According to the Parity company and company founder Gavin Wood, the startup’s product, the Parity wallet version 1.5 and later, contained a bug that allowed $30 million in ETH to be stolen. The vulnerability discovered in these specific Parity wallets used a multi-signature contract called “wallet.sol” and the contract was also used by some initial coin offerings (ICOs). Circulating reports believe that three particular ICO projects have been compromised, including Swarm City, æternity and Edgeless Casino.
Startup Parity had issued a security advisory on its website on July 19 detailing the extent of the problem;
After this incident, a group of unknown hackers from the “white hat group” took it upon themselves to drain the rest of the vulnerable multi-sig wallets that are wiping out the net. According to the group, at the time of writing, they have recovered 377,105 ether worth approximately $85 million. The group says it will return the funds to accounts that have been depleted and that they are using donations from the DAO gas ransom to send ether.
“White Hat Group became aware of a vulnerability in a specific version of a commonly used multiple signature contract,” explains the hacker’s announcement. “This vulnerability was trivial to run, so they took the necessary steps to drain any vulnerable multisig they could find as quickly as possible. Thanks to the large Ethereum community that helped find these vulnerable contracts. ”
How many more defective contracts will be found in the future?
News of the vulnerability comes shortly after the Coindash ICO hack last week which saw the loss of $ 10 million in ether. The malicious hacks from that event last week and yesterday’s multi-signature wallet leak had little effect on ethereum’s price. However, the cryptocurrency community is once again debating the issue of faulty contracts held within the Ethereum network which currently has millions of dollars in funds. The “black hat exploiters” or “white hat group” have consumed nearly $ 250 million in ether since last year’s infamous DAO debacle.
What do you think of the latest tricks of the Ethereum multi-signature wallet? Let us know in the comments below.