Parity multisig wallet exploit hits Swarm City funds — Statement by the Swarm City core team
At approximately 12:30 PM ET Bernd Lapp, Business Hive leader noticed that the entire contents of the Swarm City ETH multisig wallet had been drained. Bernd checked the receiving address and noticed a few very large transactions had hit the same wallet. We alerted the Ethereum Foundation and multiple developer groups immediately. Together, we were able to determine that malicious actors had exploited a flaw in the Parity Multisig code, which allowed a known party to steal over 153,000 ETH from several projects including Edgeless Casino, Aeternity, and Swarm City.
A swift response from a whitehat hacker group used the same exploit to drain many other project’s parity multisig wallets, in order to protect them from theft. This group was able to save over 377,000 ETH. Unfortunately the 44,055 ETH that was in Swarm City’s wallet is gone.
Black hat hacker wallet address with stolen ether: https://etherscan.io/address/0xb3764761e297d6f121e79c32a65829cd1ddb4d32
White hat wallet address with preserved ether: https://etherscan.io/address/0x1dba1131000664b884a1ba238464159892252d3a
It’s important to note:
1. The newer multisig versions of the Parity multisig wallet has a vulnerability. This is ONLY FOR MULTISIG WALLETS. Specifically created in Parity Wallet > 1.5, and released January 19, 2017
2. If you do have funds in the multisig contract: carefully move your funds to a new account ASAP. If your funds are no longer in your multisig, please check the Black hat and White hat addresses. They might have been saved by the White hat group.
3. The vulnerability is in Parity’s “enhanced” multi-sig contract.
4. Single user wallets including Swarm City wallets are unaffected.
5. DO NOT fall for phishing attacks that opportunists will undoubtedly use to steal funds from crypto holders. Remember, do not click on links you don’t trust, and if your funds are in single user wallets, they are not at risk from the above mentioned Parity multisig wallet exploit.
The Swarm City Core team is more committed than ever to the development of Swarm City. The real value of our token lies in the community, and the technology the developers are creating. Black hat hackers, vulnerabilities, and bugs will not stop us from creating the decentralized sharing economy our community and the world craves.
The Swarm City Core team, the Ethereum foundation, and other Ethereum projects will keep informing about this incident as clearly as possible in the coming days.
We invite anyone with questions to please email [email protected]
More to come soon.