Aeternity lost 82000 ETH due to Parity hack

Aeternity team asures that the project execution will continue 
20 July 2017   4911
Ethereum

Is an open-source blockchain-based distributed computing platform featuring smart contract functionality, which facilitates online contractual agreements 

The Aeternity project team reported that most of the funds collected during the second stage of ICO were stolen due to the vulnerabilities of Parity.

According to the Aeternity blog, around 82,000 ETH (of 102,000 ETH) sent to Aternity during Phase 2 were sent by an attacker to address 0xB3764761E297D6f121e79C32A65829Cd1dDb4D32 via an internal transaction. 

Additionally, Aeternity team assures that all funds, collected during the first stage of ICO are safe. Also, team is not planning to close the Aeternity project. At the moment, Multisig Hack Response team and other members of Ethereum community help Aeternity to investigate this situation. 

As we mentioned before, due to Parity hack, intruders were able to steal around $30 000 000. CTO of Parity named at least 3 affected projects:

  • Edgeless Casino,
  • Aeternity
  • Swarm City.

Additionally, The DAO.Casino home page reports that the collected tokens were protected from theft by WhiteHat. At the moment Token sale of the project is temporarily suspended.

DAO.Casino homepage
DAO.Casino homepage

The Aeternity blog also reports that the wallets of other well-known projects have also come to the attention of intruders. However, with the efforts of the WhiteHat group of hackers, the funds worth about $ 80.6 million were still protected from theft.

Blockchain

Distributed database that is used to maintain a continuously growing list of records, called blocks

Meanwhile, Vitalik Buterin on Twitter has expressed his indignation that some, according to him, "trolls", ostensibly for the return of stolen funds, are urging him right now to do the hardfork:

You can have more information about Parity hack in your article.

Constantinople to be Postponed

Ethereum's hardfork will be late due to critical vulnerability found
16 January 2019   196

A scheduled upgrade of the Ethereum network called Constantinople was postponed indefinitely after a critical vulnerability was discovered in one of the improvements, CoinDesk reports.

This is a vulnerability in EIP-1283, which, as identified by the audit company SmartSecurity smart contracts, gave hackers the opportunity to steal user funds.

During a video conference on Tuesday with the participation of Ethereum developers and other clients and projects working on the network, it was decided to temporarily postpone the activation of the hard forks.

In particular, Vitaly Buterin, developers Hudson Jameson, Nick Johnson and Evan van Ness, as well as release manager of Parity Afri Shoedon took part in the meeting. Discussing the revealed vulnerability, they agreed that it would be impossible to eliminate it before the appointed time for hardfork (around 04:00 UTC on January 17).

A vulnerability, called a reentrancy attack, allows an attacker to repeatedly enter the same function and infinitely withdraw funds.

Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.
 

Joanes Espanol

CTO, blockchain analytics firm Amberdata

According to him, this is a lot like the vulnerabilities that were discovered in The DAO in the summer of 2016.

Representatives of ChainSecurity also noted that up to the Constantinople hard fork, data storage on the network cost 5,000 units of gas, which exceeds the 2,300 gas usually needed to call the “transfer” and “send” functions. After the upgrade, “dirty” storage operations will cost 200 units of gas, and an attacking contract can use 2,300 gas to successfully manipulate the variables of vulnerable contracts.

New date of hardfork not yet determined.