HomeSecurity OperationsParity Hacker Returns, Laundering $9M in Ethereum After 7 Years of Inactivity

Parity Hacker Returns, Laundering $9M in Ethereum After 7 Years of Inactivity

Published on

spot_img

The notorious hacker responsible for the theft of 150,000 ETH from the Parity Multisig Wallet version 1.5 in 2017 has resurfaced, making a bold move by transferring stolen Ethereum worth $9 million to the cryptocurrency exchange eXch, according to reports from Cyvers Alerts. This move indicates the hacker’s continued control over 83,017 ETH, totaling $246.6 million from the 2017 cyber heist.

The recent laundering of $9 million worth of Ethereum through eXch, involving the transfer of 3,050 ETH, signifies a calculated and patient approach by the hacker, as highlighted in a post by Cyvers Alerts. This event marks a significant milestone in cryptocurrency history, shedding light on the ongoing battle against cybercrime in the digital asset space.

The original incident, which occurred in July 2017, was triggered by a bug discovered in a multi-signature contract known as wallet.sol, impacting the v1.5 and subsequent versions of Parity’s wallet software. Exploiting this vulnerability, the hacker identified a flaw that allowed for the re-initialization of the wallet, essentially resetting it to its factory settings. This maneuver granted the bad actor control over victims’ wallets with a single transaction, leading to the unauthorized access and theft of over 150,000 ETH, valued at $30 million back then but now worth a staggering $442 million based on current prices.

Following the incident, Parity Technologies, the company responsible for the compromised wallet, categorized the bug’s severity as “critical” and issued public warnings advising users with funds in multi-sig wallets to transfer their assets to secure addresses. Despite the chaos caused by the hack, white hat hackers managed to recover 377,000 ETH that were potentially at risk due to the same vulnerability, offering some reprieve to affected individuals.

In the aftermath of the cyber attack, analysts from OpenZeppelin, a blockchain infrastructure platform, provided valuable insights into preventive measures that could have thwarted the breach. They underscored the significance of steering clear from certain coding practices, such as the “delegatecall” function, serving as a universal forwarding mechanism susceptible to exploitation. These experts stressed the importance of adhering to robust coding standards within the Ethereum ecosystem to avoid similar vulnerabilities that could result in significant consequences, even from seemingly minor bugs.

Parity Technologies, renowned for its contributions to the development of the Polkadot blockchain and Ethereum’s Parity client, specializes in crafting multi-signature wallets like Parity. These smart contract-based wallets enable the seamless management of cryptocurrency assets through a collective agreement among multiple owners, offering features such as daily withdrawal limits, voting mechanisms, and ownership adjustments.

As the hacker behind the 2017 Parity Multisig Wallet breach resurfaces and continues to wield control over stolen Ethereum, the cryptocurrency community remains on high alert, emphasizing the critical need for enhanced security measures and rigorous adherence to coding best practices to fortify the digital asset landscape against malicious cyber threats.

Source link

Latest articles

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

A critical vulnerability in Fortinet's FortiSIEM product has recently been exploited, raising concerns about...

Microsoft reveals North Korea’s Moonstone Sleet

Microsoft Threat Intelligence teams recently made a significant discovery regarding a new hacker collective...

AI, Deepfakes, and Digital ID in Corporate Cybersecurity: Exploring the Emerging Frontier

The emergence of deepfakes has sparked a new wave of concern in the cybersecurity...

The Challenge of CVE Incentives

In the realm of cybersecurity, the issue of software vulnerabilities is becoming increasingly challenging...

More like this

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

A critical vulnerability in Fortinet's FortiSIEM product has recently been exploited, raising concerns about...

Microsoft reveals North Korea’s Moonstone Sleet

Microsoft Threat Intelligence teams recently made a significant discovery regarding a new hacker collective...

AI, Deepfakes, and Digital ID in Corporate Cybersecurity: Exploring the Emerging Frontier

The emergence of deepfakes has sparked a new wave of concern in the cybersecurity...
en_USEnglish