Bitcoin Forum
December 12, 2017, 06:21:05 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: A hacker stole $31M of Ether   (Read 974 times)
zapphirecoins
Member
**
Offline Offline

Activity: 95

Your gateway to pay a digital advertising on earth


View Profile WWW
August 24, 2017, 09:22:11 AM
 #1

Yesterday, a hacker pulled off the second biggest heist in the history of digital currencies.
Around 12:00 PST, an unknown attacker exploited a critical flaw in the Parity multi-signature wallet on the Ethereum network, draining three massive wallets of over $31,000,000 worth of Ether in a matter of minutes. Given a couple more hours, the hacker could’ve made off with over $180,000,000 from vulnerable wallets.
But someone stopped them.

Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did.

By exploiting the same vulnerability, the white-hats hacked all of the remaining at-risk wallets and drained their accounts, effectively preventing the attacker from reaching any of the remaining $150,000,000.
Yes, you read that right.

To prevent the hacker from robbing any more banks, the white-hats wrote software to rob all of the remaining banks in the world. Once the money was safely stolen, they began the process of returning the funds to their respective account holders. The people who had their money saved by this heroic feat are now in the process of retrieving their funds.

It’s an extraordinary story, and it has significant implications for the world of cryptocurrencies.
It’s important to understand that this exploit was not a vulnerability in Ethereum or in Parity itself. Rather, it was a vulnerability in the default smart contract code that the Parity client gives the user for deploying multi-signature wallets.

This is all pretty complicated, so to make the details of this clear for everyone, this post is broken into three parts:
What exactly happened? An explanation of Ethereum, smart contracts, and multi-signature wallets.
How did they do it? A technical explanation of the attack (specifically for programmers).
What now? The attack’s implications about the future and security of smart contracts.


Courtesy by : Haseeb Qureshi

¦ ¦ ¦¦   .ZAPcoin.....¦¦¦¦   EVERYONE SHOULD HAVE IT¦¦¦¦   . ZAPcoin        ¦¦¦¦
1513059665
Hero Member
*
Offline Offline

Posts: 1513059665

View Profile Personal Message (Offline)

Ignore
1513059665
Reply with quote  #2

1513059665
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
AdolfinWolf
Hero Member
*****
Offline Offline

Activity: 532


Vincit qui se vincit


View Profile
August 24, 2017, 04:48:26 PM
 #2

Yesterday, a hacker pulled off the second biggest heist in the history of digital currencies.
Around 12:00 PST, an unknown attacker exploited a critical flaw in the Parity multi-signature wallet on the Ethereum network, draining three massive wallets of over $31,000,000 worth of Ether in a matter of minutes. Given a couple more hours, the hacker could’ve made off with over $180,000,000 from vulnerable wallets.
But someone stopped them.

Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did.

By exploiting the same vulnerability, the white-hats hacked all of the remaining at-risk wallets and drained their accounts, effectively preventing the attacker from reaching any of the remaining $150,000,000.
Yes, you read that right.

To prevent the hacker from robbing any more banks, the white-hats wrote software to rob all of the remaining banks in the world. Once the money was safely stolen, they began the process of returning the funds to their respective account holders. The people who had their money saved by this heroic feat are now in the process of retrieving their funds.

It’s an extraordinary story, and it has significant implications for the world of cryptocurrencies.
It’s important to understand that this exploit was not a vulnerability in Ethereum or in Parity itself. Rather, it was a vulnerability in the default smart contract code that the Parity client gives the user for deploying multi-signature wallets.

This is all pretty complicated, so to make the details of this clear for everyone, this post is broken into three parts:
What exactly happened? An explanation of Ethereum, smart contracts, and multi-signature wallets.
How did they do it? A technical explanation of the attack (specifically for programmers).
What now? The attack’s implications about the future and security of smart contracts.


Courtesy by : Haseeb Qureshi

Is there any explanation online on how the hack could have happend? The technical details behind it? This seems pretty big to me. Wondering why i haven't really heard about it.

bapparabi
Hero Member
*****
Offline Offline

Activity: 826


View Profile
August 24, 2017, 04:52:04 PM
 #3

what is source of this article because this happen before also this new hack again ..form where you get this news ??
Kemarit
Hero Member
*****
Offline Offline

Activity: 742


View Profile
August 24, 2017, 05:06:35 PM
 #4

what is source of this article because this happen before also this new hack again ..form where you get this news ??

