ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.


24hr ---

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story


Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
Ether Price Analysis
Contact Us

Massive 'Hack' Hits Ethereum Parity Clients – More Than $30M Of Ether Still At Large [UPDATED]




Recently created Parity multisig wallets are still exploitable; wallets created through Geth or MyEtherWallet and single-user wallets are unaffected. White Hat hacking group saved a large amount of Ether from attack, which it intends to return to wallet holders.

UPDATED | July 24, 2017:

The White Hat Group announced that tonight it will begin returning funds rescued during the attack. If you were affected, please follow these instructions on how to re-claim your tokens.

UPDATED | July 20, 2017:

The second alleged attacker reported yesterday has been identified as independent White Hat Oleksii Matiiasevych. He told ETHNews about his decision to come to the community's aid.

ORIGINAL | July 19, 2017:

At approximately 9:30 a.m. (Pacific Time) on July 19, 2017, a vulnerability in Ethereum clients was discovered that could allow an attacker to drain the funds of users who created "multi-signature" wallets – wallets that require multiple private keys to activate – using Parity client version 1.5 or later (released January 19, 2017). Ethereum Foundation members and Parity developers urge any users who control a multisig wallet created through a Parity node after that date to carefully and immediately move any remaining funds into another wallet that was not created with the exploit. Recommended wallets are those created with MyEtherWallet, a Geth node, or any single-user wallets created on Parity.

A wallet was discovered belonging to a suspected malicious actor who had already exploited the vulnerability and "stole" approximately 153,000 Ether ($30.5 million) from three vulnerable wallets. Within five hours, a "White Hat" hacking group – or hacking collective that aims to discover and operate exploitable vulnerabilities in digital products for benevolent purposes – announced that it had identified the vulnerability and performed the exploit on other susceptible wallets, draining approximately 377,000 Ether ($75 million) into its own wallet. The group intends to return the funds to affected wallet holders. At the time of this writing, the White Hat Group also contained $80 million worth of other Ethereum-based tokens, though it is not clear if or how much of this total is related to this operation.

According to a tweet by Project Lead Manuel Aráoz of OpenZeppelin, the affected wallets belonged to Ethereum projects Swarm City, Æternity Blockchain, and Edgeless Casino. Project also reported that it was victim of what appears to be a second attacker utilizing the same exploit. If you notice funds are missing, you can check if your funds were claimed by the White Hat wallet (listed below) to ensure they are safe. If your wallet was attacked, please monitor r/ethereum for an announcement on how to reclaim your funds.

White Hat Group's Wallet: 0x1DBA1131000664b884A1Ba238464159892252D3a
First Alleged Attacker's Wallet: 0xB3764761E297D6f121e79C32A65829Cd1dDb4D32
Second Alleged Attacker's Wallet: 0x1Ff21eCa1c3ba96ed53783aB9C92FfbF77862584

The flaw was apparently caused by a bug in the affected Parity clients' code that allowed for an affected wallet's initialization function to be recalled after it was created. This would effectively allow for an attacker to call that code after the fact and claim that they own the wallet themselves, empowering them to send the funds to another address. One member of the Ethereum community called the exploit "the most obvious bug in the history of ethereum," with others amazed that the vulnerability went undiscovered for over six months. At approximately 1:30 p.m. Pacific Time, Parity founder Gavin Wood committed a fix to the Parity GitHub that he believes should alleviate the vulnerability.

For now, it is not clear who the malicious attacker is or whether the remaining victims will ever recover their funds. According to EtherScan, the malicious wallet is already dispersing its loot among other Ethereum wallets, possibly in an attempt to obfuscate its activities. But for now, it seems that so long as users follow the above instructions to verify and secure their wallets, they can continue to operate with normal security precautions in the Ethereum ecosystem.

Jason Civalleri

Jason Civalleri is a law student and MBA-graduate passionate for blockchain and distributed ledger innovation. His first exposure to blockchain was his investment in Bitcoin in 2011, and he built his first miner for the Ethereum network in January 2016.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest multisig wallets, hack or other Ethereum wallets and exchanges news.