Smart contract coding company Parity has issued a security alert, warning of a vulnerability in version 1.5 or later of its wallet software.
So far, 150,000 ethers, worth $30 million, have been reported by the company as stolen, data confirmed by Etherscan.io. As reported by the startup, the issue is the result of a bug in a specific multi-signature contract known as wallet.sol. Data suggests the issue was mitigated, however, as 377,000 ethers that were potentially vulnerable to the issue were recovered by white hat hackers.
Parity ranked the severity of the bug as “critical” in its public remarks, urging “any user with funds in a multi-sig wallet” move their funds to a secure address.
According to Parity founder and CTO Gavin Wood, at least three ether addresses have been compromised as a result of the bug.
Writing in the Parity Gitter channel, Wood said:
“There is an effort by the foundation underway to secure funds in other wallets to prevent any further compromises; they will make an announcement in their own time.”
On social media, notable blockchain specialists are already weighing in on the situation, with Proof of Existence creator Manual Araoz suggesting that the compromised addresses could potentially belong to notable owners.
Specifically, he identified Edgeless Casino, Swarm City, and æternity – three recent initial coin offering projects built on ethereum – as potentially having been compromised in the thefts.
As of press time, Swarm City had confirmed the loss of 44,055 ETH. Edgeless Casino and æternity have not yet given any official comment.
Overall, it’s the latest security setback for an ethereum project in recent days, following a hack on CoinDash in which $10 million was stolen in an ICO earlier this week.
Lock image via Shutterstock