zapphirecoins (OP)
Member
Offline
Activity: 95
Merit: 10
Your gateway to pay a digital advertising on earth
|
|
August 24, 2017, 09:22:11 AM Last edit: August 24, 2017, 11:12:28 AM by zapphirecoins |
|
Yesterday, a hacker pulled off the second biggest heist in the history of digital currencies. Around 12:00 PST, an unknown attacker exploited a critical flaw in the Parity multi-signature wallet on the Ethereum network, draining three massive wallets of over $31,000,000 worth of Ether in a matter of minutes. Given a couple more hours, the hacker could’ve made off with over $180,000,000 from vulnerable wallets. But someone stopped them.
Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did.
By exploiting the same vulnerability, the white-hats hacked all of the remaining at-risk wallets and drained their accounts, effectively preventing the attacker from reaching any of the remaining $150,000,000. Yes, you read that right.
To prevent the hacker from robbing any more banks, the white-hats wrote software to rob all of the remaining banks in the world. Once the money was safely stolen, they began the process of returning the funds to their respective account holders. The people who had their money saved by this heroic feat are now in the process of retrieving their funds.
It’s an extraordinary story, and it has significant implications for the world of cryptocurrencies. It’s important to understand that this exploit was not a vulnerability in Ethereum or in Parity itself. Rather, it was a vulnerability in the default smart contract code that the Parity client gives the user for deploying multi-signature wallets.
This is all pretty complicated, so to make the details of this clear for everyone, this post is broken into three parts: What exactly happened? An explanation of Ethereum, smart contracts, and multi-signature wallets. How did they do it? A technical explanation of the attack (specifically for programmers). What now? The attack’s implications about the future and security of smart contracts.
Courtesy by : Haseeb Qureshi
|
¦ ¦ ¦¦ .ZAPcoin.....¦¦¦¦ EVERYONE SHOULD HAVE IT¦¦¦¦ . ZAPcoin ¦¦¦¦
|
|
|
AdolfinWolf
Legendary
Offline
Activity: 1946
Merit: 1427
|
|
August 24, 2017, 04:48:26 PM |
|
Yesterday, a hacker pulled off the second biggest heist in the history of digital currencies. Around 12:00 PST, an unknown attacker exploited a critical flaw in the Parity multi-signature wallet on the Ethereum network, draining three massive wallets of over $31,000,000 worth of Ether in a matter of minutes. Given a couple more hours, the hacker could’ve made off with over $180,000,000 from vulnerable wallets. But someone stopped them.
Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did.
By exploiting the same vulnerability, the white-hats hacked all of the remaining at-risk wallets and drained their accounts, effectively preventing the attacker from reaching any of the remaining $150,000,000. Yes, you read that right.
To prevent the hacker from robbing any more banks, the white-hats wrote software to rob all of the remaining banks in the world. Once the money was safely stolen, they began the process of returning the funds to their respective account holders. The people who had their money saved by this heroic feat are now in the process of retrieving their funds.
It’s an extraordinary story, and it has significant implications for the world of cryptocurrencies. It’s important to understand that this exploit was not a vulnerability in Ethereum or in Parity itself. Rather, it was a vulnerability in the default smart contract code that the Parity client gives the user for deploying multi-signature wallets.
This is all pretty complicated, so to make the details of this clear for everyone, this post is broken into three parts: What exactly happened? An explanation of Ethereum, smart contracts, and multi-signature wallets. How did they do it? A technical explanation of the attack (specifically for programmers). What now? The attack’s implications about the future and security of smart contracts.
Courtesy by : Haseeb Qureshi
Is there any explanation online on how the hack could have happend? The technical details behind it? This seems pretty big to me. Wondering why i haven't really heard about it.
|
|
|
|
bapparabi
|
|
August 24, 2017, 04:52:04 PM |
|
what is source of this article because this happen before also this new hack again ..form where you get this news ??
|
|
|
|
Kemarit
Legendary
Offline
Activity: 3220
Merit: 1385
Fully Regulated Crypto Casino
|
|
August 24, 2017, 05:06:35 PM |
|
what is source of this article because this happen before also this new hack again ..form where you get this news ??
I think this is not a new attack but rather it happened around last month of this year. This is not new. And its not the flaw design in Ethereum or Smart contracts but rather the programmers faults. Its a simple design flaw that the hacker or group of hackers was able to exploit. Good thing the funds was not totally drain because of the action of the white hackers. And I think the funds has been released already to the right owners. Is there any explanation online on how the hack could have happend? The technical details behind it? This seems pretty big to me. Wondering why i haven't really heard about it.
To really understand how the hacker exploited it. Here is a detail explanation: http://haseebq.com/a-hacker-stole-31m-of-ether/It's really the deveoper's fault, However, we are all human and prone to mistakes. I been a programmer myself and I have encountered a lot of design flaw. That's is why I moved to Software Testing or QA to found defects before releasing the software. However, I'm no longer in the IT industry anymore.
|
|
|
|
poordeveloper
|
|
August 24, 2017, 05:22:50 PM |
|
So it was a security bug in the Smart Contract itself?
|
|
|
|
cubevtc
|
|
August 24, 2017, 05:25:19 PM |
|
cant bee real cripto still not hacked but anyone is to hard hacked this
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
August 24, 2017, 05:28:46 PM |
|
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3066
Merit: 2166
Playgram - The Telegram Casino
|
|
August 24, 2017, 09:59:20 PM |
|
Is there any explanation online on how the hack could have happend? The technical details behind it? This seems pretty big to me. Wondering why i haven't really heard about it.
