sb-nz logo
Story image

Hackers steal $32m of ethereum cryptocurrency – expert commentary and advice

22 Jul 2017

In the second heist this week, hackers have stolen around 150,000 ethers, worth roughly US$32 million.

The security alert was issued by smart contract coding company Parity with the data confirmed by Etherscan.io.

According to the startup, the breach is a result of a bug in a specific multi-sig contract known as wallet.sol.

In its public messages, Parity graded the severity of the bug as ‘critical’, imploring any user with funds in a multi-sig wallet to transfer them to a secure address as soon as possible.

Senior Threat Research Analyst at Webroot, Tyler Moffit says this latest incident has serious ramifications around the world.

“In fact, ETH price has actually taken a dip, and some of this is likely due to the uncertainty around this breach,” says Moffit.

“Hackers exploited a vulnerability in multi-sig wallets from Parity – drastically different from the ICO CoinDash hack that happened earlier this week.”

The ICO CoinDash hack that Moffit refers to was an attack that successfully managed to steal $10 million in an ICO earlier this week, however that pales to the more recent attack of $32 million.

While the hackers were making the transactions, there was also an unknown white hat group that actually used the same exploit to drain ether from other Parity multi-sig wallets into different wallets to save them. The white hat group was able to save over 377,000 ETH which is about $75 million,” says Moffit.

“The current advice for businesses using Parity’s multi-sig wallets to move their funds to other wallets ASAP. If your accounts have been drained, then I recommend also checking the white hat address as it may have been saved.”

Moffit says the key takeaway from this hack – and obviously the many others in the past and inevitably the future – is that we’re still exploring the blockchain space, which makes wallet security more important than ever.

“As a threat researcher, I personally recommend hardware or native wallets (desktop wallets); they are the most secure, as you are in control of any transaction,” Moffit says.

“Do NOT store lots of currency in exchanges that control your private address. Only use them to make trades then back out to safe addresses.”

Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More
Story image
Interview: Check Point profiles 5 battles that SOC teams face in 2020
Security operations centres (SOCs) are often the first lines of defence.More
Story image
Thales: A/NZ cybersecurity approach more talk than action
“While some organisations are talking a good story … predicted spending shows that most have the wrong focus.”More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More