Consequences of Parity hack

Experts estimate giant volume of losses, a lot of Ethereum-based projects were hacked
21 July 2017   3143
Ethereum

Open-source blockchain-based distributed computing platform featuring smart contract functionality, which facilitates online contractual agreements.

Approx 9.30 am (Pacific Time) on July 19, 2017, a vulnerability was discovered. It could allow the hackers to drain the funds of users whoe used "multi-signature" Parity wallet. Multisig wallets requires multiple private keys for activation. Version of 1.5 or later was affected.

As a result, big amount of different projects were attacked. Among them:

Users were able to locate 3 wallets, where founds were send. 

  • White Hat Group’s Wallet
  • First Alleged Attacker’s Wallet
  • Second Alleged Attacker’s Wallet

White Hat Group also noted that they will return the funds. This info was posted on Reddit.  

The issue was caused by a bug in affected Parity's code. It allowed an affected wallet’s initialization function to be recalled after it was created. This allowed for a hacker to call the code after and claim that they own the account themself. Ethereum community members called that bug "the most obvious bug in the history of ethereum”; other noted that  vulnerability went undiscovered for a half of year. At approximately 1:30 p.m. Pacific Time, Parity founder Gavin Wood committed a fix to the Parity GitHub that he believes should alleviate the vulnerability. Also, there are some interesting comments at GitHub too, for example, "Who is auditing this code that ends up affecting $100 millions worth of currency ? :/" by admazolla.

At the moment of this article written, it is still unclear about  who the malicious attacker is or whether the remaining victims will ever recover their funds. Also, new victims can still appear. According to EtherScan, malicious account send the stolen funds to other wallets. Maybe, hackers hope to obfuscate its activities in this way. 

Ethereum Foundation to Allocate $30M on Key Projects

For example, $3 000 000 will be spend to attract developers
22 May 2019   83

The non-profit organization Ethereum Foundation, which promotes and supports the development of the Ethereum ecosystem, will allocate $ 30 million for the development of key projects. Of these, $ 19 million will go to the “ether of the future”, $ 8 million to support the “ether of the present”, and another $ 3 million to attract developers.

The priority direction of development is Ethereum 2.0, second-level solutions for network scaling like Plasma, as well as other studies related to the transition of the ecosystem to the Proof-Of-Stake consensus algorithm.

We've actually already had all the research breakthroughs we need for a full implementation of eth2. This has been the case for about a year now.
 

Vitalik Buterin

Creator, Ethereum

At the same time, the organization attaches great importance to maintaining the current version of the network, which provides security of assets worth billions of dollars and hundreds of running decentralized applications.

In addition, $ 3 million will be spent on training developers and their further involvement in the work on the protocol, as well as on holding a Devcon conference and supporting regional communities.

The Ethereum Foundation retains about 0.6% of the total Ethereum emissions, but over time it expects organizations like DAO Moloch to partially finance the development of the ecosystem.