My Thoughts on the Parity Hack - A Lesson in Security: Avoid Multi-Sig Wallets and Maintain 100% Ownership over your Keys by robertdurst10

View this thread on: hive.blog | peakd.com | ecency.com

ethereum · @robertdurst10 · Jul 22 '17

$2.85

My Thoughts on the Parity Hack - A Lesson in Security: Avoid Multi-Sig Wallets and Maintain 100% Ownership over your Keys

<center><h1>A Lesson in Security</h1></center>
<center>https://media1.giphy.com/media/13MhSTF0RNjF4c/giphy.gif</center>
If you haven't heard the news, $30 million were stolen in ETH from party multi-sig wallets. Unfortunately this included 44k ETH from Swarm City, but luckily some good guy hackers came in and saved the day. Read more about it <a href="https://www.cryptocoinsnews.com/hackers-seize-32-million-in-parity-wallet-breach/">here</a>.

<center>**I AM NOT REHASHING THE NEWS in this post!!! Instead I am raising a concern of mine.**</center>

On cryptocoinnews.com, it was noted that:
> The breach only affects multi-sig wallets; normal wallets appear to be safe.

Thus, the attack was on multi-sig wallets. Let's dive into this a little bit.

<h3>Typical Wallet:</h3> there is one owner, and one private key. The owner uses the private key to sign off and confirm transactions. If owner keeps wallet private key from attackers, owner is safe.

<h3>Multi-sig Wallet:</h3> there are at least two owners, and each owner has their own private key. Thus, there are many different situations here. You can have one owner sign off on transactions, you can have both, you can have 2-of-3... this is supposed to be more secure. However, anytime **SOMEONE ELSE CAN ACCESS YOUR MONEY YOU NEED** to be suspicious and uncomfortable.

In the case of Parity, the issue here was a very simple coding error. I found this awesome info on StackExchange:

<center>![Screen Shot 2017-07-21 at 10.53.36 PM.png](https://steemitimages.com/DQmfCLx6TAkYrZZ6HES82dwzy85UKUwCk1AzqG67k9TdjMd/Screen%20Shot%202017-07-21%20at%2010.53.36%20PM.png)</center>

Bottomline, even if companies claim to have the safest or most secure wallets, always be very weary of multi-sig wallets or any situation where you are not in 100% control of your wallet keys. As you saw here, all it takes is a little slip and $30 million can disappear right before your eyes!

***
<h4> Hope y'all got something out of this! As a dev working on a project with a wallet, events like these are great learning experiences for me. If you have any questions, or need some clarification, I am glad to help! Just respond in the comment section below. Cheers and Steem on!</h4>
***
<center>![SteemEngineBannerForSteemit.gif](https://steemitimages.com/DQmT9vMpSgFU1n7X4rYbbruNAJM6AYqUijpmnULLdaievSS/SteemEngineBannerForSteemit.gif)</center>
***

👍 hr1, pharesim, msp-lovebot, minnowsupport, robertdurst10, abh12345, sacred-agent, cryptohazard, florekus, lastminuteman, steemprentice, venuspcs, ebargains, stephen.king989, raymondspeaks, ogochukwu, caseym, shellyduncan, shawnfishbit, choogirl, juvyjabian, diana.catherine, jhermanbeans, gindor, pomperipossa, edrivegom, banjo, marcusxman, n1kofi, starrkravenmaf, cloh76, badastroza, germanaure, cryptohustler, piercetheveil, loreennaa, burnedpixel, worldtraveler, taica, detlev, myday, starsteem, whatamidoing, tjtrusty, flaminghedge, numpypython, qwasert, outerground, timbalabuch, andrewgenaille, luismy, isaacfrett, natra, paulag, jotmax, nesbitt, efrageek, epixar, sixexgames

`author`	robertdurst10
`permlink`	my-thoughts-on-the-parity-hack-a-lesson-in-security-avoid-multi-sig-wallets-and-maintain-100-ownership-over-your-keys
`category`	ethereum
`json_metadata`	{"tags":["ethereum","security","cryptocurrency","crypto"],"image":["https://media1.giphy.com/media/13MhSTF0RNjF4c/giphy.gif","https://steemitimages.com/DQmfCLx6TAkYrZZ6HES82dwzy85UKUwCk1AzqG67k9TdjMd/Screen%20Shot%202017-07-21%20at%2010.53.36%20PM.png","https://steemitimages.com/DQmT9vMpSgFU1n7X4rYbbruNAJM6AYqUijpmnULLdaievSS/SteemEngineBannerForSteemit.gif"],"links":["https://www.cryptocoinsnews.com/hackers-seize-32-million-in-parity-wallet-breach/"],"app":"steemit/0.1","format":"markdown"}
`created`	2017-07-22 06:08:36
`last_update`	2017-07-22 06:08:36
`depth`	0
`children`	6
`last_payout`	2017-07-29 06:08:36
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	2.306 HBD
`curator_payout_value`	0.544 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	2,391
`author_reputation`	5,401,785,748,657
`root_title`	"My Thoughts on the Parity Hack - A Lesson in Security: Avoid Multi-Sig Wallets and Maintain 100% Ownership over your Keys"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	0
`post_id`	9,273,147
`net_rshares`	729,989,530,209
`author_curate_reward`	""

