Parity Wallet hacked with $32m in Ethereum stolen

A hacker has reportedly stolen $32m (153k ETH) from three multisig wallets.

Parity Technologies, creators of the Parity Browser for interacting with the Ethereum network have issued a critical security alert. The browser’s Ethereum-based Parity Wallet has been hacked and compromised due to a vulnerability which has been found in Parity Wallet’s variant of its standard multi-sig contract.

Affected users are any users with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST.

Malicious actors exploited a flaw in the Parity Multisig code, which allowed a known party to steal over 153,000 ETH from several projects including Edgeless Casino, Aeternity, and Swarm City.

A swift response from a white hat hacker group used the same exploit to drain many other project’s Parity multisig wallets, in order to protect them from theft. This group was able to save over 377,000 ETH.

Important to note:

1. The newer multisig versions of the Parity multisig wallet has a vulnerability. This is ONLY FOR MULTISIG WALLETS. Specifically created in Parity Wallet > 1.5, and released January 19, 2017

2. If you do have funds in the multisig contract: carefully move your funds to a new account ASAP. If your funds are no longer in your multisig, please check the Black hat and White hat addresses. They might have been saved by the White hat group.

3. The vulnerability is in Parity’s “enhanced” multi-sig contract.

4. DO NOT fall for phishing attacks that opportunists will undoubtedly use to steal funds from crypto holders. Remember, do not click on links you don’t trust, and if your funds are in single-user wallets, they are not at risk from the above-mentioned Parity multisig wallet exploit.

PARITY UPDATE: (20/07/17, 00:26 CEST): Future multi-sig wallets created by versions of Parity are secure.

Exit mobile version