£23 million in Ethereum coins stolen from vulnerable multi-sig wallets

News by Max Metzger

Vulnerabilities in the wallet.sol Ethereum wallet led to the theft of millions of pounds worth of the cryptocurrency by hackers.

Millions of dollars have been stolen by cryptocurrency software thieves who attacked commerce platforms like Swarm City, Edgeless Casino and the æternity blockchain.

It's estimated that US$30 million (£23 million), or 150,000 Ethereum (ETH) coins, were stolen from ETH wallets.

The loss stems from a bug in a type of multi-signature wallet which holds the currency, known as wallet.sol, made by the company Parity. The vulnerability allowed hackers to take over wallets and drain them of funds. The company issued a critical security alert encouraging anyone using that wallet to “immediately move assets contained in the multi-sig wallet to a secure address”.

Parity updated its security alert on 20 July to say that future wallets would not suffer from this bug.

Fortunately, a group of White Hats spotted what was happening and salvaged 377,000 ETH (£61 million), putting them into secure accounts. Those who think they might have been the victim of the con may well had their funds saved and put here.

Parity reported it on the company's Gitter channel: “The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract. This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible.”

ETH is one of the more popular cryptocurrencies out there, with a current market cap of US$19.38 billion (£14.95 billion). The price of ETH has actually fallen by 11.24 percent over the last 24 hours, possibly as a result of the news.

Tyler Moffitt, senior threat research analyst at cyber-security firm Webroot, told SC, “The key takeaway from this hack is that we're still exploring the Ethereum space and wallet security is more important than ever.”

“I personally recommend hardware or native wallets; they are the most secure, as you are in control of any transaction. Do NOT store lots of currency in exchanges that control your private address. Only use them to make trades then back out to safe addresses.”

This comes just a few days after a hacker stole millions in Ethereum, after redirecting investment payments meant for cryptocurrency startup CoinDash, to its own website.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews