If you were at it in 2017, you probably remember the Parity Wallet Hack.
Here’s some context if you don’t.
Parity is an infrastructure provider of Ethereum, known for its multi-signature wallet in 2017. Multisig is a technology that requires multiple keyholders to sign transactions in order to verify them. This will prevent a key from being stolen, resulting in the loss of all funds.
A parity version was tapped, which allowed an attacker to remove 153,037 ETH from three high-profile multisig addresses:
“Today we witnessed the second largest stolen hack related to the stolen ETH in the history of the Ethereum network. By 12:19 p.m. UTC, 153,037 ETH had drained from three high profile, multi-signature contracts that were used to save funds from previous token sales. The problem was originally reported by the Parity team as the affected MultiSig wallet contract was part of the Parity software suite. “
What happened was that there was a bug that allowed anyone to gain “exclusive ownership of the MultiSig” and thus move the funds once they got control of it.
150,000 ETH was worth around $ 30 million at the time of the hack and is now around $ 115 million.
While many of the funds were previously withdrawn through instant swap tools that allowed them to launder their funds across other networks, those tools were no longer available as stricter KYC / AML regulations were introduced.
This led to a time when the attacker was not paying out his money.
But now they have started moving their Ethereum again.
Here’s how to withdraw your money.
How the parity hacker moves his Ethereum
All addresses of the parity hackers are tagged so that they hardly have the opportunity to withdraw their money via a central exchange.
This begs the question, what can they do?
According to the crypto research Igor Igamberdiev, the individual or group exchanges their Ethereum via decentralized exchange in RenBitcoin (RenBTC) (e.g. Uniswap) and then withdraws this RenBTC back to their own Bitcoin addresses.
From there, they can use “blender” services to mix their funds and then try to withdraw them.
This is much more decentralized and private than the Tornado Cash solution, which may have a hard time properly hiding the origins of Ethereum, worth millions of dollars.
In 2017, the Parity multisig hacker used Changelly, Shapeshift, and Changer’s “Sofort” exchanges, which were owned by real companies, to launder money.
Today they can exchange Ether for Bitcoin via Ren and then withdraw via Wasabi, much more privately and decentrally. https://t.co/Uy6eKqL2Us pic.twitter.com/kD5Z4iDBBl
– Igor Igamberdiev (@FrankResearcher) January 2, 2021
One address paid out a handful of RenBTC even though the rest of the hacked funds are inactive for some reason.
Do you like what you see? Subscribe to daily updates.