Hacker Steals $30 Million Worth of Ethereum From Parity Multi-Sig Wallets

An anonymous reader quotes a report from Bleeping Computer: An unknown hacker has used a vulnerability in an Ethereum wallet client to steal over 153,000 Ether, worth over $30 million dollars. The hack was possible due to a flaw in the Parity Ethereum client. The vulnerability allowed the hacker to exfiltrate funds from multi-sig wallets created with Parity clients 1.5 and later. Parity 1.5 was released on January 19, 2017. The attack took place around 19:00-20:00 UTC and was immediately spotted by Parity, a company founded by Gavin Wood, Ethereum's founder. The company issued a security alert on its blog. The Ether stolen from Parity multi-sig accounts was transferred into this Ethereum wallet, currently holding 153,017.021336727 Ether. Because Parity spotted the attack in time, a group named "The White Hat Group" used the same vulnerability to drain the rest of Ether stored in other Parity wallets that have not yet been stolen by the hacker. This money now resides in this Ethereum wallet. According to messages posted on Reddit and in a Gitter chat, The White Hat Group appears to be formed of security researchers and members of the Ethereum Project that have taken it into their own hands to secure funds in vulnerable wallets. Based on a message the group posted online, they plan to return the funds they took. Their wallet currently holds 377,116.819319439311671493 Ether, which is over $76 million.

LOL!

[sexconker]

Ethereum is a scam coin. The entire concept is absurd. But even if you want to buy into the hype, don't mind the IPO bullshit, and you think "proof of stake" and "smart contracts" are somehow magical things, why would you EVER use a "multi-sig wallet"?

Bitcoin has a few simple fucking rules. Chief among them is to treat your wallet with Bitcoin in it like your regular wallet with cash in it.
You keep it secure yourself and you encrypt it and you don't hand it over to anyone else.

A multi-sig wallet is a wallet with access set up for X people, where transfers out of the wallet require Y people's (among the X) approval.
1 < Y <= X

You may as well hand cash to Bernie Madoff and tell him to only spend it when you both agree.

Ethereum persists because of 2 reasons:

1 - People are fucking retarded and think the convoluted bullshit layered on top of a block chain somehow makes Ethereum more useful than Bitcoin (it doesn't), or more trustworthy (it doesn't).

2 - People want to make a profit using consumer GPUs and can't with Bitcoin, so they're grinding away on Ethereum. Once someone slaps together an ASIC with a bunch of memory to mine Ethereum, Ethereum will tank (even more so than it has recently) as all the small-time miners leave. All the big-time miners (those paying for ASICs and running on free power / the giant farms in China) will stay with Bitcoin.

From Parity's web page:

Tested from Day One

Making the most reliable and resilient software able to perform with excellence throughout deployments as diverse as teraflop financial servers and door handles is no task for the faint hearted. Our software is unit-tested from, quite literally, day one. From RLP and the Trie to the network subsystem, we aim for our unit tests to cover 100% of critical logic.
In Consensus

We pride ourselves on passing all 1,000+ consensus tests in the client consensus suite. Written according to the Yellow Paper specification and designed with the foreknowledge of the exact protocol we will need to implement, Parity achieves full consensus without pulling any punches on code design and clarity, enabling us to maintain an agile, fast-paced development cycle.
100% Reviewed

Every single line in our codebase is fully reviewed by at least one expert developer (and routinely two or more) before being placed in the main repository. We strive for excellence; static code checking is used on every compile to cut out bad idioms. Style is enforced before any alteration may be made to the main repository. Continuous integration guarantees our codebase always compiles and tests always pass.

HO HO HO!

I wonder if Ethereum will fork to revert the stolen Ether. If so, it ruins any glimmer of hope it had at becoming a legitimate decentralized currency. If not, a lot of people will be exiting the game.

Bitcoin has an upcoming potential fork coming soon, too. It's mildly contentious, fairly interesting, but ultimately it will have little to no impact on the viability or trust of Bitcoin.