Smart contract coding company Parity has issued a security alert, warning of a vulnerability in version 1.5 or later of its wallet software.
So far, 150,000 ethers, worth $30 million, have been reported by the company as stolen, data confirmed by Etherscan.io. As reported by the startup, the issue is the result of a bug in a specific multi-signature contract known as wallet.sol. Data suggests the issue was mitigated, however, as 377,000 ethers that were potentially vulnerable to the issue were recovered by white hat hackers.
Parity ranked the severity of the bug as "critical" in its public remarks, urging "any user with funds in a multi-sig wallet" move their funds to a secure address.
According to Parity founder and CTO Gavin Wood, at least three ether addresses have been compromised as a result of the bug.
Writing in the Parity Gitter channel, Wood said:
On social media, notable blockchain specialists are already weighing in on the situation, with Proof of Existence creator Manual Araoz suggesting that the compromised addresses could potentially belong to notable owners.
Specifically, he identified Edgeless Casino, Swarm City, and æternity – three recent initial coin offering projects built on ethereum – as potentially having been compromised in the thefts.
As of press time, Swarm City had confirmed the loss of 44,055 ETH. Edgeless Casino and æternity have not yet given any official comment.
Overall, it's the latest security setback for an ethereum project in recent days, following a hack on CoinDash in which $10 million was stolen in an ICO earlier this week.
Lock image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.