Yesterday, a vulnerability in Parity’s ‘enhanced’ multisig wallet contract was exploited by an unknown attacker, affecting all multi-signature wallets created using Parity. (A patch was already released by the Parity team).
The remaining Ether from the Matchpool crowdfund were stored in a Parity multi-signature wallet until last night, and were affected by the vulnerability.
Fortunately, a white-hat group of hackers, and other entities including MyEtherWallet, The Ethereum Foundation, and Parity, reacted swiftly and efficiently by using the same exploit. In total they managed to rescue over 377,000 ETH (and over 80 million dollars in tokens) before the malicious attacker, and transferred them to a safe wallet, at the address:
Among the rescued Ether were Matchpool’s 47,585 ETH.
The white-hat group will deploy a new, invulnerable multi-signature smart contract for each of the wallets they have removed funds from, and will transfer the funds to this account with the same ownership as before, effectively returning the full amount of tokens and ETH to their original owners. Including Matchpool’s ETH.
We are working closely with the Ethereum Foundation to make sure all the funds are safely returned.
The Matchpool Team is incredibly grateful to the White Hat Group for rescuing our and other project’s ether and tokens. Matchpool is planning to make a donation towards those who helped save the funds, which we will announce this week.
The transaction by the white-hat group from Matchpool’s multi-signature wallet and their wallet can be viewed here:
Please note that Matchpool had previously hedged and converted over $6m (ETH) into FIAT (CHF) to mitigate any risks of attacks and volatility in the Ethereum Markets.
Although the white-hat group were able to save the majority ...