Just two days after suffering a hacking that took $7.4 million out of the pockets of their users, Ethereum has been under attack once again. On Wednesday, more than $30 million worth of the cryptocurrency has been stolen by an unknown hacker.
This was somewhat bound to happen due to the fact that Ethereum has been slowly getting the attention of the mainstream, putting it in the spotlight and therefore catching hackers’ attention.
Parity founder, Gavin Wood wrote a post explaining what happened. Apparently, a critical vulnerability in Parity, an Ethereum client, was the cause of at least three accounts being hacked into, leading to a loss of $31,725,019 USD in cryptocurrency. The way the hacker did this is by making the contract used to create multi-signature ethereum wallets in Parity 1.5 vulnerable. These wallets let several people control private cryptographic keys that allow them to move the cryptocurrency out of the wallet in case the majority of the key holders sign off the transaction.
Wood later went on to write another post warning the users of the situation. He warned that it wasn’t a drill and advised everyone that had a parity-based multisig to move their funds to a secure address as soon as possible.
Wood proceeded to write that “whitehats at the foundation” tried to secure the lost funds after the hack took place. He added that they were still trying to secure funds in other possibly vulnerable wallets at the time of writing, and that there will be more announcements to come.
What this seems to tell us is that there might be more than three accounts affected by the hack, and we have yet to find out which accounts are cleaned out by malicious hackers and which funds are being held by the good guys who plan on returning them later.
One of the first people to talk about the hack when it happened was Manuel Araoz, the co-founder of ethereum smart contract development firm Zeppelin Solutions. He said that many more wallets have been affected, although they still didn’t know if it was by a whitehat or a blackhat.
One Reddit user wrote of their 74 ether being stolen while they were at lunch, while another stating that the movement might have been done by a whitehat hacker and she might be able to get her funds back later.
Wood assured that a fix will be provided by their team as soon as possible, advising the users to move their funds to a secure address in the meantime.
This hack is easily one of the largest in the ethereum’s history, and we can’t help but be reminded of the DAO hack that took place in 2015. That time, $53 million worth of cryptocurrency had been stolen, leading the developers to split ethereum in two version so they could roll back the stolen ether, which of many users did not approve.