I think this is not a new attack but rather it happened around last month of this year. This is not new. And its not the flaw design in Ethereum or Smart contracts but rather the programmers faults. Its a simple design flaw that the hacker or group of hackers was able to exploit. Good thing the funds was not totally drain because of the action of the white hackers. And I think the funds has been released already to the right owners.

Is there any explanation online on how the hack could have happend? The technical details behind it? This seems pretty big to me. Wondering why i haven't really heard about it.

To really understand how the hacker exploited it. Here is a detail explanation:

http://haseebq.com/a-hacker-stole-31m-of-ether/

It's really the deveoper's fault, However, we are all human and prone to mistakes. I been a programmer myself and I have encountered a lot of design flaw. That's is why I moved to Software Testing or QA to found defects before releasing the software. However, I'm no longer in the IT industry anymore.  Smiley

poordeveloper
Hero Member
*****
Offline Offline

Activity: 686


Bounty Manager


View Profile WWW
August 24, 2017, 05:22:50 PM
 #5

So it was a security bug in the Smart Contract itself?





               ▄██▄
             ▄██████▄
           ▄██████████
         ▄████████████
       ▄██████████████
     ▄██████████▀█████
   ▄██████████▀  █████
 ▄██████████▀    █████████████▄
██████████▀      ███████████████▄
 ▀██████████████ █████████████████
   ▀████████████       ▄████████▀
     ▀██████████     ▄████████▀
          ██████   ▄████████▀
          ██████ ▄████████▀
          ██████ ███████▀
           ▀████ █████▀
             ▀██ ███▀
                 █▀
FORTY
SEVEN
   
  We are Connecting Financial World
Regulated Decentralized European Crypto Bank  >>>>>>>>>
 


██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
 


██
██
██ ████
██ ████
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████
██ ████
██
██
 


██
 ██
████ ██
 ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
 ████ ██
████ ██
 ██
██
cubevtc
Sr. Member
****
Offline Offline

Activity: 336

https://1broker.com/?r=43504


View Profile WWW
August 24, 2017, 05:25:19 PM
 #6

cant bee real cripto still not hacked but anyone is to hard hacked this

░░░░░░░░░███░░░░░███░░░███
░░░░░░░░░░███░░░███░░░░███
░░░░░░░░░░░███▄██▀░░░░░███░░▄███
░░░░░░░░██░░████▀░░░░░░███▄███▀
░░░░░░░░██░░░███░▄███░░█████▀░░░░░░▄██
░░██▄░░░██░░░██████▀░░░███▀░░░░░░▄███▀
░░▀███▄░██░░░████▀░░░░ ███░░░░░░▄███▀
░░░░▀██▄██░░▄███░░░░░░███░░░░▄██████▄
██░░░▀████▄███░░░░░░███░░░▄███▀░░▀███▄
░░██░░░░▀█████░░░░░░███░░▄████░░░░░░▀██
░░░██░░░░░▀███▄░░░▄████▄███▀███▄
░░░░██▄▄▄▄▄██████████████▀░░░▀███▄
█████████████████████████░░░░░░████▄
░░░░░░░░░░░▄███▀░░░██████░░░░░██▀███████
░░░██▄░░░▄███▀░░░░███▀▀███░░░██░░░██
░░░░▀██▄███▀░░░░░███░░░░███░░░░░░░░██
░░░░░░███▀░░░░░▄███░░░░░░███░░░░░░░░██
░░░░░███░░░░░▄█████░░░░░░████
░░░░███░░░░▄███▀▀██░░░░░██▀███
░░░░░░░░░░███▀░░░██░░░░██▀░░███
░░░░░░░░░░▀▀░░░░░██░░▄██▀░░░░███
░░░░░░░░░░░░░░░░░██░░██░░░░░░░▀▀
░░░░░░░░░░░░░░░░░██
Synapse AI
[https://1broker.com]Decentralized Data and AI Marketplace[/url]
████░█▄
████░███▄
████▄▄▄▄▄
██▄▄▄▄▄██
██▄▄▄▄▄██
██▄▄▄▄▄██
█████████
[https://1broker.com]Whitepaper
░░░░▄▄████▄░░░▄
░▄███████░▀█░▀
██████████░█
░▀███████░▄█░▄
░░░██▀████▀░░░▀
░░░██
░░░██
ANN
▄███████████▄
███░░█░░█░░██░█▄
█████████████░██
░▀███▀▀▀▀▀▀▀░░██
░▄██░░▀████████▀
░▀▀░░░░░░░░░██▄
░░░░░░░░░░░░░▀▀
Rocket Chat

