to their own accounts. All versions of the Parity Wallets from version 1.5 are affected - the source code of the development version already contains a patch .

The White Hat Group, which had redirected vulnerable ETH reserves to a rescue wallet, promised to repay the money. For this, they want to create a new multisig wallet for each affected user that has the same settings as the original, vulnerable wallet. However, without the fatal error that can be misused to the claw of the Ethereum. After all, only multisig-wallets seem to be affected, ie, those with which multiple signatures must be confirmed.
Several security researchers and other observers criticize Parity because of the bugs . Although this is not a classic security gap but rather a simple volatility error in the code, which does not change however at the devastating consequences of the problem. Corresponding source code changes would have to be checked by several developers, comment observers from the security community on Twitter and other social networks. This obviously did not happen. In addition, the gap was several months in the source code without it being found.
Hard times for Ethereum millionaires
One of the victims of virtual bank robbery is the Startup Swarm City. The company claims to lost ETH with a value of over 7.8 million euros. And this is the theft is not even the first ETH Klau this week.