properties (23)vote details (59)

voter	rshares	pct
pharesim	103,644,468,029	0.02%
hr1	449,005,204,752	10%
germanaure	193,055,733	0.1%
venuspcs	1,276,237,269	0.1%
cloh76	207,194,611	0.2%
edrivegom	282,978,901	0.1%
diana.catherine	419,960,601	0.1%
juvyjabian	509,792,659	1%
raymondspeaks	839,717,492	1%
stephen.king989	1,082,311,926	0.2%
efrageek	62,005,412	1%
tjtrusty	109,607,421	1%
cryptohazard	6,087,586,295	100%
ebargains	1,159,730,012	1%
abh12345	13,447,680,422	27%
jhermanbeans	399,634,922	0.1%
worldtraveler	137,702,394	0.2%
luismy	90,501,912	0.1%
starrkravenmaf	226,886,306	0.3%
steemprentice	1,280,075,059	0.1%
piercetheveil	176,575,930	1%
lastminuteman	3,344,059,832	0.3%
loreennaa	161,004,596	0.1%
ogochukwu	831,448,987	0.3%
pomperipossa	314,646,982	0.1%
robertdurst10	25,208,417,396	100%
sixexgames	51,770,414	1%
banjo	267,664,106	1%
numpypython	106,759,987	0.1%
detlev	137,255,091	0.1%
choogirl	579,448,927	0.2%
outerground	100,976,229	1%
starsteem	117,431,015	0.3%
marcusxman	248,935,225	0.5%
gindor	391,504,846	0.2%
sacred-agent	8,402,437,061	11%
whatamidoing	113,621,417	0.1%
shawnfishbit	613,375,884	0.1%
shellyduncan	638,377,840	0.1%
timbalabuch	100,442,382	1%
florekus	3,559,670,195	100%
jotmax	65,460,658	1%
qwasert	105,462,534	0.2%
taica	137,496,451	0.1%
natra	82,678,401	0.3%
cryptohustler	179,733,324	1%
minnowsupport	49,265,798,159	1%
badastroza	197,960,308	0.1%
epixar	56,872,284	100%
burnedpixel	152,268,938	0.2%
andrewgenaille	96,146,803	0.2%
n1kofi	248,149,230	1%
paulag	82,557,352	1%
myday	125,382,661	0.1%
flaminghedge	107,388,845	1%
nesbitt	64,997,722	1%
caseym	766,488,664	100%
msp-lovebot	52,239,147,564	10%
isaacfrett	87,383,841	1%

@bigdeej · Jul 22 '17

$0.09

Very insightful! I agree if you really want security it should be 100% code verified by trusted sources as well as single private key! Paper wallets and secure offline wallets!

👍 robertdurst10

`author`	bigdeej
`permlink`	re-robertdurst10-my-thoughts-on-the-parity-hack-a-lesson-in-security-avoid-multi-sig-wallets-and-maintain-100-ownership-over-your-keys-20170722t075644905z
`category`	ethereum
`json_metadata`	{"tags":["ethereum"],"app":"steemit/0.1"}
`created`	2017-07-22 07:56:45
`last_update`	2017-07-22 07:56:45
`depth`	1
`children`	0
`last_payout`	2017-07-29 07:56:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.071 HBD
`curator_payout_value`	0.023 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	176
`author_reputation`	24,177,354,907,334
`root_title`	"My Thoughts on the Parity Hack - A Lesson in Security: Avoid Multi-Sig Wallets and Maintain 100% Ownership over your Keys"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	9,280,604
`net_rshares`	24,352,022,356
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
robertdurst10	0 B		24,352,022,356	100%

@cryptohazard · Jul 22 '17

$0.10

Slightly disagreeing as companies would have a real hard time dealing with only one key. Of course you could do a multisig to generate the private key that lock a normal account. But this requires more organization for the company in general.

