Three Ethereum dealers lost $30m to hackers in what is now described as a parity wallet hack in recently released investigations. This exemplifies the fact that the current attraction to cryptocurrencies works like a two-edged sword, and this is just beginning to come to light.
What is the Parity Wallet?
A total of 150,000 ETH was involved in the hack and what the interloper did was explore a bug. The bug has now been identified in the multi-sig contract with wallet.sol configuration.
The hacker used a common internet account hijack approach by embedding a virus in a message sent to the targets. Two transactions were passed to the target contacts and this was used to gain control of the multi-signature wallets and authorize the transfer of the ether.
Experts were quick to identify the source of the hack and they proactively moved to transfer another 377,000 ether to a safe house. These ethers were such that had similar vulnerabilities.
The immediate targets identified in the loss of the 150,000 ether were æternity, Swarm City and Edgeless Casino An earlier attack on the CoinDash platform led to a loss of $7 million as hackers replaced an address during the company’s (initial coin offering) ICO.
How MultiSignature Wallets Work
Ethereum accounts can be accessed through Multisig wallets and this means that multiple users can operate them with individual keys. When this is the case, once a majority of the users authorize transactions using their keys, funds can be moved.
In this case, hacker moved the ether to a new account after bleeding the targets and experts from the Ethereum Foundation were able to track the losses. The recovery of the loss is doubtful as fast-paced transfers and withdrawals are commonplace in today’s world.
The Call for Vigilance
The attack calls for vigilance as it brings the vulnerabilities of online transactions to the fore. The reported hacks of traditional banking institutions have continued to date and it is a semblance of what is happening to cryptocurrencies.
If you operate a multi-sig wallet created with parity clients 1.5 or more recent versions, you need to move your funds to a safer option until the bug gets fixed.