More than 150,000 ether tokens, a digital currency similar to bitcoin, worth around $30 million were stolen by cybercriminals on Wednesday.
Around 153,000 tokens were taken by hackers, according to data from Etherscan. 44,055 tokens were stolen from commerce platform Swarm City. The theft was noticed at 12:30 p.m. ET on Wednesday, according to Swarm City communications officer Matthew Carano. The stolen tokens are worth around $32.6 million at today’s price for ether.
“We alerted the Ethereum Foundation and multiple developer groups immediately. Together, we were able to determine that malicious actors had exploited a flaw in the Parity Multisig code, which allowed a known party to steal over 153,000 ether from several projects including Edgeless Casino, Aeternity, and Swarm City,” Carano said in a blog post.
Aeternity confirmed in a blog post that 82,000 ether tokens had been stolen.
Once the hack came to light, ether’s price fell from around $235 to $196, according to Coindesk data. The price has since recovered slightly to $213.
How was the currency hacked?
A critical security alert was later released by Parity, a software developer which produces a web browser allowing users to interact with the Ethereum blockchain network and buy and sell cryptocurrencies including ether.
Parity produces a digital wallet for users to keep their funds. These wallets can use multisignature technology, which is intended to add security to digital currency exchanges by requiring another user to sign a transaction before it is added to the blockchain.
However, a vulnerability in the multisignature wallet’s code was exploited by hackers.
Gavin Wood, âfounder and CTO of Parity, released a security alert telling users with Parity’s multisignature wallets to move their funds to somewhere secure.
“There is an effort by the foundation underway to secure funds in other wallets to prevent any further compromises,” Wood said on Gitter, an instant messaging chatroom, on Wednesday.
Has the vulnerability been fixed?
Around midnight on Wednesday, Parity reported it had released an update to fix the coding issue and future wallets are secure.
When the vulnerability issue came to light, “white hat” hackers in the Ethereum community were able to save more than 377,000 ether tokens by taking them from affected wallets.
“If you hold a multisig contract that was drained, please be patient. We will be creating another multisig for you that has the same settings as your old multisig but with the vulnerability removed and we will return your funds to you there,” the group published on Reddit.
This latest theft follows an incident on Monday where $7 million worth of ether tokens were stolen.
How to trade digital currencies?
Tyler Moffitt, senior threat research analyst at cybersecurity firm Webroot, says the hack has serious ramifications and caused the ether price to dip.
“The key takeaway from this hack is that we’re still exploring the Ethereum space and wallet security is more important than ever. As a threat researcher, I personally recommend hardware or native wallets (desktop wallets); they are the most secure, as you are in control of any transaction,” he told CNBC via email.
“Do not store lots of currency in exchanges that control your private address. Only use them to make trades then back out to safe addresses.”