The Parity Hacker Returns, Laundering $9 Million in Ethereum After 7 Years of Inactivity

The hacker who stole 150,000 ETH from Parity Multisig Wallet version 1.5 in 2017 has resurfaced, moving $9 million worth of stolen Ethereum to cryptocurrency exchange eXch, Cyvers Alerts reports.

The hacker still has control of 83,017 ETH, amounting to $246.6 million stolen during the 2017 incident.

Ethereum laundered $9 million

A post by X from Cyvers Alerts acknowledges the hacker’s remarkable patience, marking an important event in cryptocurrency history. They began laundering 3,050 ETH, equivalent to $9 million, through eXch, using several consolidated addresses.

🚨ALERT🚨 In 2017, a vulnerability in Parity Multisig Wallet version 1.5+ led to the theft of over 150,000 ETH, valued at approximately $30 million at the time.

The hacker behind this heist has shown remarkable patience, marking an important chapter in the history of cryptography. Today,… pic.twitter.com/JPD5nJcmrJ

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 13, 2024

The original incident, which dates back to July 2017, was caused by an identified bug in a multi-signature contract called wallet.sol, which affected v1.5 or later versions of Parity’s wallet software.

The hacker found a developer-introduced bug that allowed them to reset the wallet, effectively restoring it to factory settings. This vulnerability allowed the bad actor to gain control of victims’ wallets with a single transaction.

The incident resulted in the unauthorized access and theft of over 150,000 ETH, valued at $30 million at the time, but now worth $442 million at today’s prices.

Parity Technologies, the company behind the affected wallet, classified the severity of the bug as “critical” and issued public statements advising users with funds in multisignal wallets to transfer their assets to secure addresses.

However, white hat hackers managed to recover 377,000 ETH that were potentially at risk due to the same vulnerability, providing some relief to affected users.

Analysts advocate strong coding standards

Analysts at OpenZeppelin, a blockchain infrastructure platform, provided insight into possible steps that could have prevented the attack. They emphasized the importance of avoiding the use of certain coding methods, such as the “delegatecall” function, which worked as a universal forwarding mechanism.

They also stressed the importance of following strong coding standards within the Ethereum ecosystem, warning that ignoring these protocols could have serious consequences, even for seemingly minor mistakes.

Parity Technologies, known for its involvement in the development of the Polkadot blockchain and Ethereum’s Parity client, develops multi-signature wallets like Parity.

Designed as smart contracts, these wallets allow cryptocurrency assets to be managed through a collective agreement between multiple owners. They offer features such as daily withdrawal limits, voting mechanisms and ownership changes.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

2024 LIMITED OFFER for CryptoPotato Readers on Bybit – Use this link to register and open a $500 BTC-USDT position on Bybit Exchange for free!