How $30m of Ethereum Was Stolen
The Parity Wallet and the Bug
Our CTO Neeraj Murarka recently talked about the Parity multisig wallet hack happened in mid July. You can watch the video here:
What Happened?
150,000 ethers, worth $30 million was stolen.
Parity Wallet vs. Normal Bitcoin/Ethereum Wallet
In normal Bitcoin/Ethereum wallet, there is a public key and a private key. The private key is only known by the owner and is used to sign every transaction.
While in the Parity Multisig Wallet, N/M signatures is used to sign transactions. N represents the number of signatures required for each transaction. M represents the number of owners. The number of owners and who are they are decided when the wallet is created. This method is popular among ICOs.
So What was the Bug in the Parity Wallet?
For security, it should not be able to change the list of owners after the wallet is created. However, a Zero-day Exploit happened. The hackers found the way into the wallet and changed it to a 1/1 multi-sig wallet. They then transferred all the funds to another wallet that no one else had control of.
Fortunately, before these hackers were able to steal the funds from other wallets, another group of white-hat hackers detected this hack and pre-stored the funds to a safer wallet under their control. They said they would refund those rightful owners once proper claims are made.
Since then, the bug has been fixed and multi-sig wallet is still being used.
Interested to discuss more or propose your favourite topic? Join our Telegram group to engage directly with our team.
