Parity, Etehreum’s Exclusive Client, has Been Hacked

Nobody is safe. Not even Etehreum’s second most popular client, Parity. The company announced that they have been hacked by thisaddress on November the 6th. 500,000 ETH are compromised.

Parity Hacked

The hack created a difficult situation for this company. All the multi-sig wallets, including the Polkadot ICO and others have been frozen. The total amount hacked is around 500,000 ETH or $150 million dollars, as reported by Trustnodes. Currently, no funds can be moved out of the multi-sig wallets. The company said that they will release an update with further details.

“While Ethereum is a great language and platform, it’s important to remember that it is still very early in its development and issues like this will arise. Diversification of funds, people, technology and locations is key,” commented David Mondrus, CEO of Trive.

UPDATE: A user exploited an issue and thus removed the library code, as it seems unaware of the consequences.

— Parity Technologies (@ParityTech) November 7, 2017

The company released a report in which it tries to explain the situation. “Following the fix of the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract has been deployed on 20th of July,” reads the report. “However that code still contained another issue – it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function,” keeps explaining.

Apparently the issue seemed to be triggered on November the 6th2017 02:33:47 +UTC, by accident. Furthermore, a user “suicide” the library-turned-into-wallet, wiping out the library code that rendered all multi-sig contracts unusable since their logic was inside the library, explains the company in its website.

Clearly, this is a situation that should be analyzed carefully by developers, company engineers and Ethereum creators. Every single situation must be taken seriously. Lot of individuals do not know whether they have the possibility to recover their funds or not, at the moment.

This froze funds in all Parity multi-sig wallets deployed after 20 July. We are analysing the situation and release further details shortly.

— Parity Technologies (@ParityTech) November 7, 2017

Not the First Hack in the Ethereum Platform

Smart Billions ICO is the first fully decentralized and transparent lottery managed by an Ethereum smart contract. This company suffered from a hack some months ago that resulted in the lost of 400 ETH. It is not as much and as important as Parity hack, but it is an example of what hackers are able to do with Ethereum’s contract.

“As we learned, the function “putHashes” was not executed by the admin as required. The hackaton allowed the team to improve the smart contract in order to validate it conclusively. The administrative strategy has been amended now to protect the investors. The security of the contract will no longer be subject to continued Admin activity,” wrote the company.

These two situations will allow developers to correct the vulnerabilities of the system in order to make it better. Though, the intention behind Smart Billions, this new ICO, was to show that they were prepared for an attack.

Leave a Reply

Your email address will not be published. Required fields are marked *