Author

Topic: Electrum code vulnerable like the Parity multisig wallet? (Read 510 times)

HCP
legendary
Activity: 2086
Merit: 4361
Wasn't Bitfinex hacked a year ago a similiar way? They had a multisig wallet and they got hacked?
Because they'd set up a stupid system whereby BitGo (the external party) would just Auto authorise whatever transactions were sent to it for signing...

Hacker "hacked Bitfinex"/got their key (inside job?)... Created transactions sending 120,000 BTC to themselves... BitGo blindly co-signed the transactions... Hacker got rich... Bitfinex users all took a 36% hit to share the pain... Undecided
legendary
Activity: 3808
Merit: 1723
I am not a coder so I don't have much depth into this situation but wondering if Electrum could have a similar vulnerability such as the Parity multisig wallet which was hacked earlier today.

Don't know how much of the code is similiar since its Bitcoin based and Parity was mostly Ethereum based.
The Ethereum Multisig works differently from Bitcoin's multisig. The vulnerability allowed attackers to change the owner to their own and thus are able to authorise the transactions themselves. The issue was stemmed from a simple bug. This is not possible with Bitcoin however. To spend from a multisig address, you need the redeem script and the signatures of at least N addresses.

There is no way that anyone can change the address used to create the multisig.

Wasn't Bitfinex hacked a year ago a similiar way? They had a multisig wallet and they got hacked?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
I am not a coder so I don't have much depth into this situation but wondering if Electrum could have a similar vulnerability such as the Parity multisig wallet which was hacked earlier today.

Don't know how much of the code is similiar since its Bitcoin based and Parity was mostly Ethereum based.
The Ethereum Multisig works differently from Bitcoin's multisig. The vulnerability allowed attackers to change the owner to their own and thus are able to authorise the transactions themselves. The issue was stemmed from a simple bug. This is not possible with Bitcoin however. To spend from a multisig address, you need the redeem script and the signatures of at least N addresses.

There is no way that anyone can change the address used to create the multisig.
legendary
Activity: 3472
Merit: 10611
i am not completely familiar with ethereum stuff but the multisig in ethereum is very different from multisig in bitcoin so there shouldn't be anything to worry about your bitcoin if you have them in a multisig address.
and besides bitcoin code, specifically P2SH is reviewed properly, tested, used for a long time and you can trust it.
i can not say the same for ETH code. and anything regarding their wallets, bugs and serious bugs leading to funds loss is becoming a very common thing with ETH.

in any case you can read this to get the general idea of difference:
https://ethereum.stackexchange.com/questions/6/how-can-i-create-a-multisignature-address-on-ethereum

Maybe mETH will rewind their blockchain again and create Ethereum SuperClassic - lol !!!   Cool
i don't think Vitalik or the Foundation lost anything so don't get your hopes up Wink
and i call for Ethereum Legacy for the name of new chain

oh and by the way DAO hack was 50 million dollar and this is  $32 million and growing. and if you add the white hat hack to it, then it is about $100 million dollar hack.
legendary
Activity: 3808
Merit: 1723
I am not a coder so I don't have much depth into this situation but wondering if Electrum could have a similar vulnerability such as the Parity multisig wallet which was hacked earlier today.

Don't know how much of the code is similiar since its Bitcoin based and Parity was mostly Ethereum based.

Jump to: