Parity創建的多簽錢包嚴重漏洞遭駭 - 數位貨幣

By Andrew
at 2017-07-20T14:23
at 2017-07-20T14:23
Table of Contents
新聞來源連結:
https://blog.parity.io/security-alert-high-2/
http://www.coindesk.com/30-million-ether-reported-stolen-parity-wallet-breach/
https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7
新聞本文:
Severity: Critical
Product affected: Parity Wallet
Affected implementations: Parity 1.5 or later
Summary: A vulnerability in Parity Wallet's variant of the standard multi-sig contract has been found.
Affected users: Any user with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST.
Mitigation steps: Immediately move assets contained in the multi-sig wallet to a secure address.
UPDATE (20/07/17, 00:26 CEST): Future multi-sig wallets created by versions of Parity are secure
評論:
沒用過多簽錢包,以下有誤請指證。
簡單來講,由Parity客戶端創造的多簽錢包,被發現嚴重漏洞可以轉移所有權
根據新聞已有3個地址,15萬ETH遭駭。
目前已有白帽團隊在抽取尚未被盜的漏洞合約當救火隊。
因為多簽錢包原理是透過智能合約實現,而Parity這麼老牌的ETH客戶端
創造的合約代碼卻被發現漏洞,可以說智能合約的安全性疑慮又再一次浮上水面。
早上看新聞嚇了一大跳,我都用Parity管理ETH,
雖然一般的account和智能合約無關,但信心也是會受影響呢。
ps.一堆人在嘲諷小神童沒被盜就不會hard fork XD
ps.Aeternity項目被盜走82000個ETH,然後團隊說不影響開發。 喂...
--
https://blog.parity.io/security-alert-high-2/
http://www.coindesk.com/30-million-ether-reported-stolen-parity-wallet-breach/
https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7
新聞本文:
Severity: Critical
Product affected: Parity Wallet
Affected implementations: Parity 1.5 or later
Summary: A vulnerability in Parity Wallet's variant of the standard multi-sig contract has been found.
Affected users: Any user with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST.
Mitigation steps: Immediately move assets contained in the multi-sig wallet to a secure address.
UPDATE (20/07/17, 00:26 CEST): Future multi-sig wallets created by versions of Parity are secure
評論:
沒用過多簽錢包,以下有誤請指證。
簡單來講,由Parity客戶端創造的多簽錢包,被發現嚴重漏洞可以轉移所有權
根據新聞已有3個地址,15萬ETH遭駭。
目前已有白帽團隊在抽取尚未被盜的漏洞合約當救火隊。
因為多簽錢包原理是透過智能合約實現,而Parity這麼老牌的ETH客戶端
創造的合約代碼卻被發現漏洞,可以說智能合約的安全性疑慮又再一次浮上水面。
早上看新聞嚇了一大跳,我都用Parity管理ETH,
雖然一般的account和智能合約無關,但信心也是會受影響呢。
ps.一堆人在嘲諷小神童沒被盜就不會hard fork XD
ps.Aeternity項目被盜走82000個ETH,然後團隊說不影響開發。 喂...
--
Tags:
數位貨幣
All Comments

By Sierra Rose
at 2017-07-23T14:40
at 2017-07-23T14:40

By Olive
at 2017-07-25T15:57
at 2017-07-25T15:57

By George
at 2017-07-27T21:21
at 2017-07-27T21:21

By Olive
at 2017-07-30T12:52
at 2017-07-30T12:52

By Vanessa
at 2017-07-31T08:35
at 2017-07-31T08:35

By Selena
at 2017-08-02T18:50
at 2017-08-02T18:50

By Ula
at 2017-08-05T22:54
at 2017-08-05T22:54
Related Posts
這禮拜的台大黑客松

By Poppy
at 2017-07-20T09:22
at 2017-07-20T09:22
急!! 關於專門收電子錢包貨幣的問題

By Delia
at 2017-07-20T08:35
at 2017-07-20T08:35
Nanopool Reported Hashrate 顯示為零

By Michael
at 2017-07-19T23:05
at 2017-07-19T23:05
鼓勵太陽能發電 太陽能幣救地球

By Lily
at 2017-07-19T20:20
at 2017-07-19T20:20
比特戰爭(1)操盤與心態+群組開張+Q&A

By Anthony
at 2017-07-19T00:24
at 2017-07-19T00:24