Breaking: Hacker Steals $32 Million in Ethereum from 3 Multisig Wallets

by Aziz Abdel-Qader
  • The global cryptocurrency community is rattled.
Breaking: Hacker Steals $32 Million in Ethereum from 3 Multisig Wallets
Photo: Bloomberg
Join our Crypto Telegram channel

Nearly 153,000 units of cryptocurrency Ethereum, worth about $32 million, was stolen from three of the largest Ether multisig wallets in a hack seeming perpetrated today. The event is one of the biggest security breaches ever for the Bitcoin rival and it has the global cryptocurrency community rattled.

According to tweets published by Proof of Existence creator Manual Araoz, the multisig wallets affected by this hack are:

- Edgeless Casino (@edgelessproject)

- Swarm City (@swarmcitydapp)

- æternity Blockchain (@aetrnty)

The current estimated value of the tokens stolen sits just above $30 million, though that number my decrease as Ether’s price falls as news of the hack is spread.

Unlike other high profile hacks that were reversed in a hard fork, it appears that the Ethereum community will have some time to consider their options.

Last week, a cyber-attack on the cryptocurrency startup CoinDash resulted in a number of user accounts being compromised, and more than $7 million worth of Ethereum was stolen in about half an hour from customers’ accounts.

The Swarm City core team has just published this statement:

At approximately 12:30 PM ET Bernd Lapp, Business Hive leader noticed that the entire contents of the Swarm City ETH multisig wallet had been drained. Bernd checked the receiving address and noticed a few very large transactions had hit the same wallet. Collaboration between several dev teams and the Ethereum Foundation revealed that malicious actors had exploited a flaw in the Parity Multisig codebase, which allowed them to steal over 153,000 ETH from several projects including Edgeless Casino, Aeternity, and Swarm City.

A swift response from a whitehat hacker group used the same exploit to drain many other project’s parity multisig wallets, in order to protect them from theft. This group was able to save over 377,000 ETH. Unfortunately the 44,055 ETH that was in Swarm City’s wallet is gone.

Black hat hacker wallet address with stolen ether: https://etherscan.io/address/0xb3764761e297d6f121e79c32a65829cd1ddb4d32

White hat wallet address with preserved ether: https://etherscan.io/address/0x1dba1131000664b884a1ba238464159892252d3a

It’s important to note:

1. The newer multisig versions of the Parity multisig wallet has a vulnerability. This is ONLY FOR MULTISIG WALLETS. Specifically created in Parity Wallet > 1.5, and released January 19, 2017

2. If you do have funds in the multisig contract: carefully move your funds to a new account ASAP. If your funds are no longer in your multisig, please check the Black hat and White hat addresses. They might have been saved by the White hat group.

3. The vulnerability is in Parity’s “enhanced” multi-sig contract.

4. Single user wallets including Swarm City wallets are unaffected.

5. DO NOT fall for phishing attacks that opportunists will undoubtedly use to steal funds from crypto holders. Remember, do not click on links you don’t trust, and if your funds are in single user wallets, they are not at risk from the above mentioned Parity multisig wallet exploit.

The Swarm City Core team is more committed than ever to the development of Swarm City. The real value of our token lies in the community, and the technology the developers are creating. Black hat hackers, vulnerabilities, and bugs will not stop us from creating the decentralized sharing economy our community and the world craves.

The Swarm City Core team, the Ethereum foundation, and other Ethereum projects will keep informing about this incident as clearly as possible in the coming days.

Nearly 153,000 units of cryptocurrency Ethereum, worth about $32 million, was stolen from three of the largest Ether multisig wallets in a hack seeming perpetrated today. The event is one of the biggest security breaches ever for the Bitcoin rival and it has the global cryptocurrency community rattled.

According to tweets published by Proof of Existence creator Manual Araoz, the multisig wallets affected by this hack are:

- Edgeless Casino (@edgelessproject)

- Swarm City (@swarmcitydapp)

- æternity Blockchain (@aetrnty)

The current estimated value of the tokens stolen sits just above $30 million, though that number my decrease as Ether’s price falls as news of the hack is spread.

Unlike other high profile hacks that were reversed in a hard fork, it appears that the Ethereum community will have some time to consider their options.

Last week, a cyber-attack on the cryptocurrency startup CoinDash resulted in a number of user accounts being compromised, and more than $7 million worth of Ethereum was stolen in about half an hour from customers’ accounts.

The Swarm City core team has just published this statement:

At approximately 12:30 PM ET Bernd Lapp, Business Hive leader noticed that the entire contents of the Swarm City ETH multisig wallet had been drained. Bernd checked the receiving address and noticed a few very large transactions had hit the same wallet. Collaboration between several dev teams and the Ethereum Foundation revealed that malicious actors had exploited a flaw in the Parity Multisig codebase, which allowed them to steal over 153,000 ETH from several projects including Edgeless Casino, Aeternity, and Swarm City.

A swift response from a whitehat hacker group used the same exploit to drain many other project’s parity multisig wallets, in order to protect them from theft. This group was able to save over 377,000 ETH. Unfortunately the 44,055 ETH that was in Swarm City’s wallet is gone.

Black hat hacker wallet address with stolen ether: https://etherscan.io/address/0xb3764761e297d6f121e79c32a65829cd1ddb4d32

White hat wallet address with preserved ether: https://etherscan.io/address/0x1dba1131000664b884a1ba238464159892252d3a

It’s important to note:

1. The newer multisig versions of the Parity multisig wallet has a vulnerability. This is ONLY FOR MULTISIG WALLETS. Specifically created in Parity Wallet > 1.5, and released January 19, 2017

2. If you do have funds in the multisig contract: carefully move your funds to a new account ASAP. If your funds are no longer in your multisig, please check the Black hat and White hat addresses. They might have been saved by the White hat group.

3. The vulnerability is in Parity’s “enhanced” multi-sig contract.

4. Single user wallets including Swarm City wallets are unaffected.

5. DO NOT fall for phishing attacks that opportunists will undoubtedly use to steal funds from crypto holders. Remember, do not click on links you don’t trust, and if your funds are in single user wallets, they are not at risk from the above mentioned Parity multisig wallet exploit.

The Swarm City Core team is more committed than ever to the development of Swarm City. The real value of our token lies in the community, and the technology the developers are creating. Black hat hackers, vulnerabilities, and bugs will not stop us from creating the decentralized sharing economy our community and the world craves.

The Swarm City Core team, the Ethereum foundation, and other Ethereum projects will keep informing about this incident as clearly as possible in the coming days.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}