The bad news continued for Ethereum this week after it emerged yesterday that a further $30m worth of the crypto-currency had been stolen thanks to a critical bug in wallet software from provider Parity Technologies.
In a security alert on Wednesday, Parity refused to divulge the nature of the vulnerability, but said it affected all users “with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST.”
To mitigate the flaw, it urged them to “immediately move assets contained in the multi-sig wallet to a secure address.” A fix has now been issued.
Information recorded on Etherscan.io revealed that a little over 150,000 ethers ($30m) were stolen in three separate batches.
Parity CTO, Gavin York, also confirmed that three accounts had been compromised, adding that the initial security alert was delayed “to give the whitehats at the [Ethereum] foundation a chance to save the funds.”
The foundation is likely to make its own announcement in due course, he claimed.
It does appear as if its quick thinking helped prevent an even bigger heist, with what looks like over 377,000 ethers worth almost $78m saved from the hackers’ clutches.
Peer-to-peer sharing platform Swarm City has already confirmed that its account was one of those drained of funds, to the tune of 44,000 ethers.
A post by comms man Matthew Carano indicated that the other two unconfirmed victims were Edgeless Casion and Aeternity.
Tyler Moffitt, senior threat research analyst at Webroot, claimed wallet security is more important than ever in the virtual currency space.
“As a threat researcher, I personally recommend hardware or native wallets (desktop wallets); they are the most secure, as you are in control of any transaction,” he added.
“Do not store lots of currency in exchanges that control your private address. Only use them to make trades then back out to safe addresses.”
It’s been a week to forget for the Ethereum community, after hackers managed to steal $7m worth of the crypto-currency from Israeli start-up CoinDash.
An update from the firm on Wednesday revealed a token distribution plan which it said will provide investors with an opportunity to recuperate losses and for the firm itself to rebuild and deliver value.