Summary
As many already know, on July 19th, 2017 a hacker was able to exploit a flaw in the Parity Multisig Wallet code. This gave the hacker the ability to drain over 153,000 ETH from three Ethereum projects - Swarm City, æternity, and Edgeless Project. Read the original announcement by the æternity team here.
For a deeper dive into the hack event, please read this Parity Hack Trace post. For updates and announcements please follow @parityhacktrace on Twitter. For all official links, please visit our LinkTree.
In 2017 the Parity Multisig was the industry standard, and during the hack many Ethereum projects were at risk. But quick action by a consortium of White Hats saved these projects, removing their funds from harm's way. Unfortunately, Swarm City, æternity, and Edgeless Project were not so lucky. Their funds were already possessed by the attacker at this address. Check out the press releases from each project here, here, and here.
Where we are now
We have not remained idle. Our three projects have been monitoring every transaction made from the hacker's account. Over the course of the last four years blockchain tracking tools have become increasingly more efficient. Now it's simple to track the movements of any malicious actor on-chain.
For example, a short time ago Poly Network was hacked for over $600 million USD. But it became quickly clear to all parties - including the hacker - that there was no realistic way to spend the funds anonymously. Exchanges flagged their address and rejected the hacker's incoming transactions. And blockchain forensics from SlowMist and Chainalysis was able to find vital identifying information on the hacker. The end result? With nowhere to go, the hacker returned all $600 million, minus a $500K bounty.
With regards to the Parity Hack, we have been able to piece together a considerable amount of information on the hacker, their wallets, and their transaction history. To start, the majority of the ETH remains in the hacker's original wallet. But a portion has been transferred to these exchanges:
Binance: 1,523
FTX: 500
Poloniex: 796
Simpleswap: 1,690
Changelly: 4,605
Shapeshift: 1,849
ChangeNOW: 305
FixedFloat: 220
The actions we're taking
Today we are taking our first united action step towards recovery. We are reaching out to the above exchanges to ask them to freeze the hacker's accounts. We are also requesting they return the stolen ETH to the contract address mentioned below, which has been approved by all three projects.
We also recognize, and surely so must the hacker, that it will become more and more difficult to launder the stolen ETH as time goes on. The hacker's address has been marked and blacklisted from all legitimate exchanges, including DEXs. And all transactions to and from it will be monitored and catalogued. In all likelihood, the hacker's identity will become public knowledge in due time.
This is what we're asking
To the exchanges listed above: It is forensically clear the funds in question were stolen. Since you have custody, we ask you to freeze the funds, and return them to the address listed below.
To the community of projects saved by the White Hats during the Parity Exploit: It was quick action by our projects that helped save your funds. We alerted the White Hats right away, giving them enough time to act.
We ask that you support us now by encouraging the exchanges holding the stolen funds to return them. Their twitter handles are linked above. Please contact the exchanges by tagging them on Twitter with this message:
Dear [Exchange Handle], please return the funds stolen in the 2017 @ParityTech wallet hack to their rightful owners here: https://etherscan.io/address/0x5fda428f3585327608e6b1aa2c5952e27f80ecba
Additionally, if you are so inclined, please feel free to donate to our cause at the above address.
To Parity: We ask you to encourage the above exchanges to return our funds. Additionally, if you are so inclined, please feel free to donate to our cause at the above address.
To the greater Ethereum community: Please help spread the word and encourage all parties to do the right thing. This includes the exchanges, the projects saved by The White Hats, Parity, and the Hacker.
Please contact the exchanges holding the stolen funds by tagging them on Twitter with this message:
Dear [Exchange Handle], please return the funds stolen in the 2017 @ParityTech wallet hack to their rightful owners here: https://etherscan.io/address/0x5fda428f3585327608e6b1aa2c5952e27f80ecba
To the Parity Multisig Hacker: Here's our offer. If you agree to return 135,000 ETH (90% of the original amount stolen) to our above linked wallet address, we will consider the matter resolved. We will no longer pursue you or the remaining ETH.
How to Return the Stolen ETH
Simply send ETH to https://etherscan.io/address/0x5fda428f3585327608e6b1aa2c5952e27f80ecba">0x5fda428f3585327608e6b1aa2c5952e27f80ecb (https://etherscan.io/address/0x5fda428f3585327608e6b1aa2c5952e27f80ecba). Behind this contract address there is a splitter contract setup by the projects æternity, Edgeless and Swarm City. This splitter contract will allow the projects to withdraw the funds with the right ratio. You can also contact us up front via the below contact methods.
Wallets we are targeting:
https://etherscan.io/address/0xb3764761e297d6f121e79c32a65829cd1ddb4d32#internaltx
- 83,017.191722098000000112 ETH
https://etherscan.io/address/0x5167052b83f36952d1a9901e0de2b2038c3dd1a3
- 10,000 ETH
https://etherscan.io/address/0x2d146aa23645950fdefbb23f636a5d1674fe1047
- 10,000 ETH
https://etherscan.io/address/0xef0683bef79b7ad85573415c781edfde8bec65b1
- 10,000 ETH
https://etherscan.io/address/0x18345118bd04c405b4d74941563a21b5a2bf06b7
- 9,400.002472000000000911 ETH
https://etherscan.io/address/0x6a14e385fff2f21abe425a07ce29842b7037a80d
- 7,199.998677 ETH
https://etherscan.io/address/0x4de76b3dfd38292ba71cf2465ca3a1d526dcb567
- 9,229.083759605061000911
Contact Information
Tip email: official@parityhack.io
Telegram: @godfatherAE
Official LinkTree: https://linktr.ee/parityhacktrace
Thank you to everyone assisting recovery including The Defiant.
All images by Brian Klug.
No Comments.