BlockParty security alert
The BlockParty deployment account was compromised and ETH 1.2 was transferred into an unknown account.
The incident itself happened on 6th December but unfortunately I did not notice until 13th January when I was about to deploy a new contract for the upcoming London Ethereum meetup.
When I found out the incident, there was still ETH 0.05 unclaimed deposit from the October meetup . I cleared up the deposit from the contract and transferred to a different account so should be safe for now.
I still do not know exactly how it was stolen but it is partly down to my poor key management practice and this definitely taught me a lesson (which was worth a brand new phone at the time of the incident and now it’s worth more than a laptop).
I am still investigating the incident and hoping to give a more detailed postmortem.
In the mean time I will not be deploying new contracts for upcoming Ethereum London and Ethereum Codeup to protect our participants and myself.
Thank you for reading this and I appreciate your understanding.
Thanks.
Makoto