Someone tricked would be investors during an ethereum ICO into sending their cryptocurrency to the wrong address.
A hacker has allegedly just stolen around $7.4 million dollars worth of ether, the cryptocurrency that underpins the app platform ethereum, by tricking victims into sending money to the wrong address during an Initial Coin Offering, or ICO. This is according to a company called Coindash that says its investors were sending their funds to a hacker.
An unknown hacker has used a vulnerability in an Ethereum wallet client to steal over 153,000 Ether, worth over $30 million dollars.
The hack was possible due to a flaw in the Parity Ethereum client. The vulnerability allowed the hacker to exfiltrate funds from multi-sig wallets created with Parity clients 1.5 and later. Parity 1.5 was released on January 19, 2017.
Multi-sig wallets are Ethereum accounts over which multiple persons have control with their own keys. Multi-sig accounts allow owners to move funds only when a majority of owners sign a transaction with their key.
The clock was ticking. Thieves stole $32 million worth of ether out of a popular Ethereum wallet, and with every passing minute the potential for additional losses grew.
And so the White Hat Group stepped in.
Like something out of a weird cryptocurrency reboot of National Treasure, the unidentified WHG hackers decided to steal the remaining ether before the crooks could. All $85 million of it.
Or so they say.
The claim was posted to Reddit on July 19, and details a plan to return the funds to their rightful owners. Here’s how the poster, jbaylina, says it went down:
“The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract,” explained the post, referring to a vulnerability in the popular Ethereum wallet Parity that was successfully exploited by unknown thieves. “This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. Thank you to the greater Ethereum Community that helped finding these vulnerable contracts.”