You and me, of course, don't need a multisig contract.

[Vote for witness @cryptohazard](https://steemit.com/steemit/@cryptohazard/why-i-want-to-improve-steem-security-and-become-a-witness)
![cryptohazard.gif](https://steemitimages.com/DQmUfrbQ3sReStRjru49ikwfascKAxbJV83naDd7dzAGjE5/cryptohazard.gif)

👍 robertdurst10

`author`	cryptohazard
`permlink`	re-robertdurst10-my-thoughts-on-the-parity-hack-a-lesson-in-security-avoid-multi-sig-wallets-and-maintain-100-ownership-over-your-keys-20170722t214349105z
`category`	ethereum
`json_metadata`	{"tags":["ethereum"],"image":["https://steemitimages.com/DQmUfrbQ3sReStRjru49ikwfascKAxbJV83naDd7dzAGjE5/cryptohazard.gif"],"links":["https://steemit.com/steemit/@cryptohazard/why-i-want-to-improve-steem-security-and-become-a-witness"],"app":"steemit/0.1"}
`created`	2017-07-22 21:43:48
`last_update`	2017-07-22 21:43:48
`depth`	1
`children`	3
`last_payout`	2017-07-29 21:43:48
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.075 HBD
`curator_payout_value`	0.025 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	545
`author_reputation`	17,111,780,434,071
`root_title`	"My Thoughts on the Parity Hack - A Lesson in Security: Avoid Multi-Sig Wallets and Maintain 100% Ownership over your Keys"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	9,350,969
`net_rshares`	26,300,184,144
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
robertdurst10	0 B		26,300,184,144	100%

@robertdurst10 · Jul 23 '17 (edited)

$0.02

Good point @cryptohazard. I was just thinking about you and I and hoping to spread the message to those individuals here less knowledgable about crypto.

Also redoing my witness voting tomorrow as I am setting up one myself :)

👍 cryptohazard

`author`	robertdurst10
`permlink`	re-cryptohazard-re-robertdurst10-my-thoughts-on-the-parity-hack-a-lesson-in-security-avoid-multi-sig-wallets-and-maintain-100-ownership-over-your-keys-20170723t051926367z
`category`	ethereum
`json_metadata`	{"tags":["ethereum"],"users":["cryptohazard"],"app":"steemit/0.1"}
`created`	2017-07-23 05:19:27
`last_update`	2017-07-23 05:19:30
`depth`	2
`children`	2
`last_payout`	2017-07-30 05:19:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.018 HBD
`curator_payout_value`	0.006 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	226
`author_reputation`	5,401,785,748,657
`root_title`	"My Thoughts on the Parity Hack - A Lesson in Security: Avoid Multi-Sig Wallets and Maintain 100% Ownership over your Keys"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	9,380,237
`net_rshares`	6,557,377,220
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
cryptohazard	0 B		6,557,377,220	100%

@cryptohazard · Jul 23 '17

$0.08

good luck on the witness set up. The main documentation is what past and current witnesses wrote.

👍 robertdurst10

`author`	cryptohazard
`permlink`	re-robertdurst10-re-cryptohazard-re-robertdurst10-my-thoughts-on-the-parity-hack-a-lesson-in-security-avoid-multi-sig-wallets-and-maintain-100-ownership-over-your-keys-20170723t120906614z
`category`	ethereum
`json_metadata`	{"tags":["ethereum"],"app":"steemit/0.1"}
`created`	2017-07-23 12:09:06
`last_update`	2017-07-23 12:09:06
`depth`	3
`children`	1
`last_payout`	2017-07-30 12:09:06
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.060 HBD
`curator_payout_value`	0.020 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	97
`author_reputation`	17,111,780,434,071
`root_title`	"My Thoughts on the Parity Hack - A Lesson in Security: Avoid Multi-Sig Wallets and Maintain 100% Ownership over your Keys"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	9,409,909
`net_rshares`	20,528,590,982
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
robertdurst10	0 B		20,528,590,982	100%

1 reply

@minnowsupport · Jul 22 '17

<p>Congratulations!  This post has been upvoted from the communal account, @minnowsupport, by cryptorob from the Minnow Support Project.  It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, and someguy123.  The goal is to help Steemit grow by supporting Minnows and creating a social network.  Please find us in the <a href="https://discord.gg/HYj4yvw">Peace, Abundance, and Liberty Network (PALnet) Discord Channel</a>.  It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.</p>

<p>If you like what we're doing please upvote this comment so we can continue to build the community account that's supporting all members.</p>

properties (22)