For the second time in a week, hackers have managed to steal millions of dollars’ worth of digital currency Ethereum. In this latest instance, around 153,000 Ether worth approximately $34 million was taken from three separate multi-signature wallets, but it could have been even worse.
A coding fault in digital wallet service Parity allowed the cybercriminal to make off with Ether from three projects that had recently completed initial coin offerings (ICOs).
"A vulnerability in Parity Wallet's variant of the standard multi-sig contract has been found," wrote Parity founder Gavin Wood in a critical security notice. Users were advised to "immediately move assets contained in the multi-sig wallet to a secure address."
Proof of Existence creator Manual Araoz suggested Edgeless Casino, Swarm City, and æternity blockchain were the three multi-sig wallets affected. Swarm City has since confirmed it lost 44,055 ETH in the hack.
While $34 million is an eye-watering amount, it could have been even higher, were it not for the quick thinking of some white hat hackers. They were able to save over 337,000 Ether worth more than $85 million by siphoning it from other wallets.
"White hat group(s) were made aware of a vulnerability in a specific version of a commonly used multi-sig contract. This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multi-sig they could find as quickly as possible," the White Hat Group explained on Reddit.
The group has promised to return the funds to the rightful owners once it creates a new multi-sig with the same settings for each individual, minus the vulnerability.
On Monday, hackers stole around $10.3 million of Ethereum from CoinDash by simply replacing the wallet address listed on its website with one belonging to the perpetrators.