Crypto Heist History: Parity Wallet

steal_crypto
My colleague Kiatisak has been writing about ways to earn Crypto and ways to buy it. I am hijacking that boat and will talk about stealing crypto! No, I am not going to teach you how to steal Bitcoin and other Cryptocurrencies. If that is the reason you came here, I am sorry but this article will disappoint.

Instead, we will look back on some of the largest cryptocurrency heists in history in an effort to acknowledge that there is no need for a large safe or a vault to break into in order to steal millions worth of funds.

Steal smarter, not harder

There is more than one way of doing any certain thing. To steal large sums of money you could pull off a heist. A classic gun-waving, getaway car wheel-screeching action, like in Heat. That involves a lot of aspects that have potentially negative outcomes. For example; imprisonment, death, or being forced to explain to a courtroom jury as to the reason for your choice of Powerpuff Girls masks used during the heist and why you chose Bubbles specifically. It’s the blue, isn’t it? You thought it compliments your eyes, no doubt.

Or… You could be smarter about it and steal crypto instead. For one, you would be spared potentially awkward moments like these.

heist

Stealing something is not very smart to begin with. Being smarter at doing something dumb is certainly not something to brag about. While the people involved in the following cases did not brag about their smart approach to a dumb activity, the sheer amount of funds stolen puts these cases above the rest.

Parity Wallet Hack
6th of November, 2017

What is Parity Wallet? Simply put, it is a multisig Ethereum cryptocurrency wallet made and designed to be used and managed by more than one person. It differs from your favorite crypto wallet by its main security feature – multiple owners. Multiple signature wallets are very important for large corporations, alliances of investors and anyone who co-owns something and needs to co-manage its funds.

These types of wallets are used by boards of investors and co-owners of companies (or just officers who are in charge of funds) who wish to remove the security flaw of a single point of failure. To manipulate the funds, all involved signature holders need to provide their consent. This helps protect against bad business partners who would rather run off with the money and leave you holding the bag. For this very reason, a lot of ICO funds are held in exactly this kind of wallet, to ensure it is safe from embezzlement and clever ideas from morally insecure individuals. That was the idea at least.

On 6th of November, however, a crypto enthusiast was testing Parity Wallets security by probing the system and managed to kill the main library of the wallet, supposedly by accident. This library is the main dependency of any smart contract made with it, so it affected every Parity wallet which was on the active software version at the time of this hack.

According to Parity, while the attacker claimed ignorance and curiosity, he was also apparently attempting to retrace an already known hack that took place just 6 months earlier that resulted in $210 million worth of funds stolen and $180 of them subsequently returned by a rival white hat hacker group; thus the total losses being in excess of $30 million. This vulnerability has since been plugged, but seeing how this attack attempted to re-trace it, makes the attacker’s ultimate motives very unclear. On one hand he “borked” the system and was kind enough to point that out and explain how. On another hand, he actively engaged in an attempt to steal funds.

So how much did our anonymous “accidental” hacker steal? Nothing really. He did not manage to steal a single cent. What he did do, however, was ensure that every Parity Wallet past certain firmware versions was essentially frozen and any and all funds within are frozen with it.

Why is this one of the biggest heists then? Well, he did manage to cut people off from a substantial amount of money, even if none of it actually benefited the attacker in any way. Different sources quote different numbers, but the general consensus is that about $155 million worth of funds has been frozen in various Parity Wallets worldwide. That is definitely no pocket change.

 

This concludes the Parity hack. None of the funds have been unfrozen or become available in any way to this date. The only way that would ever happen is if Ethereum is hard-forked where the affected funds essentially become a brand new blockchain or a new cryptocurrency altogether, which is something the Ethereum community is divided about. No pun intended. Nobody wants ECash.

Join us in our next look into the seedy underbelly of crypto and how one of the first and most popular Bitcoin exchanges turned into a financial nightmare for a lot of crypto enthusiasts. Next time we tackle Mount GoX.

Cover illustration artist MarcoHeisler, DeviantArt

The following two tabs change content below.

Justs Matuzevics

Justs is a strange and very rare creature of Latvian origin. He is a jack of all trades, yet master of none. He hopes to change that around by mastering all things Crypto. In his own highly opinionated and rant fuelled way. Have no fear, Justs is here.

Latest posts by Justs Matuzevics (see all)