Parity Multisig Wallet Hack Resulting in a $34 Million Loss

Summary #

On July 19, 2017, Parity Technologies fell victim to a wallet hack. A vulnerability was discovered and exploited in the Parity MultiSig Wallet version 1.5+, enabling the attacker to take control over the contracts and drain all their funds. The attack resulted in a loss of 153,037 ETH, equivalent to approximately $34 million from three ( one, two, and three) wallets.

Attackers #

The attacker’s identity remains unknown. Attackers main address:

• 0xb3764761e297d6f121e79c32a65829cd1ddb4d32.

Losses #

The attack led to a loss of 153,037 ETH, equivalent to roughly $34 million at the time of the hack. As of July 4, 2023, the attacker controls over $246 million in 125,995 ETH, which remain at the following addresses:

• 83,017 ETH in 0xb3764761e297d6f121e79c32a65829cd1ddb4d32
• 10,000 ETH in 0xef0683bef79b7ad85573415c781edfde8bec65b1
• ~9,984 ETH in 0x2d146aa23645950fdefbb23f636a5d1674fe1047
• 9,229 ETH in 0x4de76b3dfd38292ba71cf2465ca3a1d526dcb567
• ~7,551 ETH in 0x5167052b83f36952d1a9901e0de2b2038c3dd1a3
• ~6,114 ETH in 0x6a14e385fff2f21abe425a07ce29842b7037a80d
• ~100 ETH in 0x18345118bd04c405b4d74941563a21b5a2bf06b7

The rest of the initially stolen funds were laundered via TornadoCash and other services.

Timeline #

• July 18, 2017 10:28:36 PM UTC: The attacker executed the first transaction to obtain exclusive ownership of the MultiSig Wallet.
• July 18, 2017 10:33:23 PM UTC: The attacker executed a second transaction to transfer funds to his wallet.
• July 19, 2017 10:50:05 PM UTC: The attacker transferred 70,000 ETH to 7 EOA addresses, 10,000 ETH each.
• July 19, 2017: OpenZeppelin published a report, asserting that their MultiSig Wallet is not impacted by the mentioned vulnerability.
• July 20, 2017: Parity Technologies published a post-mortem, mentioning that they had disabled the faulty code.

Security Failure Causes #

Poor Coding Practices: The flaw was found in the “initWallet” function of the Parity Multisig Wallet, which can change the contract’s owners. It lacked checks to prevent an attacker from calling it after the contract was initialized.

Delegated Call Use: The use of delegatecall as a catch-all forwarding mechanism contributed to the vulnerability. This made all public functions from the library callable by anyone, including the ‘initWallet’ function.