Hacker Exploits Vulnerability To Steal $30M In Crypto Currency
Hackers are exploiting vulnerabilities to steal crypto currency. In a recent attack, they stole over 153,000 Ether, which approximately translates to over $30 million dollars. A considerable amount, it is.
This is not the first attack, nor will it be the last. In this attack, the hacker had exploited a vulnerability in the Parity wallet – an Ethereum wallet client – to steal the crypto currency. While many countries and organizations are yet to accept cryptocurrencies such as ether or bitcoins, use of it for trade as well as for the purchase of illegal products and activities has been going on.
A small intro on what these entities are and what they do:
Ethereum is a blockchain app platform – it is a decentralized platform that runs smart contracts. The Ethereum Wallet is a gateway to decentralized applications on the Ethereum blockchain. It allows users “to hold and secure Ether and other crypto-assets built on Ethereum, as well as write, deploy and use smart contracts”. In plain terms, it is a cryptocurrency platform and wallet like the familiar BitCoin. Ethereum-based blockchain currencies are considered to be quite secure as it uses its “Ethash” hashing algorithm for the proof-of-work function.
The Parity Wallet Hack
The Parity wallet is an Ethereum wallet client that integrates directly into the browser. A hacker has exploited a vulnerability in this wallet to steal cryptocurrency. According to latest reports, the hacker has successfully cashed out approximately $90,000 in stolen Ether.
The vulnerability is in the Parity Ethereum client multi-signature (multi-sig) wallet software, and the hacker exploited this flaw to exfiltrate over 153,000 Ether. Multi-sig wallets are unique in the sense that multiple persons can control the wallet accounts with their own keys. Owners will be able to move funds only when a majority of owners use their own key to sign a transaction. This is actually a more secure measure akin to multiple users needed to authorize a specific financial transaction.
As soon as Parity spotted the hack and draining of multi-sig accounts, it issued a security alert on its blog:
Product affected: Parity Wallet
Affected implementations: Parity 1.5 or later
Summary: A vulnerability in Parity Wallet’s variant of the standard multi-sig contract has been found.
Affected users: Any user with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST.
Mitigation steps: Immediately move assets contained in the multi-sig wallet to a secure address.
UPDATE (20/07/17, 00:26 CEST): Future multi-sig wallets created by versions of Parity are secure
(Fix in the code is https://github.com/paritytech/parity/pull/6103 and the newly registered code is https://etherscan.io/tx/0x5f0846ccef8946d47f85715b7eea8fb69d3a9b9ef2d2b8abcf83983fb8d94f5f).
Parity advised users to move their Ether to a secure single-user wallet.
“The White Hat Group”, has drained vulnerable multi-sig accounts as a safety measure to a specific account. This group seems to be a voluntary group of Ethereum Project security researchers and members that have taken the initiative to protect Ethers in vulnerable wallets.
This wallet now contains over $76 million or 377,116.819319439311671493 Ether. The white hat team intends to return the funds after the vulnerability in the multi-sig Parity client has been fixed.
Vulnerabilities will be discovered and exploited – it is just a question of how quickly and effectively such breaches are addressed.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.