Hacker steals over $30m in Ethereum by exploiting flaw in Parity wallet
A unknown hacker reportedly stole over $30m (£23m) worth of Ethereum by exploiting a flaw in Parity, an Ethereum wallet client. The hacker allegedly took advantage of a “critical” vulnerability in Parity, allowing him to drain $31,725,019 (£24,363,560) worth of ether from at least three accounts.
This is the second Ethereum heist in a week, with the previous theft occurring just two days prior to the Parity heist. The previous Ethereum theft saw hackers make away with $7m worth of the cryptocurrency in just three minutes.
According to Parity founder Gavin Wood, the vulnerability affected multi-signature wallets in Parity, created with the 1.5 version or later, Motherboard reported. “THIS IS NOT A DRILL,” Wood wrote in the Parity chat channel. “[If] you have a parity-based multisig, move your funds to a secure address ASAP.”
Multi-signature wallets are Ethereum accounts that can be operated by multiple users with their own keys. Funds can be moved from such accounts only when a majority of the account’s users sign transactions with their keys.
The stolen funds were transferred to another Ethereum wallet, which currently holds
83,017.019743665 ether ($17,319,796). However, shortly after the heist, according to reports, the wallet held 153,017.021336727 ether ($31,923,859).
It is unclear whether the $14m were moved by the hacker to some other location. Wood said that once the hack was discovered, white hat hackers, presumably from the Ethereum Foundation, that oversees protocol development, attempted to secure the lost funds. It is still unknown whether such attempts were successful.
BleepingComputer reported that the White Hat Group decided to secure funds in multiple vulnerable wallets, moving the funds to a separate wallet that holds over $76m worth of Ethereum. The group allegedly intends to return the funds to their respective owners.
“Many more [wallets] are affected,” Manuel Araoz, co-founder of ethereum smart contract development firm Zeppelin Solutions told Motherboard. Parity said that they are working on a fix to patch the issue “ASAP”.
The heist is one of the largest in Ethereum history. However, over the past few months, attacks on cryptocurrency platforms have been steadily escalating.