Parity multisig hack resulting in 153,037 stolen ETH
On July 29th, 2017 Parity, the Ethereum multisig wallet company, issued a security alert notifying users that the v1.5 or later version of their wallet had a serious vulnerability. That day a black-hat hacker used the vulnerability to drain the Parity wallets of three Ethereum projects, stealing a combined 153,037 ETH from Swarm City, Edgeless, Aeternity.
Parity urged users of their multi-sig to move funds to secure addresses right away. In total 596 wallets containing upwards of $1.5 Billion in tokens were at risk.
The vulnerability was spotted by white-hat hackers from the Ethereum community, but they quickly realized there was no way to reverse the theft. The only available option was to prevent further damage by hacking the remaining wallets before the attacker did. They used the same exploit to drain all remaining funds from the at-risk wallets for safe keeping.
Once Parity fixed the vulnerability the white-hats returned a total of 377,105 ETH to the wallets they preventatively drained. However the black-hat hacker got a way with the 153,037 ETH that belonged to Swarm City, Edgeless, and Aeternity.
The attack explained in detail
The bug, specific to the multi-signature contract known as wallet.sol, allowed the hacker to take ownership of a victim’s wallet with a single transaction. According to Parity the bug was in a pair of extremely sensitive functions used during wallet set up. The functions should have been protected such that they would only be usable during the wallet creation process. But they were left entirely unguarded, giving the attacker the ability to reset the ownership and usage parameters of each Parity wallet they targeted.
Developers have noted that this exploit was very simple to do: “the hacker found a programmer-introduced bug in the code that let them re-initialize the wallet, almost like restoring it to factory settings. Once they did that, they were free to set themselves as the new owners, and then walk out with everything,” said an anonymous commenter.
The attacker sent two transactions to each of the affected contracts: the first to obtain exclusive ownership of the multisig, and the second to move all of its funds.
We can see that the first transaction is a call to initWallet (line 216 of WalletLibrary):
This function was probably created as a way to extract the wallet’s constructor logic into a separate library. This uses a similar idea to the proxy libraries pattern discussed here. The wallet contract forwards all unmatched function calls to the library using delegatecall, which you can see in line 424 of the Wallet contract:
This causes all public functions from the library to be callable by anyone, including initWallet, which can change the contract’s owners. Unfortunately, initWallet has no checks to prevent an attacker from calling it after the contract is initialized. The attacker exploited this and simply changed the contract’s “m_owners” state variable to a list containing only their address, and requiring just one confirmation to execute any transaction:
After that it was just a matter of invoking the execute function to send all funds to an account controlled by the attacker:
This execution was automatically authorized, since the attacker was then the only owner of the multisig, obtaining sole control of the contract and all of its funds.
On July 20th, 2017 Parity released the hack’s postmortem stating that the wallets have been secured: “We already disabled the use of the broken code (it requires use of an on-chain registered resource which we were able to quickly unregister), which means future multi-sig wallets created in all versions of Parity Wallet have no known exploits.”
The impact and the projects affected
The 153k ETH hack affected three projects: æternity (82k stolen ETH), Swarm City (44k ETH), and Edgeless (26k ETH).
The news quickly caught the attention of the mainstream media (CNBC, Coindesk) causing ETH price to fall from around $235 to $196, according to Coindesk data. The price was quick to recover as this was not a flaw in Ethereum or in smart contracts in general, but rather a developer’s error in a particular contract. The developers involved were a cross-collaboration between the Ethereum foundation, the Parity core team, and members of the open-source community. Afterwards the code underwent vigorous peer review, and is now considered to be the highest standard of programming that exists in the Ethereum ecosystem.
Latest case developments
The 153k stolen ETH is currently valued at approximately $500 Million USD. In the last 4 years however, the hacker has only managed to move X% of the funds, leaving X ETH resting in the original hacker’s wallet < link.
Now that all of the hacker’s addresses are tagged, and due to the nature of blockchain technology itself, the hacker has little opportunity to cash out the remaining funds through centralized exchanges. Even so, during the last few months the hacker was spotted trying to move funds to Binance (1.5 ETH), FTX (500+ ETH), and Poloniex (797 ETH).
Because this is one of the largest crypto hacks ever, there is an enormous incentive for affected projects to double down on their investigative efforts. And as the price of ETH continues to rise, the hacker is having an increasingly more difficult time moving funds.
For example, take a look at the recent Poly Network hack. The hacker ended up returning all of the $600 Million USD they took. Though they claimed their actions were to shed a light on a vulnerability in the network, others argue that the hacker saw no way of cashing out the stolen funds without getting caught. And once they realized this, they decided to go the “white hat” way. Nevertheless the case still shows that blockchain hackers are having a hard time washing stolen funds due to how easy it has become to trace transactions on a blockchain.
In August 2021 Edgeless, Swarm City, and Aeternity confirmed that after a 4 year investigation, they managed to get a serious trace on the hacker. The projects have aligned on a joint bounty program, to offer the hacker as a potential trade for no longer pursuing legal action. The details of the bounty program are linked below.
Contact Information
Rewarding any useful information: official@parityhack.io
Official LinkTree: https://linktr.ee/parityhacktrace
Thank you.
