About the Parity Multisig Vulnerability
The issue, which led to a number of multisig wallets being compromised yesterday, has not impacted ChronoBank.
Last night, at around 7pm UTC, a hacker was able to gain access to a number of multisig wallets created using Ethereum Parity clients. This was possible due to a flaw in a specific version of a popular multisig contract.
The scale of the hack is quite significant, with more than 153,000 Ether stolen, at a current total market value of over $30 million. It was initially sent to this wallet, though funds have since been moved.
Parity quickly realised that an attack was underway and alerted the community. An organisation calling themselves the White Hat Group took measures to mitigate the problem and accessed the ETH stored in other vulnerable Parity wallets. The ‘recovered’ funds were moved to this account. The following message was posted:
White Hat Group(s) were made aware of a vulnerability in a specific version of a commonly used multisig contract. This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. Thank you to the greater Ethereum Community that helped finding these vulnerable contracts.
The White Hat account currently holding the rescued funds is this account (0x1dba1131000664b884a1ba238464159892252d3a).
If you hold a multisig contract that was drained, please be patient. They will be creating another multisig for you that has the same settings as your old multisig but with the vulnerability removed and will return your funds to you there.
ChronoBank has not been affected by the hack or the Parity vulnerability. No funds have been accessed by third parties. ChronoBank does not use external smart contracts without a thorough audit and internal security check.
The ChronoWallet will support multisig storage, using a smart contract that we are developing in-house. We will invite everyone to audit this contract in due course, and any issues found will be rewarded. Security is our highest priority and we believe that transparency and community involvement is the best way to bring this about.
If anyone has questions about how to store funds safely in multisig addresses, they are welcome to contact our support team for assistance.
Support support@chronobank.io
Website https://chronobank.io/
Twitter https://twitter.com/ChronobankNews
Facebook https://www.facebook.com/ChronoBank.io/
Telegram https://telegram.me/chronobank
