A "critical" vulnerability in Parity Wallet's variant of the standard multi-sig contract has resulted in 153,000 ETH, equivalent to approximately $31 million, being stolen from several projects, including Edgeless Casino, Aeternity, and Swarm City.
A security alert was issued by Parity Technologies on Wednesday. Users with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST were affected, and single user wallets remained unaffected. Parity Technologies advised users to move assets contained in the multi-sig wallet to a secure address.
A press release from Swarm City read, “At approximately 12:30 PM ET Bernd Lapp, Business Hive leader noticed that the entire contents of the Swarm City ETH multi-sig wallet had been drained. Bernd checked the receiving address and noticed a few very large transactions had hit the same wallet. We alerted the Ethereum Foundation and multiple developer groups immediately.” Swarm City lost about 44,055 ETH because of the breach.
Parity founder and CTO Gavin Wood wrote, “There is an effort by the foundation underway to secure funds in other wallets to prevent any further compromises; they will make an announcement in their own time.”
As per an update by Parity Technologies on July 20, 2017, 00:26 CEST, the future multi-sig wallets created by versions of Parity are secure.
The incident is another setback for the Ethereum community. CoinDash was recently hacked during its Initial Coin Offering schedule on July 17, which resulted in a loss of approximately $7 million in Ether. (See also: ICO Hackers Steal $7 Million of Ether)
Initial Coin Offering (ICO) is the new way to raise capital in the cryptocurrency world. It is used by startups to bypass the rigorous and regulated capital-raising process required by venture capitalists or banks. In an ICO campaign, a percentage of the cryptocurrency is sold to early backers of the project in exchange for legal tender or other cryptocurrencies, but usually for Bitcoin.
While on one hand, cryptocurrencies, especially Bitcoin and Ethereum, are gaining mainstream attention and investment, such incidents always add apprehension among investors, dampening the mood in the community. These incidents bring into focus the challenges that lie ahead and raise the constant need to up security protocols.