Hackers just stole $85 million in Ether, but it’s not what you think
One for you, 85 million for me…
The clock was ticking. Thieves stole $32 million worth of Ether out of a popular Ethereum wallet, and with every passing minute the potential for additional losses grew.
And so the White Hat Group stepped in.
Like something out of a weird cryptocurrency reboot of National Treasure, the unidentified WHG hackers decided to steal the remaining Ether before the crooks could. All $85 million of it.
Or so they say.
The claim was posted to Reddit on July 19, and details a plan to return the funds to their rightful owners. Here’s how the poster, jbaylina, says it went down:
"The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract," explained the post, referring to a vulnerability in the popular Ethereum wallet Parity that was successfully exploited by unknown thieves. "This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. Thank you to the greater Ethereum Community that helped finding these vulnerable contracts."
Whitehats saved over 950 people $170 Million in ETH today. That is awe inspiring. #Ethereum community owes them a large amount of gratitude.
— Swarm City (@SwarmCityDApp) July 20, 2017
Essentially, the White Hat Group says they came across the vulnerability — likely because hackers were exploiting it to steal the aforementioned loads of Ether — and went ahead and boosted every last bit they could. But for a good cause.
"If you hold a multisig contract that was drained, please be patient," the post continued. "We will be creating another multisig for you that has the same settings as your old multisig but with the vulnerability removed and we will return your funds to you there."
In other words, the WHG says it saw your money sitting in a busted safe, removed it before thieves could, and now promises to return it to you in a new safe that works. Unsurprisingly, people flocked to Reddit to thank them.
"You guys are literal fucking heros [sic]," wrote one person who may or may not have had Ether stolen. "Good fucking job."
"They’re like ‘The Avengers’, but for buggy smart contracts instead of aliens," noted another.
And so, just like we would with a real-life caped crusader, we are left wondering the identity of the White Hat Group’s members. We reached out to the Reddit user who posted the WHG message, curious as to the group’s motivation and future plans, but perhaps unsurprisingly didn’t receive a response.
Notably, however, this isn’t the first time WHG members have swooped in to save the day. As ETHNews notes, the WHG previously made waves when it hacked a hacker that had ripped off The DOA, "an investor-directed venture capital fund on Ethereum." Just like in the recent case, WHG announced it would return the stolen funds that it had recovered.
So this White Hat Group drained TheDAO and now drained the multysig contracts. How is this not staged? pic.twitter.com/AyLmGn3VDw
— ThisIsNotSanta (@thisisnotsanta) July 19, 2017
Even so, skeptics remain. After all, this unknown person or persons now controls around $85 million worth of Ether. Are they really going to just give it all back?
It’s the $85 million question, and one that an untold number of people in the cryptocurrency community are waiting with bated breath to see answered.