2017's Parity Multisig Exploit Hacker Has Laundered $25.5M in Ethereum Through Tornado Cash
153,037 Ethereum was Stolen During the 2017 Parity Multisig Attack
The 9,000 Ethereum noted as being laundered by the Parity Multisig hacker is roughly 5.8% of the total amount of 153,037 stolen on July 19th, 2017.
On that day, the Ethereum Multisig Company of Parity sent out a security alert to its users highlighting that its v1.5 or later version of its wallet, had a serious vulnerability.
That same day, a hacker used the stated weakness to steal 153,037 Ethereum from 3 wallets belonging to the crypto projects of Swarm City, Edgeless, and Aeternity. As soon as the hack happened, Parity went on to urge all its users to move their funds to secure addresses.
According to developers who reviewed the exploit, the exploit was simple to do as ‘the hacker found a programmer-introduced bug in the code that let them re-initialize the wallet, almost like restoring it to factory settings. Once they did that, they were free to set themselves as the new owners, and then walk out with everything.’
An additional 596 Ethereum wallets, holding roughly $1.5 billion in ETH, were also at risk at the time. A group of white hat hackers used the same vulnerability to secure 377,105 Ethereum from these wallets, thus preventing the loss from being larger than it was. They had realized that there was no way to reverse the potential theft and decided to hack the remaining wallets before the hacker did. On July 24th, the White Hat hackers started the process of returning the rescued funds.
Source: Read Full Article