Advertisement

Hackers steal $32 million in Ether cryptocurrency hack

Wednesday's incident quickly follows the theft of around $7.4 million dollars worth of ether reported earlier this week.
computer dark web dark net cryptocurrency
(Pixabay)

Hackers have stolen $32 million worth of Ether, a popular and increasingly valuable cryptocurrency, by exploiting a critical security vulnerability in wallet software that allowed an attacker to steal over 153,000 Ether.

The theft is visible on Ether’s blockchain here, according to Gavin Wood, a co-founder of Ethereum, the software behind the currency.

The attack began late on Tuesday and continued on Wednesday in a total of three transactions.

When the attack was finally noticed, a group of white hat hackers used the same exploit to drain money from other vulnerable wallets in order to protect them from the theft. The money saved totaled 377,000 ETH worth over $75 million.

Advertisement

“The white hat group were made aware of a vulnerability in a specific version of a commonly used multisig contract,” the group wrote. “This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible.”

The ethical hackers promised to return the funds to their rightful owners once the security threat passed.

The cryptocurrency appears to have been stolen from the online gambling website Edgeless Casino, the smart-contract platform Aeternity and the commerce platform Swarm City, according to a blog post from Swarm City.

Today’s incident quickly follows the theft of around $7.4 million dollars worth of Ether reported earlier this week.

Unspecified efforts are underway by Ethereum developers to secure the funds, Wood wrote in a chatroom on Wednesday following the theft’s disclosure. The vulnerability is found in Parity Wallet, software described as “the fastest and most secure way of interacting with the Ethereum network.”

Advertisement

The problem specifically impacts multi-signature wallets created in Parity meant to require electronic signatures from multiple parties in order to move money. Normal wallets are not at risk, according to developers.

An updated version of the software fixing the vulnerabilities will be released as soon as possible, according to Wood.

This story is developing.

Patrick Howell O'Neill

Written by Patrick Howell O'Neill

Patrick Howell O’Neill is a cybersecurity reporter for CyberScoop based in San Francisco.

Latest Podcasts