Hacker Uses Parity Wallet Vulnerability to Steal $30 Million Worth of Ethereum

Share this…

An unknown hacker has used a vulnerability in an Ethereum wallet client to steal over 153,000 Ether, worth over $30 million dollars.

The hack was possible due to a flaw in the Parity Ethereum client. The vulnerability allowed the hacker to exfiltrate funds from multi-sig wallets created with Parity clients 1.5 and later. Parity 1.5 was released on January 19, 2017.

Multi-sig wallets are Ethereum accounts over which multiple persons have control with their own keys. Multi-sig accounts allow owners to move funds only when a majority of owners sign a transaction with their key.

White-hats have also drained multi-sig accounts

The attack took place around 19:00-20:00 UTC and was immediately spotted by Parity, a company founded by Gavin Wood, Ethereum’s founder. The company issued a security alert on its blog.

The Ether stolen from Parity multi-sig accounts was transferred into this Ethereum wallet, currently holding 153,017.021336727 Ether.

Hacker wallet

Because Parity spotted the attack in time, a group named “The White Hat Group” used the same vulnerability to drain the rest of Ether stored in other Parity wallets that have not yet been stolen by the hacker. This money now resides in this Ethereum wallet.

White Hat Group wallet

According to messages posted on Reddit and in a Gitter chat, The White Hat Group appears to be formed of security researchers and members of the Ethereum Project that have taken it into their own hands to secure funds in vulnerable wallets.

Based on a message the group posted online, they plan to return the funds they took. Their wallet currently holds 377,116.819319439311671493 Ether, which is over $76 million.

If you hold a multisig contract that was drained, please be patient. They will be creating another multisig for you that has the same settings as your old multisig but with the vulnerability removed and will return your funds to you there.

Parity working on a fix

Parity developers said they are working on a fix to patch all multi-sig Parity clients.

Users who still hold funds in multi-sig wallets created with a Parity 1.5+ client that have not been mysteriously drained by now should move funds to a secure single-user wallet.

Ethereum was trading at around $230 just before the hack. After the hack, the price dropped and is currently trading at around $200, a 14% drop.

Various cryptocurrency experts commenting online believe this is the file that holds the vulnerable code exploited by the attacker.

Not the first time (this week)

Earlier this week, a hacker made off with over $7 million worth of Ethereum after taking over the website of the CoinDash platform and replacing an Ethereum address during the company’s ICO.

At the start of the month, Bithumb, the fourth largest cryptocurrency exchange in the world was hacked. Attackers stole an unknown amount of Bitcoin and Ethereum.

Also at the start of the month, a n unknown attacker has gained control over the web domain of Classic Ether Wallet, a client-side wallet system for the Ethereum Classic (ETC) cryptocurrency. He used his control over the site to log user credentials, which he later used to siphon Ethereum from victims’ wallets.

Last year, another unknown hacker stole over $50 million worth of Ether from DAO in the largest Ethereum hack known to date. The hack was so damaging that the Ethereum team had to fork the blockchain in order to reverse the hacker’s actions.