Due to a zero day exploit in Parity 1.5 or later, funds were moved out of a number of ETH multisig wallets without any authorization by unknown perpetrator(s).
æternity was using a parity “enhanced” multi-signature wallet on the latest parity update. Many projects in the space have used the same practice and have been affected as well.
As far as we know three project multi-sig wallets have been affected by the black hat attack:
However, many other multi-sig wallets have been exposed to the vulnerability as well, but got saved due to white hat attacks.
It was a vulnerability in the Parity multisig smart contract.
Around 82,000 ETH (of 102,000 ETH) sent to æternity during Phase 2 were sent by an attacker to address 0xB3764761E297D6f121e79C32A65829Cd1dDb4D32 via an internal transaction. All other funds (ETH and BTC) of the æternity project are safe! The æternity development operations will continue as usual.
Contract Source Code Copy Find Similiar Contracts //sol Wallet // Multi-sig, daily-limited account proxy/wallet. //…etherscan.io
This is where we firmly stand:
- All AE tokens of the contributors are unaffected by this issue. Everyone will receive their tokens exactly as contributed.
- The project still has at its disposal the Phase 1 ETH (and what we exchanged to BTC) and all BTC of Phase 1 and Phase 2. æternity also still has control over 22k ETH of Phase 2.
- The amount of the remaining funds is still considerable and can cover the future development of the platform.
- The team is more determined than ever to realize the æternity project. We will do everything possible to make sure the project development continues unaffected.
- Yanislav will try to get in touch with the attacker to get some of the ETH back.
Dear attacker, if you are reading this, please contact Yanislav. Let’s talk!
We will keep examining the situation and update you as soon as we have new information.
The æternity team will make sure that the project execution will continue with full steam ahead.
Sincerely, the æternity team
Bron: Aeternity blog