Parity Wallet Breach – How Was $30,000,000 In ETH Stolen Online?
Over $34 million of Ether has been stolen due to an exploit in Parity Wallet.
Smart contract coding company Parity issued a security alert warning of the vulnerability in version 1.5 of its wallet software. So far, a total of over 150,000 Ethers (worth over $34 million based on today’s Ether price of $220 USD) were reported stolen by the company.f
The issue is the result of a bug in a specific multi-signature wallet called wallet sol.
The good news about this theft is that it could have been much worse. The issue was mitigated by the White Hat Group of hackers who recovered over 377,000 Ethers before they were exposed. Without their help, the attack could have led to the theft of over $150 million worth of Ether.
Parity ranked the severity of the bug as “critical” in their public announcement, and urged any users with funds in a multi-signature wallet to move their funds to a secure address.
When $32 million in Ether goes missing, you expect it to be sourced from many accounts. With this Parity Wallet attack, however, only three Ether addresses have been confirmed as compromised as a result of the bug.
Social media is trying to determine who the compromised addresses belong to. Proof of Existence creator Manual Araoz suggests that the compromised addresses could potentially belong to notable owners, for example, like Edgeless Casino, aerternity, and Swarm City, all of which recently completed ICOs on Ethereum.
Swarm City has already confirmed the loss of 44,055 ETH as a result of the hack, although the other two parties have not given any official comment.
In the meantime, developers are scrambling to secure their funds. CivicKey CEO Vinny Lingham, for example, breathed a sigh of relief when he realized the CVC tokens raised through the company’s latest ICO were safe.
Is Ethereum A Hacker’s Paradise?
In a tweet, Litecoin developer Charlie Lee described how this latest Ethereum breach “pretty much confirms that Ethereum is a hacker paradise.”
Many users are also poking fun at Parity because their website has statements like this:
“Every single line in our codebase is fully reviewed by at least one expert developer (and routinely two or more) before being placed in the main repository.”
Meanwhile, earlier this week, CoinDash suffered a hack where $10 million was stolen due to a misdirected ICO address.
Ideally, publishing open source software like Parity means that qualified members of the public will review and repair the code. Unfortunately, in the case of Parity Wallet’s breach, it seems like hackers spotted the exploit before anyone else.