Story image

Hackers steal $32m of ethereum cryptocurrency – expert commentary and advice

22 Jul 2017

In the second heist this week, hackers have stolen around 150,000 ethers, worth roughly US$32 million.

The security alert was issued by smart contract coding company Parity with the data confirmed by Etherscan.io.

According to the startup, the breach is a result of a bug in a specific multi-sig contract known as wallet.sol.

In its public messages, Parity graded the severity of the bug as ‘critical’, imploring any user with funds in a multi-sig wallet to transfer them to a secure address as soon as possible.

Senior Threat Research Analyst at Webroot, Tyler Moffit says this latest incident has serious ramifications around the world.

“In fact, ETH price has actually taken a dip, and some of this is likely due to the uncertainty around this breach,” says Moffit.

“Hackers exploited a vulnerability in multi-sig wallets from Parity – drastically different from the ICO CoinDash hack that happened earlier this week.”

The ICO CoinDash hack that Moffit refers to was an attack that successfully managed to steal $10 million in an ICO earlier this week, however that pales to the more recent attack of $32 million.

While the hackers were making the transactions, there was also an unknown white hat group that actually used the same exploit to drain ether from other Parity multi-sig wallets into different wallets to save them. The white hat group was able to save over 377,000 ETH which is about $75 million,” says Moffit.

“The current advice for businesses using Parity’s multi-sig wallets to move their funds to other wallets ASAP. If your accounts have been drained, then I recommend also checking the white hat address as it may have been saved.”

Moffit says the key takeaway from this hack – and obviously the many others in the past and inevitably the future – is that we’re still exploring the blockchain space, which makes wallet security more important than ever.

“As a threat researcher, I personally recommend hardware or native wallets (desktop wallets); they are the most secure, as you are in control of any transaction,” Moffit says.

“Do NOT store lots of currency in exchanges that control your private address. Only use them to make trades then back out to safe addresses.”

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.