Parity, an Ethereum Wallet Exploited. $31m allegedly stolen already

in #ethereum7 years ago

A very very bad day for Ethereum.

Severity: Critical
Product affected: Parity Wallet
Affected implementations: Parity 1.5 or later
Summary: A vulnerability in a version of the multi-sig contract wallet.sol has been reported.
Mitigation steps: Any user with funds in a multi-sig wallet created in Parity with the affected implementations should immediately move their funds to a secure address.

Source: https://blog.parity.io/security-alert-high-2/

"Edgeless casino, swarm city, and aeternity have all been drained" --CF Slack

Source:

Alleged Heist Address: https://etherscan.io/address/0xb3764761e297d6f121e79c32a65829cd1ddb4d32#internaltx

Sort:  

I guess this is the fix here? https://github.com/paritytech/parity/pull/6103/files

Can anyone explain the technical details of this bug/fix? I'll give a 100% upvote for good answers. ;-)

the significance is $31m

Yes, of course, but I am asking for a technical explanation of the patch I linked to. How was the previous version vulnerable, and how does the patch fix it? (Edited my comment to reflect this)

here's the easy explanation:

thx for the info

Wow that is not good PR for Ethereum

Wow, that's bad!

coinfund_io CoinFund tweeted @ 19 Jul 2017 - 19:33 UTC

"Edgeless casino, swarm city, and aeternity have all been drained" --CF Slack #parityhack

Disclaimer: I am just a bot trying to be helpful.

Wow, the hits just keep on coming for Ethereum. Not good.

where are your coins really safe?

Lol.. rekt

Dang, thats a big hit!

Shit... That's a hell of a paycheck!

Covering eyes...

Resteeming - that's awful news for those with holdings.

This is why you use your own hardware wallets

it's also why wallets clearly need to be improved - and more hardware wallets need to be available - lots of opportunity for whoever cracks that nut!

I believe MyEtherWallet already stopped allowing Parity as an option to access wallets a month ago.

Yep, MEW is fine

Still absolutely crazy though that millions got stolen like that LOL

Buy more ERC-20 and then cry later.

the rest of the other crypto except that 31 million worth as take by a black hat during this situation has been drained by white hats.