▶  Twitter
▶  Facebook
▶  [https://1broker.com]Website[/url]
escrow.ms
Legendary
*
Offline Offline

Activity: 1106

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
August 24, 2017, 05:28:46 PM
 #7

It's last month's new buddy.
https://www.cnbc.com/2017/07/20/32-million-worth-of-digital-currency-ether-stolen-by-hackers.html

Please click here to know why I have negative feedback. https://21.co/escrow/
Tip address: 1nPfxnncZqWvVP4UHT6XLfNzfaik7akQS
HeRetiK
Hero Member
*****
Offline Offline

Activity: 588


the forkings will continue until morale improves


View Profile
August 24, 2017, 09:59:20 PM
 #8

Is there any explanation online on how the hack could have happend? The technical details behind it? This seems pretty big to me. Wondering why i haven't really heard about it.

So it was a security bug in the Smart Contract itself?

It's old news and it was caused by a bug in the multi-sig part of the smart contract itself. Not the first time this happened on Ethereum and judging by the language and platform design of Solidity most likely not the last.

Maybe someone with deeper knowledge of Ethereum can correct me, but the root of the error was supposedly a wallet initialization function that was accidentally exposed as a public function. I still don't get the rationale behind making Solidity functions public by default, on a platform that is supposed to uphold billions of dollars worth of irreversible transactions.

Farfenkugel
Member
**
Offline Offline

Activity: 80


View Profile
August 25, 2017, 12:20:50 AM
 #9

I also believe this has happened few month(s) ago. But im not sure wether they hacked the "other" accounts or did they stole it back from the hacker him self ? That's what i remember reading.

zapphirecoins
Member
**
Offline Offline

Activity: 95

Your gateway to pay a digital advertising on earth


View Profile WWW
August 25, 2017, 12:59:00 AM
 #10

what is source of this article because this happen before also this new hack again ..form where you get this news ??

Please go here : https://medium.freecodecamp.org/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce?source=grid_home---8---ethereum---1-36---------------

¦ ¦ ¦¦   .ZAPcoin.....¦¦¦¦   EVERYONE SHOULD HAVE IT¦¦¦¦   . ZAPcoin        ¦¦¦¦
TryNinja
Hero Member
*****
Offline Offline

Activity: 490



View Profile
August 25, 2017, 01:24:24 AM
 #11

I also believe this has happened few month(s) ago. But im not sure wether they hacked the "other" accounts or did they stole it back from the hacker him self ? That's what i remember reading.
Yes. This happened a month ago. Not sure why OP is resposting this here.

What happened is also clear in the news:

Hackers found a way to exploit a flaw in the Parity multi-signature wallet, which lead them to steal $31 millions worth of ETH. After that, a white-hat hacker team used from the same exploit to drain the remaining ETH ($85 millions worth) from other wallets with the same vulnerability, so they could prevent the bad guys from taking more ETH.

TheCoinFinder
Legendary
*
Offline Offline

Activity: 896



View Profile
August 25, 2017, 04:12:52 AM
 #12

It is old news but good to repost it here because we even don't have enough time to roam whole news pages outside the forum.
The hacker who looted this massive amount of ethereums looks a professional in this field,may have also some other previous successful hack attemps.

Weawant
Sr. Member
****
Offline Offline

Activity: 290


🌟97🌟


View Profile
August 25, 2017, 05:58:27 AM
 #13

So what is the intention for posting this old shit here? Do you want to create some panic so that ETHER price would go down? maybe we doesn't know the real score on this post but maybe it's very best to each one of us to move to another level and forget the old issue surround by it. ETH is became more stable these days and maybe it can gain its own momentum later on next month.



            ▄▄▄▄▄▄▄▄
 ▄██▄ ▄▄▄▄████████████▄▄▄▄ ▄██▄
▐██████████████████████████████▌
 ▀████████████████████████████▀
  ▐██████████████████████████▌
  ████████████████████████████
 ▐████████████████████████████▌
 ████▀▀  ▀████████████▀  ▀▀████
▐█████▄    ▀████████▀    ▄█████▌
███████▄   ▐████████▌   ▄███████
 ▀███████ ▐██████████▌ ███████▀
   ▀█████ ████████████ █████▀
     ▀██▌████▀▀▀▀▀▀████▐██▀
       ▀ ▐███      ███▌ ▀
          ████▄  ▄████
          ▐████▌▐████▌
           ▀▀▀▀  ▀▀▀▀

