The second most popular cryptocurrency, Ethereum, has been exploited for a second time this week. Hackers have made away with $34 million worth of Ether (the name of the currency) by using a simple exploit in one of the wallets provided by Parity.
The hackers would have taken $77 million worth of Ether on top of this amount if it wasn’t for some white-hat hackers who stopped the attempt.
Using an exploit (read on for details) in the multi-signature wallet, hackers were able to gain access to a large number of cryptocurrency miners’ wallets. Hackers were all set to have a huge payday but they were stopped by what are called ‘white-hat hackers’ belonging the ethereum community.
How they stopped the thieves is both interesting and ironic.
Once the white-hats identified the exploit themselves, they found that many more wallets were vulnerable. The only way to stop the hackers from stealing further currency was to actually ‘steal’ the remaining currency themselves.
They succeeded in doing so and thus saved the remaining $77 million worth of Ether. Once the currency was safe, they began the process of returning the money back to its respective owners.
About the Exploit
In the realm of cryptocurrency, there is a client through which the currency is ‘mined’ and a digital wallet in which users store their earnings. Wallets are protected with a secret password, more commonly known as a private key.
There are multiple kinds of wallets, which come with different withdrawal limits and security protocols – much like our debit cards.
One such wallet is known as a multi-signature wallet. The advantage of this type is that a user can have more than one pass key for it. In case one gets compromised, the user’s wallet remains secure as it requires multiple keys to access it.
The exploit was a small bug in the code of this wallet which allowed the hackers to ‘Factory Reset’ the wallet. This allowed them to change the ownership of the wallets and access all the currency for themselves.
It may seem surprising to a layman how a programmer could have left such a bug. But you have to remember programming is no easy task. With thousands upon thousands of lines of code, a human being can easily miss a bug here and there.
Just last Monday, hackers stole approximately $10.3 million worth of ether from CoinDash. In that case, hackers were able to replace the legitimate wallets with their own. Other cases are also present like last year, when $53 million worth of cryptocurrency was stolen. One of the largest thefts was a few years ago when $450 million of Bitcoins vanished from a trading hub.