$30 Million worth of Ether Reported Stolen
Smart contract coding company Parity has issued a security alert, warning of a vulnerability in version 1.5 or later of its wallet software.
So far, 150,000 ethers, worth $30 million, have been reported by the company as stolen, data confirmed by Etherscan.io. As reported by the startup, the issue is the result of a bug in a specific multi-signature contract known as wallet.sol. Data suggests the issue was mitigated, however, as 377,000 ethers that were potentially vulnerable to the issue were recovered by white hat hackers.
Parity ranked the severity of the bug as “critical” in its public remarks, urging “any user with funds in a multi-sig wallet” move their funds to a secure address.
On social media, notable blockchain specialists are already weighing in on the situation, with Proof of Existence creator Manual Araoz suggesting that the compromised addresses could potentially belong to notable owners.
Specifically, he identified Edgeless Casino, Swarm City, and æternity – three recent initial coin offering projects built on ethereum – as potentially having been compromised in the thefts.
As of press time, Swarm City had confirmed the loss of 44,055 ETH. Edgeless Casino and æternity have not yet given any official comment.
Overall, it’s the latest security setback for an ethereum project in recent days, following a hack on CoinDash in which $10 million was stolen in an ICO earlier this week.
It’s important to note:
1. The newer multisig versions of the Parity multisig wallet has a vulnerability. This is ONLY FOR MULTISIG WALLETS. Specifically created in Parity Wallet > 1.5, and released January 19, 2017
2. If you do have funds in the multisig contract: carefully move your funds to a new account ASAP. If your funds are no longer in your multisig, please check the Black hat and White hat addresses. They might have been saved by the White hat group.
3. The vulnerability is in Parity’s “enhanced” multi-sig contract.
4. Single user wallets including Swarm City wallets are unaffected.
5. DO NOT fall for phishing attacks that opportunists will undoubtedly use to steal funds from crypto holders. Remember, do not click on links you don’t trust, and if your funds are in single user wallets, they are not at risk from the above mentioned Parity multisig wallet exploit.
Source | Coindesk