 █                              █
▐█           ▄▄▄▄▄▄▄▄           █▌
███▄▄▄ ▄▄▄▄████████████▄▄▄▄ ▄▄▄███
▀████████████████████████████████▀
  ▀████████████████████████████▀
   ▐██████████████████████████▌
▄████████████████████████████████▄
██████████▀▀██████████▀▀██████████
  ▀▀▐█▀▀  ▀▄ ▀██████▀ ▄▀  ▀▀█▌▀▀
     ▀█▄    ▀ ██████ ▀    ▄█▀
      ▐██▄  ▐▐██████▌▌  ▄██▌
       ███ ▐██████████▌ ███
       ▐██  ▐████████▌  ██▌
        ██▌ ██████████ ▐██
         ▀ ▐██████████▌ ▀
           ██▄ ▀██▀ ▄██
           ▐██████████▌
            ▀▀▄▄▄▄▄▄▀▀
warningsigns
Hero Member
*****
Offline Offline

Activity: 756


View Profile
August 25, 2017, 06:14:36 AM
 #14

The criminal energy and sophistication is incredible. Breaking into a simple wallet is hard enough. And you have these criminals who must be very educated. They have a strong technical know how if they can exploit vulnerabilities of these wallets within minutes. The mathematics  of data encryption is not for a newbie. This is a highly coordinated work of intelligent felons.

Stealing $31m in minutes is to be condemned but somehow I feel like they are to be commended for the feat. As much as I detest thieves, pulling it off in minutes is almost not human and rivals if not even surpasses legendary thefts of the past century.


siddartha1492
Sr. Member
****
Online Online

Activity: 266


In love with Bitcoin!! 💓


View Profile WWW
August 25, 2017, 07:28:45 AM
 #15

Wow, that a big amount! Hackers hackers everywhere. Sometimes I think what's the use of amassing so much wealth when a hacker can steal em' all. No matter how much precautions u take, they always find a way to screw us....

HeRetiK
Hero Member
*****
Offline Offline

Activity: 588


the forkings will continue until morale improves


View Profile
August 25, 2017, 09:44:36 AM
 #16

The criminal energy and sophistication is incredible. Breaking into a simple wallet is hard enough. And you have these criminals who must be very educated. They have a strong technical know how if they can exploit vulnerabilities of these wallets within minutes. The mathematics  of data encryption is not for a newbie. This is a highly coordinated work of intelligent felons.

This exploit had nothing to do with encryption or cryptography. It was a simple run-of-the-mill bug that got overlooked by code review and found by the wrong people.

In most cases the bug would have simply been reported or left unnoticed for a long time such as Apple's gotofail and Heartbleed. However a bug that could potentially net you a 9 digit sum of anonymous digital money with little to no recourse... that's one very tempting bug bounty.

faithupgrade
Full Member
***
Offline Offline

Activity: 238



View Profile
August 25, 2017, 02:15:44 PM
 #17

I'm using MyEtherWallet is it safe? I also have some ETH coins from Etherdelta is it safe there too?

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ●    UTRUST // The FUTURE of Online Payments    ●  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬        whitepaper     facebook     twitter     slack         ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Main-ICO | Coming soon...
miraclefruit
Jr. Member
*
Offline Offline

Activity: 31


View Profile WWW
August 26, 2017, 01:33:08 AM
 #18

This is old news, I think you are a little late with this breaking event, lol

Redemption Technologies - https://Redemption.Cloud
sfireman
Member
**
Offline Offline

Activity: 119


View Profile
August 26, 2017, 01:34:48 AM
 #19

 Grin I'm hear this before but it's a white hacker.. Lucky.

[ CENTRA ] Multi-Blockchain Worldwide Debit Card & Insured Wallet
▞▬▬▬▞▬▬▬▞▬▬▬▞▬▬▬▞▬▬▬▞▬▬▬▚▬▬▬▚▬▬▬▚▬▬▬▚▬▬▬▚▬▬▬▚
FacebookSlackTwitter ‣ GithubMediumANN Thread
cpfreeplz
Hero Member
*****
Offline Offline

Activity: 756


Anonymous bitcoin mixer


View Profile
August 26, 2017, 03:26:09 AM
 #20

Lol shit wallet with non random keys. That's hilarious. Hmmmm should ETH hard fork on a dime like the last few times everything went to shit after a hack? Such a shitcoin.














 

 

█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
BitBlender 

 













 















 












 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!