ETH Alert— $32 Million worth of ETH Stolen — Update 13
*This is a developing story, I will be updating as I get more information. And the information is unverified. *
Update 13 (Unconfirmed)
There seems to be more people helping Whitehat group to secure the funds:
Dave Appleton @DaveAppleton 03:45
It looks like there were copycat attacks later
Micah Zoltu @MicahZoltu 03:45
@DaveAppleton Of significance?
Dave Appleton @DaveAppleton 03:46
Yup — saw 1600 ether in one — went here
ETH Address
ETH Transaxction
Oleksii Matiiasevych @lastperson 03:57
this was me, helping out to white hat group
Update 12
The Ethereum Foundation have said that they are not related to the WhiteHat group and is not involved in securing the funds.
Hudson Jameson @Souptacular 03:38
@gavofyork
That previous statement by Gav is inaccurate. The Ethereum Foundation is not associated with the White Hat Group and was not involved in securing funds. That is the White Hat Group.
If anyone who is associated with the Ethereum Foundation assisted in understanding the vulnerability that is on their own.
History
Some History of the The DAO Hack captured and explained:
Update 11
Update 10
Update 9
For the Mulitisig parity wallet vulnerability, fix is commited:
Michael @TripleSpeeder
Fix committed on github: paritytech/parity@e06a1e8
Jordan Earls @Earlz 02:58
No regression test to ensure it can’t happen due to code changes in the future?
Some more info on how the funds will be secured from WhiteHat hacker
Update 8
The current mess has even made Ethereum Founder Vitalik Buterin to react:
In response to the messages like below:
Update 7 — Explanation of the whole scenario
Few hours back ETH worth $32 million was reported to be stolen. It has exploited a vulnerability in the parity multisig contract for versions 1.5 and above.
3 accounts have been compromised; those visible here: https://etherscan.io/address/0xb3764761e297d6f121e79c32a65829cd1ddb4d32#internaltx
After this was reported, foundation reported the issue to Whitehat hackers so that they can secure the funds in other eth accounts exposed to the same vulnerability and secured to a single account. This caused more chaos and panic but now the issue seems to be clearing hence the statement given in Update 6.
The WhiteHat address where the tokens are secured is given below;
https://etherscan.io/address/0x1dba1131000664b884a1ba238464159892252d3a
If you have a parity wallet and somehow you have lost some funds maliciously then you should track the above addresses. If your address in the whitehat eth address list then you have hope.
Update 6
Note: The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract. This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. Thank you to the greater Ethereum Community that helped finding these vulnerable contracts.
The White Hat account currently holding the rescued funds is https://etherscan.io/address/0x1dba1131000664b884a1ba238464159892252d3a .
If you hold a multisig contract that was drained, please be patient. They will be creating another multisig for you that has the same settings as your old multisig but with the vulnerability removed and will return your funds to you there.
According to etherscan.io
Update 5
Probable cause of the issue: “initWallet is not marked as internal”
Jordan Earls @Earlz 02:23
Well I mean shouldn’t this tx end in error since initWallet is internal? https://etherscan.io/tx/0x7ccab31c96aa35022e516ef10c4df8b9b1e3af103eb2f4c94e1d54f8987eb37f
Santiago Palladino @spalladino 02:23
initWallet is not marked as internal, hence the issue
Update 4
The ETH address seems to belong to the same person who attacked TheDAO
Now in ethscan has marked the hacker as MultisigExploit-WhiteHat
https://etherscan.io/address/0x1dba1131000664b884a1ba238464159892252d3a
Update 3
ETH prices Crashes 20% amid ICO fraud and Hacking controversy
https://twitter.com/zerohedge/status/887773421526016000
Update 2
$80 Million worth of ETH stolen. The attacker may be the one who committed the The DAO Hack
SECURITY ALERT
Severity: Critical
Product affected: Parity Wallet
Affected implementations: Parity 1.5 or later
Summary: A vulnerability in a version of the multi-sig wallet contract has been reported.
https://github.com/paritytech/parity/blob/master/js/src/contracts/snippets/enhanced-wallet.sol
Mitigation steps: Any user with funds in a multi-sig wallet created in Parity with the affected implementations should immediately move their funds to a secure address.
If you have a parity-based multisig, move your funds to a secure address ASAP.Team will be releasing an update with a fixed multisig implementation ASAP.
If you don’t have funds in a multisig, or it wasn’t created with parity, then you’ve nothing to do.
3 accounts have been compromised; those visible here: https://etherscan.io/address/0xb3764761e297d6f121e79c32a65829cd1ddb4d32#internaltx
There is an effort by the foundation underway to secure funds in other wallets to prevent any further compromises; they will make an announcement in their own time.
And for those expecting for a rollback like The DAO, it may not happen.
e.g
Jordan Earls @Earlz 01:31
Wow, wonder if we’ll see a fork to revert this like they did with the DAO
Chris Padovano @decentralizedlegal 01:32
We will not.
