Ethereum
Parity Hacker Returns and Launders $9 Million in Ethereum After 7 Years of Inactivity
According to reports from Cyvers Alerts, the hacker who stole 150,000 ETH from Parity Multisig Wallet version 1.5 in 2017 has resurfaced, moving the stolen Ethereum worth $9 million to the cryptocurrency exchange eXch.
The hacker still controls 83,017 ETH, worth $246.6 million stolen in the 2017 incident.
$9 million worth of Ethereum laundered
An article in X by Cyvers Alerts acknowledges the hacker’s remarkable patience, marking a significant event in the history of cryptocurrencies. They began laundering 3,050 ETH, the equivalent of $9 million, through eXch, using various consolidated addresses.
The initial incident, dating back to July 2017, was caused by a bug identified in a multi-signature contract named wallet.sol, which affected version 1.5 or later of Parity’s wallet software.
The hacker found a bug introduced by the programmer that allowed him to reset the wallet, thereby restoring it to factory settings. This vulnerability allowed the bad actor to take control of the victims’ wallet with a single transaction.
The incident led to unauthorized access and theft of over 150,000 ETH, valued at $30 million at the time but now worth $442 million at current prices.
Parity Technologies, the company behind the affected wallet, described the severity of the bug as “critical” and issued public statements advising users with funds in multi-signature wallets to transfer their assets to secure addresses.
However, hackers managed to recover 377,000 ETH potentially at risk due to the same vulnerability, bringing some relief to affected users.
Analysts argue for robust coding standards
Analysts from OpenZeppelin, a blockchain infrastructure platform, provided an overview of possible measures that could have prevented the attack. They highlighted the importance of avoiding the use of certain coding methods, such as the “delegatecall” function, which functions as a universal referral mechanism.
They also highlighted the importance of following robust coding standards within the Ethereum ecosystem, warning that neglecting such protocols could lead to serious consequences, even in cases of seemingly minor bugs.
Parity Technologies, known for its involvement in the development of the Polkadot blockchain and Ethereum’s Parity client, develops multi-signature wallets like Parity.
These wallets, designed as smart contracts, they enable the management of cryptocurrency assets through a collective agreement between multiple owners. They offer features such as daily withdrawal limits, voting mechanisms and ownership changes.