Just two days after the alleged hacking of CoinDash, another cryptocurrency heist occurred and this time, three companies have been attacked by an unknown hacker.
On Wednesday, Smart contract coding company Parity issued a security alert via its blog. The report warned companies who use Parity’s Ethereum Wallet software that a vulnerability has been found, apparently compromising user accounts.
The cyber heist is the third among a series of cryptocurrency hacking incidents that occurred in less than a month.#Hackers attacked again and stole $30 Million worth of #Ethereum!Click To Tweet
A couple of weeks ago, South Korean digital currency exchange Bithumb was reportedly hacked, and the hackers got away with more than $1 million USD in Ether and Bitcoin. On Tuesday, CoinDash was also hacked a few minutes after its ICO launch. It was reported that the cyber thief was able to steal $7 million USD in Ether.
A ‘Bug’ That Lead to the Ethereum Stolen
Parity is an Ethereum client developed by Parity Technologies, a VC-funded, UK-based company. It makes use of the Rust language, a hybrid imperative/OO/functional language with an emphasis on efficiency. Parity has a built-in Ethereum Wallet and Dapp environment.
According to the security alert released by Parity, hackers were able to access accounts due to a ‘bug’ in a particular multi-signature contract known as wallet.sol.
The bug issue was tagged as ‘critical’ by the company, and everyone with funds in a multi-signature wallet was advised to move their funds to a more secure address.
The said vulnerability lead to the hacking of funds from the accounts of Swarm City, æternity blockchain, and Edgeless Casino. Upon checking with Etherscan.io, the address where the stolen Ethereum were transferred now only has around $18 million USD in Ether–from $30 million USD worth of reported losses.
In a statement written in the Parity Gitter channel, Gavin Wood, founder and CTO of Parity, said:
“There is an effort by the foundation underway to secure funds in other wallets to prevent any further compromises; they will make an announcement in their own time.”
‘White Hat Hackers’ Rescued $75 Million USD Worth of Ethereum
Aside from the Ethereum stolen by the unknown hackers, another group dubbed as the White Hat Hackers took over 377,000 Ether amounting to $75 million USD from suspected bad actors and is returning the funds to their rightful owners.
Reports claimed that the group used the same exploit to access and drain vulnerable wallets as part of their efforts to protect the funds from the black hat hackers.Yay! #WhiteHatHackers came to the rescue and secured millions of #Ethereum!Click To Tweet
In Reddit, the White Hat Hackers wrote:
“The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract. This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. We will be creating another multisig for you that has the same settings as your old multisig but with the vulnerability removed and we will return your funds to you there.”
As of writing, Parity has already released an updated version of their software to fix the vulnerability.