An anonymous hacker was able to use a vulnerability in parity ethereum wallet client to steal over 153,000 Ether, worth over $30 million dollars.
The unknown hacker used a vulnerability in the Parity Ethereum client, which enabled the hacker to withdraw funds from multi-sig wallets created with Parity clients 1.5 and later. Parity 1.5 was released on January 19, 2017.
Multi-sig wallets are Ethereum accounts over which multiple users have control with their own keys. Multi-sig accounts enable owners to transfer funds only when a majority of owners sign a transaction with their key.
The problem is the result of a flaw in a particular multi-sig contract known as “wallet.sol”. Data suggests the issue was mitigated, however, as 377,000 ethers that were probably vulnerable to the issue were recovered by white hackers.
According to Etherscan:
“The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract. This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. Thank you to the greater Ethereum Community that helped finding these vulnerable contracts.”
“The White Hat account currently holding the rescued funds is https://etherscan.io/address/0x1dba1131000664b884a1ba238464159892252d3a.
If you hold a multisig contract that was drained, please be patient. They will be creating another multisig for you that has the same settings as your old multisig but with the vulnerability removed and will return your funds to you there.”