Parity Multisig Wallet Hack

gravatar
By admin
 · 
July 20, 2017
 · 
2 min read

Update on the Parity 1.5 (or later) vulnerability exploit.

Due to a zero day exploit in Parity 1.5 or later, funds were moved out of a number of ETH multisig wallets without any authorization by unknown perpetrator(s).

https://twitter.com/maraoz/status/887753444223746048

æternity was using a parity “enhanced” multi-signature wallet on the latest parity update. Many projects in the space have used the same practice and have been affected as well.

As far as we know three project multi-sig wallets have been affected by the black hat attack:

https://twitter.com/maraoz/status/887755889897295872

However, many other multi-sig wallets have been exposed to the vulnerability as well, but got saved due to white hat attacks.

We are currently examining the situation together with the ‘Multisig Hack Response team’ and other members of the Ethereum community.

It was a vulnerability in the Parity multisig smart contract.

Around 82,000 ETH (of 102,000 ETH) sent to æternity during Phase 2 were sent by an attacker to address 0xB3764761E297D6f121e79C32A65829Cd1dDb4D32 via an internal transaction. All other funds (ETH and BTC) of the æternity project are safe! The æternity development operations will continue as usual.

https://etherscan.io/address/0xbec591de75b8699a3ba52f073428822d0bfc0d7e#internaltx

This is where we firmly stand:

  1. All AE tokens of the contributors are unaffected by this issue. Everyone will receive their tokens exactly as contributed.
  2. The project still has at its disposal the Phase 1 ETH (and what we exchanged to BTC) and all BTC of Phase 1 and Phase 2. æternity also still has control over 22k ETH of Phase 2.
  3. The amount of the remaining funds is still considerable and can cover the future development of the platform.
  4. The team is more determined than ever to realize the æternity project. We will do everything possible to make sure the project development continues unaffected.
  5. We will try to resolve the situation or limit the damage by establishing a communication channel with the perpetrator(s).

We will keep following events and update you as soon as we have new information.


Update 20.07.2017 16:00 UTC/GMT

Together with æternity’s lawyer, we have contacted the Liechtenstein police authorities and filed charges. The police will forward the matter to Interpol.


The æternity team will make sure that the project execution will continue with full steam ahead.

Sincerely, the æternity team

Interested in æternity? Get in touch:

GitHub | Reddit | Telegram | Twitter | Facebook | Mail

Tagged: æternity · Blockchain · Ethereum · Hacking · Team
Comments

No Comments.