Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday July 20 2017, @11:09AM   Printer-friendly
from the oops dept.

Submitted via IRC for Bytram

A vulnerability in Parity's Ethereum wallet software has been exploited by thieves to rob victims on a massive scale.

A few hours ago, Parity told its users to move their ETH holdings from their in-browser wallets to more secure accounts immediately:

The warning came after three transactions appeared on Etherscan.io, in which accounts were drained of 150,000 coins worth just over US$30 million at the current price. It's understood a trivial programming blunder in Parity's code allowed crooks to hijack strangers' wallets at will.

Coindesk reports 377,000 more Ether were at risk of theft, but were drained into holding accounts by white hats. That gallant action was outlined by Kurt Knudsen on Parity's Gitter channel:

The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract. This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. Thank you to the greater Ethereum Community that helped finding these vulnerable contracts. The White Hat account currently holding the rescued funds is [here].

Source: https://www.theregister.co.uk/2017/07/20/us30_million_below_parity_ethereum_bug_leads_to_big_coin_heist/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday July 20 2017, @02:09PM

    by Anonymous Coward on Thursday July 20 2017, @02:09PM (#541911)

    I avoided the whole ETC thing over the "Turing complete" aspect alone.