Third Ethereum heist in 20 days!
After a $7.Four million Ethereum hack earlier this week, another hacker has managed to steal 153,000 units of Ether, presently worth over 32 million in US dollars. The hacker whose identity is unknown used a vulnerability in an Ethereum wallet client, Parity. A security flaw in Parity Wallet’s variant of the standard multi signature (multi-sig) contract permitted the hacker to send funds from multi-sig wallets that were created with Parity clients 1.Five and later. Numerous people have control over their keys in these wallets, and funds cannot budge in multi-sig Ethereum accounts unless a majority of owners sign with their keys.
The attack commenced late Tuesday and continued on Wednesday, with a total of three transactions made during that period. After Parity spotted the attack, The White Hat Group almost instantly used the same flaw to drain the rest of money from other multi-sig Parity wallets to bring an end to this crypto-job. The attack reportedly affected three wallets, with victims identified as, Swarm City, æternity blockchain, and Edgeless Casino.
The stolen money is presently in the following wallet.
Ethereum hack followed by “white hat wallet drains” – who are these saviors?
The White Hat Group emerges to be some sort of cryptocurrency savior made up of security researchers and Ethereum Project members to ensure the security of funds in vulnerable wallets. They have promised that the funds they drained will come back to their owners.
“If you hold a multisig contract that was drained, please be patient,” the group wrote. “They will be creating another multisig for you that has the same settings as your old multisig but with the vulnerability liquidated and will comeback your funds to you there.”
If your #ethereum wallet was vulnerable and got swept by this address https://t.co/8yPeLLYbwF then you are safe. It’s a whitehat address. pic.twitter.com/gmOR0JUEai
Those who suffered from the very first part of this attack by the unknown hacker will most likely never see their Ether back.
Parity has reported the vulnerability that the latest Ethereum hack used has been motionless.
Summary: A vulnerability in Parity Wallet’s variant of the standard multi-sig contract has been found.
Affected users: Any user with assets in a multi-sig wallet created in Parity Wallet prior to Nineteen/07/17 23:14:56 CEST.
UPDATE (20/07/17, 00:26 CEST): Future multi-sig wallets created by versions of Parity are secure (Fix in the code is https://github.com/paritytech/parity/pull/6103 and the freshly registered code is https://etherscan.io/tx/0x5f0846ccef8946d47f85715b7eea8fb69d3a9b9ef2d2b8abcf83983fb8d94f5f).
We have been witnessing a lot of hacks focusing on Ethereum lately. At least Trio different attacks have been reported in the last three weeks. Only this week, a hacker used a very plain trick of switching the address to his own wallet during CoinDash ICO. Earlier in July, another attacker had gained control over Classic Ether Wallet to get user credentials and then exfiltrate funds from numerous wallets.
Following the latest Ethereum hack report, ETH value dropped 14%, going down from $230 to $200.