White Hats Step In to Save Funds from Vulnerable Ether Wallets
At 11:30 a.m. (CDT) on July 19, 2017, a hacker managed to steal 153,000 ETH (approximately $32 million at the time) from three Ethereum wallets by exploiting a vulnerability within the wallets' multi-signature verification. The affected wallets include the ones using Parity client version 1.5 or later.
According to a tweet by Project Lead Manuel Aráoz, the three multisig wallets first targeted by the hack were using Parity client version 1.5 or later, and included Edgeless Casino, Swarm City and Æternity Blockchain. However, Project Blocktix also reported a loss totaling 3,916 ETH. According to ETHNews, Blocktix.io was hit by a second attacker who exploited the same vulnerability.
A Swarm City blog post revealed that a group of white hat hackers managed to secure the remaining funds from the affected ETH wallets using the same exploit. The swift response of the white hat hackers allowed them to secure the funds of other vulnerable projects. Unfortunately, funds in the wallets of Edgeless Casino, Swarm City and Æternity Blockchain are completely lost, though the “white hat response team” managed to secure 6,272 of 10,188 ETH at Blocktix.io.
The White Hat Group announced on Reddit that they will create “another multisig for you [the affected users] that has the same settings as your [the users’] old multisig but with the vulnerability removed and we will return your [the users’] funds to you [the users].” The response team warned the Reddit community to be careful with donation addresses below their post since there are “a lot of phishers in the community right now.”
On July 19, Parity Technologies published a critical security alert stating there was a vulnerability connected to Parity Wallets. The users affected by the vulnerability included “any user with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST.” The company urged users to move all assets from the multisig wallets to a secure address. Wallets seemingly unaffected by the breach include Geth, MyEtherWallet and single-user accounts created on Parity.
Parity updated its post as of today stating that future versions of their multisig wallets are secure:
“Future multi-sig wallets created by versions of Parity are secure (Fix in the code is https://github.com/paritytech/parity/pull/6103 and the newly registered code is https://etherscan.io/tx/0x5f0846ccef8946d47f85715b7eea8fb69d3a9b9ef2d2b8abcf83983fb8d94f5f).”
Swarm City also posted information for users affected by the hack:
“If you do have funds in the multisig contract: carefully move your funds to a new account ASAP. If your funds are no longer in your multisig, please check the Black hat and White hat addresses. They might have been saved by the White hat group.”
To check on funds held by either the black hat or the white hat hackers, see the ETH addresses below:
White Hat Group’s wallet: 0x1DBA1131000664b884A1Ba238464159892252D3a
First hacker’s wallet: 0xB3764761E297D6f121e79C32A65829Cd1dDb4D32
Second attacker’s wallet: 0x1Ff21eCa1c3ba96ed53783aB9C92FfbF77862584
The hacks have not only affected the wallets of the victims but also the overall price of ether. According to Coin Market Cap’s stats, the price experienced a 15 percent drop from $234.94 (at 0:04, July 19) to $199.70 at the end of the day. However, ETH has since recovered to around $227 today.