$31M stolen in hack that targeted initial coin offering companies
Ethereum wallets linked to at least three companies that have raised funds through initial coin offerings have been hacked, with about 150,000 ETH tokens ($31 million) being stolen.
The hack exploited a vulnerability in wallets provided by Parity Technologies Ltd. and used by three companies. They were Edgeless Casino, which raised around $2 million in an ICO that closed in March with a product that promises to “bring trust back to online gambling;” Swarm City, a company that claims to offer the “first truly decentralized peer to peer sharing economy” and raised funds by selling SWT tokens; and æternity blockchain, which is developing a new blockchain for scalable smart contracts and is quite possibly the largest victim of the hack given that it raised nearly 122,000 ETH in the first stage of its ICO.
Of the three companies, only Swarm City has publicly confirmed that it was hacked, saying in a statement that 44,055 ETH ($9.15 million) had been stolen from its Ethereum wallet.
It’s not clear at this stage whether the three companies were the only Ethereum wallets hacked. Manuel Araoz, co-founder of Ethereum smart contract development firm Zeppelin Solutions, told Motherboard that “many more [wallets] are affected.” But he noted that other wallets may have been drained by “whitehat hackers” who were securing the funds from compromised wallets to be returned to owners once the wallets were patched.
Parity, which advertises its wallets as the “most secure way of interacting with the Ethereum network,” acknowledged the vulnerability that led to the wallets being hacked. But it provided few details, saying only in a security advisory that “a vulnerability in Parity Wallet’s variant of the standard multi-sig contract has been found.” The company has also released a updated version of the wallet code that patches the vulnerability used in the attack.
The hack of Ethereum wallets linked to companies that have offered ICOs comes days after CoinDash, another company with an initial coin offering, had its website hacked and around $7 million in Ethereum tokens stolen.
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.