According to reports from Cyvers Alerts, the hacker who stole 150,000 ETH from the Parity Multisig Wallet version 1.5 in 2017 has resurfaced, moving stolen Ethereum worth $9 million to cryptocurrency exchange eXch.
The hacker still has control over 83,017 ETH, amounting to $246.6 million stolen during the 2017 incident.
$9M Worth of Ethereum Laundered
A post from X by Cyvers Alerts acknowledges the hacker’s notable patience, marking a significant event in cryptocurrency history. They commenced the laundering of 3,050 ETH, equivalent to $9M, through eXch, employing various consolidated addresses.
ALERT In 2017, a vulnerability in Parity Multisig Wallet version 1.5+ led to the theft of over 150K ETH, valued at approximately $30M USD at the time.
The hacker behind this theft has demonstrated remarkable patience, marking a significant chapter in crypto history. Today,… pic.twitter.com/JPD5nJcmrJ
— Cyvers Alerts (@CyversAlerts) May 13, 2024
The original incident, dating back to July 2017, was caused by a bug identified in a multi-signature contract named wallet.sol, which affected the v1.5 or later versions of Parity’s wallet software.
The hacker found a programmer-introduced bug that allowed them to re-initialize the wallet, effectively restoring it to factory settings. This vulnerability allowed the bad actor to gain control of victims’ wallets with a single transaction.
The incident led to unauthorized access and the theft of over 150,000 ETH, valued at $30 million at the time but now worth $442 million at current prices.
Parity Technologies, the company behind the affected wallet, classified the bug’s severity as “critical” and issued public statements advising users with funds in multi-sig wallets to transfer their assets to secure addresses.
However, white hat hackers managed to recover 377,000 ETH that were potentially at risk due to the same vulnerability, providing some relief to affected users.
Analysts Advocate for Robust Coding Standards
Analysts from OpenZeppelin, a blockchain infrastructure platform, provided insights into the possible steps that could have prevented the attack. They emphasized the importance of avoiding the use of certain coding methods, such as the “delegatecall” function, which functioned as a universal forwarding mechanism.
They also emphasized the importance of following robust coding standards within the Ethereum ecosystem, cautioning that overlooking such protocols could result in severe consequences, even from bugs that seem minor.
Parity Technologies, known for its involvement in developing the Polkadot blockchain and Ethereum’s Parity client, develops multi-signature wallets like Parity.
These wallets, designed as smart contracts, enable the management of cryptocurrency assets through a collective agreement among multiple owners. They offer features such as daily withdrawal limits, voting mechanisms, and ownership changes.