So it was a security bug in the Smart Contract itself?
It's old news and it was caused by a bug in the multi-sig part of the smart contract itself. Not the first time this happened on Ethereum and judging by the language and platform design of Solidity most likely not the last. Maybe someone with deeper knowledge of Ethereum can correct me, but the root of the error was supposedly a wallet initialization function that was accidentally exposed as a public function. I still don't get the rationale behind making Solidity functions public by default, on a platform that is supposed to uphold billions of dollars worth of irreversible transactions.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
|
|
|
Farfenkugel
Member
Offline
Activity: 78
Merit: 10
|
|
August 25, 2017, 12:20:50 AM |
|
I also believe this has happened few month(s) ago. But im not sure wether they hacked the "other" accounts or did they stole it back from the hacker him self ? That's what i remember reading.
|
|
|
|
zapphirecoins (OP)
Member
Offline
Activity: 95
Merit: 10
Your gateway to pay a digital advertising on earth
|
|
August 25, 2017, 12:59:00 AM |
|
|
¦ ¦ ¦¦ .ZAPcoin.....¦¦¦¦ EVERYONE SHOULD HAVE IT¦¦¦¦ . ZAPcoin ¦¦¦¦
|
|
|
TryNinja
Legendary
Offline
Activity: 2968
Merit: 7379
|
|
August 25, 2017, 01:24:24 AM |
|
I also believe this has happened few month(s) ago. But im not sure wether they hacked the "other" accounts or did they stole it back from the hacker him self ? That's what i remember reading.
Yes. This happened a month ago. Not sure why OP is resposting this here. What happened is also clear in the news: Hackers found a way to exploit a flaw in the Parity multi-signature wallet, which lead them to steal $31 millions worth of ETH. After that, a white-hat hacker team used from the same exploit to drain the remaining ETH ($85 millions worth) from other wallets with the same vulnerability, so they could prevent the bad guys from taking more ETH.
|
|
|
|
TheCoinFinder
Legendary
Offline
Activity: 938
Merit: 1001
|
|
August 25, 2017, 04:12:52 AM |
|
It is old news but good to repost it here because we even don't have enough time to roam whole news pages outside the forum. The hacker who looted this massive amount of ethereums looks a professional in this field,may have also some other previous successful hack attemps.
|
|
|
|
Weawant
|
|
August 25, 2017, 05:58:27 AM |
|
So what is the intention for posting this old shit here? Do you want to create some panic so that ETHER price would go down? maybe we doesn't know the real score on this post but maybe it's very best to each one of us to move to another level and forget the old issue surround by it. ETH is became more stable these days and maybe it can gain its own momentum later on next month.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
warningsigns
|
|
August 25, 2017, 06:14:36 AM |
|
The criminal energy and sophistication is incredible. Breaking into a simple wallet is hard enough. And you have these criminals who must be very educated. They have a strong technical know how if they can exploit vulnerabilities of these wallets within minutes. The mathematics of data encryption is not for a newbie. This is a highly coordinated work of intelligent felons.
Stealing $31m in minutes is to be condemned but somehow I feel like they are to be commended for the feat. As much as I detest thieves, pulling it off in minutes is almost not human and rivals if not even surpasses legendary thefts of the past century.
|
|
|
|
siddartha1492
|
|
August 25, 2017, 07:28:45 AM |
|
Wow, that a big amount! Hackers hackers everywhere. Sometimes I think what's the use of amassing so much wealth when a hacker can steal em' all. No matter how much precautions u take, they always find a way to screw us....
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3066
Merit: 2166
Playgram - The Telegram Casino
|
|
August 25, 2017, 09:44:36 AM |
|
The criminal energy and sophistication is incredible. Breaking into a simple wallet is hard enough. And you have these criminals who must be very educated. They have a strong technical know how if they can exploit vulnerabilities of these wallets within minutes. The mathematics of data encryption is not for a newbie. This is a highly coordinated work of intelligent felons. This exploit had nothing to do with encryption or cryptography. It was a simple run-of-the-mill bug that got overlooked by code review and found by the wrong people. In most cases the bug would have simply been reported or left unnoticed for a long time such as Apple's gotofail and Heartbleed. However a bug that could potentially net you a 9 digit sum of anonymous digital money with little to no recourse... that's one very tempting bug bounty.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
|
|
|
faithupgrade
Sr. Member
Offline
Activity: 475
Merit: 253
ARCS - A New World Token
|
|
August 25, 2017, 02:15:44 PM |
|
I'm using MyEtherWallet is it safe? I also have some ETH coins from Etherdelta is it safe there too?
|
|
|
|
sfireman
Full Member
Offline
Activity: 206
Merit: 100
Decentralized Ascending Auctions on Blockchain
|
|
August 26, 2017, 01:34:48 AM |
|
I'm hear this before but it's a white hacker.. Lucky.
|
|
|
|
cpfreeplz
Legendary
Offline
Activity: 966
Merit: 1042
|
|
August 26, 2017, 03:26:09 AM |
|
Lol shit wallet with non random keys. That's hilarious. Hmmmm should ETH hard fork on a dime like the last few times everything went to shit after a hack? Such a shitcoin.
|
|
|
|
|
|