The ethereum community was warned on July 19 that the multi-signature wallet feature of the Parity client version 1.5 and above contained a critical vulnerability. A group of multi-signature “black hat exploiters” has also been able to steal 150,000 ether from multi-sig wallets and ICO projects.
A Vulnerability was discovered in the “Wallet.sol” Multi-Signature Contract used by Parity Clients.
The startup’s product, the Parity wallet version 1.5 and above, contained a bug that enabled the theft of $30 million worth of ETH, according to the company Parity and its founder Gavin Wood.
A multi-signature contract called “wallet.sol” was used in the vulnerability discovered in these specific Parity wallets, and the contract was also used by a few initial coin offerings (ICOs).
According to circulating reports, three ICO projects, Swarm City, ternity, and Edgeless Casino, have been hacked.
A vulnerability has been discovered in Parity Wallet’s variant of the standard multi-sig contract — Move all assets in the multi-sig wallet to a secure address right away.
On July 19, the Parity startup issued a security warning on its website, describing the scope of the problem as follows:
“A vulnerability has been discovered in Parity Wallet’s variant of the standard multi-sig contract — Move all assets in the multi-sig wallet to a secure address right away.”
The enigmatic ‘White Hat Group’ is back to help with rescue funds
Users of Ethereum’s Parity Client lose millions as a result of a multi-sig hack
Following this incident, an unidentified “white hat group” of hackers swept the network in order to drain the remaining vulnerable multi-sig wallets. The group claims to have recovered 377,105 ether worth about $85 million at the time of writing. According to the group, the funds will be returned to drained accounts, and the DAO rescue donations will be used to send the ether forward.
The hacker’s announcement explains, “The White Hat Group was made aware of a vulnerability in a specific version of a commonly used multisig contract.” “Because this vulnerability was simple to exploit, they took immediate action to drain every vulnerable multisig they could find.” Thank you to the entire Ethereum community for assisting in the discovery of these vulnerable contracts.”
In the future, how many more faulty contracts will be discovered?
The vulnerability was discovered just days after the Coindash ICO hack, which resulted in the loss of $10 million in ether. The malicious hacks from last week’s event, as well as the multi-signature wallet drain from yesterday, had little impact on the price of ethereum.
The cryptocurrency community, on the other hand, is once again debating the issue of faulty contracts on the Ethereum network, which are currently holding millions of dollars in funds. Since the infamous DAO debacle last year, the “black hat exploiters” or the “white hat group” have drained nearly a quarter of a billion dollars in ether.