SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
AI Security
#
AI
#
Blockchain
Hackers steal $32m of ethereum cryptocurrency – expert commentary and advice
Sat, 22nd Jul 2017
FYI, this story is more than a year old
By Ashton Young, Editor
Follow us

In the second heist this week, hackers have stolen around 150,000 ethers, worth roughly US$32 million.

The security alert was issued by smart contract coding company Parity with the data confirmed by Etherscan.io.

According to the startup, the breach is a result of a bug in a specific multi-sig contract known as wallet.sol.

In its public messages, Parity graded the severity of the bug as ‘critical', imploring any user with funds in a multi-sig wallet to transfer them to a secure address as soon as possible.

Senior Threat Research Analyst at Webroot, Tyler Moffit says this latest incident has serious ramifications around the world.

“In fact, ETH price has actually taken a dip, and some of this is likely due to the uncertainty around this breach,” says Moffit.

“Hackers exploited a vulnerability in multi-sig wallets from Parity – drastically different from the ICO CoinDash hack that happened earlier this week.

The ICO CoinDash hack that Moffit refers to was an attack that successfully managed to steal $10 million in an ICO earlier this week, however that pales to the more recent attack of $32 million.

While the hackers were making the transactions, there was also an unknown white hat group that actually used the same exploit to drain ether from other Parity multi-sig wallets into different wallets to save them. The white hat group was able to save over 377,000 ETH which is about $75 million,” says Moffit.

“The current advice for businesses using Parity's multi-sig wallets to move their funds to other wallets ASAP. If your accounts have been drained, then I recommend also checking the white hat address as it may have been saved.

Moffit says the key takeaway from this hack – and obviously the many others in the past and inevitably the future – is that we're still exploring the blockchain space, which makes wallet security more important than ever.

“As a threat researcher, I personally recommend hardware or native wallets (desktop wallets); they are the most secure, as you are in control of any transaction,” Moffit says.

“Do NOT store lots of currency in exchanges that control your private address. Only use them to make trades then back out to safe addresses.

Related stories
Understanding the key to boosting cybersecurity habits: Kaspersky study
Bugcrowd launches AI bias assessment for secure LLM application use
Kaspersky illuminates LockBit ransomware group's advanced tactics
First-party data collection prioritised due to privacy laws
Cisco boosts Secure Application with added data, cloud security features
Top stories
Half of online traffic in 2024 generated by bots, report finds
Axis unveils hybrid cloud platform for adaptable security solutions
Spirent partners with online payments platform to boost cyber defenses
Trustifi launches innovative phishing detection training for MSPs
Keeper Security launches user-friendly passphrase generator