Bitcoin Forum

Yesterday, a hacker pulled off the second biggest heist in the history of digital currencies.
Around 12:00 PST, an unknown attacker exploited a critical flaw in the Parity multi-signature wallet on the Ethereum network, draining three massive wallets of over $31,000,000 worth of Ether in a matter of minutes. Given a couple more hours, the hacker could’ve made off with over $180,000,000 from vulnerable wallets.
But someone stopped them.

Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did.

By exploiting the same vulnerability, the white-hats hacked all of the remaining at-risk wallets and drained their accounts, effectively preventing the attacker from reaching any of the remaining $150,000,000.
Yes, you read that right.

To prevent the hacker from robbing any more banks, the white-hats wrote software to rob all of the remaining banks in the world. Once the money was safely stolen, they began the process of returning the funds to their respective account holders. The people who had their money saved by this heroic feat are now in the process of retrieving their funds.

It’s an extraordinary story, and it has significant implications for the world of cryptocurrencies.
It’s important to understand that this exploit was not a vulnerability in Ethereum or in Parity itself. Rather, it was a vulnerability in the default smart contract code that the Parity client gives the user for deploying multi-signature wallets.

This is all pretty complicated, so to make the details of this clear for everyone, this post is broken into three parts:
What exactly happened? An explanation of Ethereum, smart contracts, and multi-signature wallets.
How did they do it? A technical explanation of the attack (specifically for programmers).
What now? The attack’s implications about the future and security of smart contracts.


Courtesy by : Haseeb Qureshi

Is there any explanation online on how the hack could have happend? The technical details behind it? This seems pretty big to me. Wondering why i haven't really heard about it.

what is source of this article because this happen before also this new hack again ..form where you get this news ??

I think this is not a new attack but rather it happened around last month of this year. This is not new. And its not the flaw design in Ethereum or Smart contracts but rather the programmers faults. Its a simple design flaw that the hacker or group of hackers was able to exploit. Good thing the funds was not totally drain because of the action of the white hackers. And I think the funds has been released already to the right owners.


To really understand how the hacker exploited it. Here is a detail explanation:

http://haseebq.com/a-hacker-stole-31m-of-ether/

It's really the deveoper's fault, However, we are all human and prone to mistakes. I been a programmer myself and I have encountered a lot of design flaw. That's is why I moved to Software Testing or QA to found defects before releasing the software. However, I'm no longer in the IT industry anymore.  :)

So it was a security bug in the Smart Contract itself?

cant bee real cripto still not hacked but anyone is to hard hacked this

It's last month's new buddy.
https://www.cnbc.com/2017/07/20/32-million-worth-of-digital-currency-ether-stolen-by-hackers.html

It's old news and it was caused by a bug in the multi-sig part of the smart contract itself. Not the first time this happened on Ethereum and judging by the language and platform design of Solidity most likely not the last.

Maybe someone with deeper knowledge of Ethereum can correct me, but the root of the error was supposedly a wallet initialization function that was accidentally exposed as a public function. I still don't get the rationale behind making Solidity functions public by default, on a platform that is supposed to uphold billions of dollars worth of irreversible transactions.

I also believe this has happened few month(s) ago. But im not sure wether they hacked the "other" accounts or did they stole it back from the hacker him self ? That's what i remember reading.

Please go here : https://medium.freecodecamp.org/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce?source=grid_home---8---ethereum---1-36--------------- (https://medium.freecodecamp.org/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce?source=grid_home---8---ethereum---1-36---------------)

Yes. This happened a month ago. Not sure why OP is resposting this here.

What happened is also clear in the news:

Hackers found a way to exploit a flaw in the Parity multi-signature wallet, which lead them to steal $31 millions worth of ETH. After that, a white-hat hacker team used from the same exploit to drain the remaining ETH ($85 millions worth) from other wallets with the same vulnerability, so they could prevent the bad guys from taking more ETH.

It is old news but good to repost it here because we even don't have enough time to roam whole news pages outside the forum.
The hacker who looted this massive amount of ethereums looks a professional in this field,may have also some other previous successful hack attemps.

So what is the intention for posting this old shit here? Do you want to create some panic so that ETHER price would go down? maybe we doesn't know the real score on this post but maybe it's very best to each one of us to move to another level and forget the old issue surround by it. ETH is became more stable these days and maybe it can gain its own momentum later on next month.

The criminal energy and sophistication is incredible. Breaking into a simple wallet is hard enough. And you have these criminals who must be very educated. They have a strong technical know how if they can exploit vulnerabilities of these wallets within minutes. The mathematics  of data encryption is not for a newbie. This is a highly coordinated work of intelligent felons.

Stealing $31m in minutes is to be condemned but somehow I feel like they are to be commended for the feat. As much as I detest thieves, pulling it off in minutes is almost not human and rivals if not even surpasses legendary thefts of the past century.

Wow, that a big amount! Hackers hackers everywhere. Sometimes I think what's the use of amassing so much wealth when a hacker can steal em' all. No matter how much precautions u take, they always find a way to screw us....

This exploit had nothing to do with encryption or cryptography. It was a simple run-of-the-mill bug that got overlooked by code review and found by the wrong people.

In most cases the bug would have simply been reported or left unnoticed for a long time such as Apple's gotofail and Heartbleed. However a bug that could potentially net you a 9 digit sum of anonymous digital money with little to no recourse... that's one very tempting bug bounty.

I'm using MyEtherWallet is it safe? I also have some ETH coins from Etherdelta is it safe there too?

 ;D I'm hear this before but it's a white hacker.. Lucky.

Lol shit wallet with non random keys. That's hilarious. Hmmmm should ETH hard fork on a dime like the last few times everything went to shit after a hack? Such a shitcoin.

Yesterday? looks like OP didn't edit anything just copy pasted from here this incident happened in July.
https://medium.freecodecamp.org/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce

Also, probably this should have been posted in the Press section of the forum. Anyway, at least he credited the author of the aritcle. Maybe it would have been better if this was posted on the day the article was released. Another point is that this article has no point here, since there is nothing to be discussed aside from the article posted, such activity could have been done in the article itself.

OP is not updated for posting this article up and maybe he's on shock for seeing a huge loss by this scamming event. And I would love to agree with you that this topic should be moved there so that people who seeks proper articles on this kind of scenario can easily find and make this place clean for unrelated topic since we are at the service announcement section.

holding cryptos are always risky.

This is old news. I feel like the intention of OP is to create panic and FUD among ETH holders.
Also, important point to notice is the fact that ETH itself did not have the vulnerability rather the platform on top of ETH had the problem.