Consequences of Parity hack

Experts estimate giant volume of losses, a lot of Ethereum-based projects were hacked
21 July 2017   2803
Ethereum

Open-source blockchain-based distributed computing platform featuring smart contract functionality, which facilitates online contractual agreements.

Approx 9.30 am (Pacific Time) on July 19, 2017, a vulnerability was discovered. It could allow the hackers to drain the funds of users whoe used "multi-signature" Parity wallet. Multisig wallets requires multiple private keys for activation. Version of 1.5 or later was affected.

As a result, big amount of different projects were attacked. Among them:

Users were able to locate 3 wallets, where founds were send. 

  • White Hat Group’s Wallet
  • First Alleged Attacker’s Wallet
  • Second Alleged Attacker’s Wallet

White Hat Group also noted that they will return the funds. This info was posted on Reddit.  

The issue was caused by a bug in affected Parity's code. It allowed an affected wallet’s initialization function to be recalled after it was created. This allowed for a hacker to call the code after and claim that they own the account themself. Ethereum community members called that bug "the most obvious bug in the history of ethereum”; other noted that  vulnerability went undiscovered for a half of year. At approximately 1:30 p.m. Pacific Time, Parity founder Gavin Wood committed a fix to the Parity GitHub that he believes should alleviate the vulnerability. Also, there are some interesting comments at GitHub too, for example, "Who is auditing this code that ends up affecting $100 millions worth of currency ? :/" by admazolla.

At the moment of this article written, it is still unclear about  who the malicious attacker is or whether the remaining victims will ever recover their funds. Also, new victims can still appear. According to EtherScan, malicious account send the stolen funds to other wallets. Maybe, hackers hope to obfuscate its activities in this way. 

Amberdata to Study Abnormal ETH Miners Rewards

As reported, unknown person mixed up the “gas price” field and “transaction cost”, left the workplace, and the bot did not work correctly
21 February 2019   83

The research startup Amberdata analyzed the activity of the Ethereum network in the last 24 hours and, like the media, found five transactions with an abnormally high commission.

It turned out that all five transfers were made from one address. Within four hours, the owner of the address paid the miners about $ 583,976 for processing transactions.

Note that the commission for block # 7,238,290 in the amount of 2103,1485 ETH, which was received by the Sharkpool pool, is the largest in the history of the network. Nevertheless, representatives of the pool temporarily froze funds in case the owner of the address made a mistake.

Amberdata is convinced that an unknown person mixed up the “gas price” field and “transaction cost”, left the workplace, and then the bot did not work correctly.