In the second heist this week, hackers have stolen around 150,000 ethers, worth roughly US$32 million.
The security alert was issued by smart contract coding company Parity with the data confirmed by Etherscan.io.
According to the startup, the breach is a result of a bug in a specific multi-sig contract known as wallet.sol.
In its public messages, Parity graded the severity of the bug as ‘critical’, imploring any user with funds in a multi-sig wallet to transfer them to a secure address as soon as possible.
Senior Threat Research Analyst at Webroot, Tyler Moffit says this latest incident has serious ramifications around the world.
“In fact, ETH price has actually taken a dip, and some of this is likely due to the uncertainty around this breach,” says Moffit.
“Hackers exploited a vulnerability in multi-sig wallets from Parity – drastically different from the ICO CoinDash hack that happened earlier this week.”
The ICO CoinDash hack that Moffit refers to was an attack that successfully managed to steal $10 million in an ICO earlier this week, however that pales to the more recent attack of $32 million.
While the hackers were making the transactions, there was also an unknown white hat group that actually used the same exploit to drain ether from other Parity multi-sig wallets into different wallets to save them. The white hat group was able to save over 377,000 ETH which is about $75 million,” says Moffit.
“The current advice for businesses using Parity’s multi-sig wallets to move their funds to other wallets ASAP. If your accounts have been drained, then I recommend also checking the white hat address as it may have been saved.”
Moffit says the key takeaway from this hack – and obviously the many others in the past and inevitably the future – is that we’re still exploring the blockchain space, which makes wallet security more important than ever.
“As a threat researcher, I personally recommend hardware or native wallets (desktop wallets); they are the most secure, as you are in control of any transaction,” Moffit says.
“Do NOT store lots of currency in exchanges that control your private address. Only use them to make trades then back out to safe addresses.”