The attack occurred on July 19 and was detected by Parity, a company founded by Ethereum creator Gavin Wood, shortly thereafter. After the incident, the company released a security advisory warning of a vulnerability affecting versions 1.5 and later of its wallet.
The flaw affected a wallet variant of the company’s standard multi-sig contract. Multi-sig (“multiple-signature”) wallets are accounts for Ethereum, which operate under the control of multiple users with their own keys. Users can move funds out of a multi-sig wallet only if a majority of the wallet’s owners sign transactions with their keys.
The party responsible for the hack exploited the flaw in vulnerable Parity wallets to move more than 150,000 Ether (then worth close to USD 32 million) to an address under their control. It is unclear how many wallets from which the hacker stole; however at least three victims have come forward so far: Swarm City, Edgeless Casino and Aeternity.
Users with vulnerable Parity multi-sig wallets are advised to move their assets to a secure address. Furthermore, they should also be wary of phishers who might try to trick users into revealing their wallet addresses. In the meantime, Parity is working on a fix and has already ensured that future multi-sig wallets are protected against the vulnerability.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now