Just two days after the CoinDash hack, a hacker managed to exploit a vulnerability on the Parity multi-sig wallet. The hacker stole the equivalent of about $32 million USD in Ether – 153,000 ETH. Reports about the theft emerged on Twitter, Reddit, medium and on the ethcore blog. These reports point to a vulnerability in Parity multi-sig wallet version 1.5 or newer. Parity multi-sig wallet hack victims will probably have to absorb their losses, despite an effort from white hat hackers to secure the rest of the funds.
Confusion Following the Parity Multi-Sig Wallet Hack
Some reports on Twitter and Medium claim that the white hat hackers managed to secure up to 377,000 ETH at a safe location to prevent further losses. The owners of those funds are expected to get them back. Nevertheless, the events following the Parity multi-sig wallet hack created some confusion, which responsible members of the Ethereum community are working hard to clarify. At this point, these community members are urging people not to panic so that everyone can understand what really happened and if they are under threat or if they are not.
Only the Parity Multi-Sig Wallet Version 1.5 and Above are Vulnerable!
It is important to convey the following facts to all those who think they might be vulnerable to the Parity multi-sig wallet hack:
- Only the Parity multi-sig wallet version 1.5 or above was affected.
- Parity released this multi-sig wallet on January 19th, 2017.
- Regular, non multi-sig parity wallets, or those preceding the 1.5 version do not have this vulnerability.
- If you have funds on a Parity multi-sig wallet version 1.5, secure your funds in another wallet as quickly as possible.
- Make sure you do not fall victim to phishing attacks while securing your funds or making transactions.
- If your funds disappeared from a Parity multi-sig wallet, check on etherscan.io to see if the malicious, black hat hackers took your funds, or if the white hat hackers secured them.
- White hat hackers are expected to return those funds to their rightful owners. We will update you when more details about that become available.
- The white hat hacker address can be seen here. Check if your funds are there.
Consequences of the Parity Multi-Sig Wallet Hack
Beyond the recovery of lost funds through white hat hackers, it is too early to assess which other consequences the Parity multi-sig wallet hack will have. Some people have taken to Twitter to nudge Vitalik Buterin to fork Ethereum again, alluding to the DAO attack solution. This is unlikely to happen; Ethereum did not fail, Parity did.
In the meantime, it seems that Ether prices suffered following the attack. This is usually what happens after big hacks that generate panic. At times, prices fall because the hackers themselves rush to sell what they stole. We will be keeping our readers updated on the prices of Ether following the attack, as well as any other development related to the Parity multi-sig wallet hack.