BlockParty security alert

The BlockParty deployment account was compromised and ETH 1.2 was transferred into an unknown account.

The incident itself happened on 6th December but unfortunately I did not notice until 13th January when I was about to deploy a new contract for the upcoming London Ethereum meetup.

When I found out the incident, there was still ETH 0.05 unclaimed deposit from the October meetup . I cleared up the deposit from the contract and transferred to a different account so should be safe for now.

I still do not know exactly how it was stolen but it is partly down to my poor key management practice and this definitely taught me a lesson (which was worth a brand new phone at the time of the incident and now it’s worth more than a laptop).

I am still investigating the incident and hoping to give a more detailed postmortem.

In the mean time I will not be deploying new contracts for upcoming Ethereum London and Ethereum Codeup to protect our participants and myself.

Thank you for reading this and I appreciate your understanding.

Thanks.

Makoto