Earn up to 12% APY on Bitcoin, Ethereum, USD, EUR, GBP, Stablecoins & more.

Start Earning Interest
Ad: Bybit - Flexible Staking — Earn Up to 8% APY or higher with XYM & JASMY. Stake now!

Here’s how the Parity Ethereum hacker is cashing out his funds

If you were around in 2017, you likely remember the Parity wallet hack.


If you were around in 2017, you likely remember the Parity wallet hack.

Here’s some context if you don’t.

Parity is an Ethereum infrastructure provider that was in 2017 known for its multi-signature wallet. Multisig is a technology that requires multiple key holders to sign off on transactions to verify them, preventing the stealing of one key to lead to the loss of all funds.

A Parity version was bugged that allowed an attacker to drain 153,037 ETH from three high-profile multisig addresses:

“Today, we witnessed the second largest hack, in terms of ETH stolen, in the history of the Ethereum network. As of 12:19 pm UTC,  had drained 153,037 ETH from three high-profile multi-signature contracts used to store funds from past token sales. The problem was initially reported by the Parity team, since the affected MultiSig wallet contract was part of the Parity software suite.”

What happened was that there was a bug that allowed anyone to obtain “exclusive ownership of the MultiSig” and could thus move the funds once they obtained control of it.

150,000 ETH was worth around $30 million as of the time of the hack and around $115 million now.

While many of the funds were previously cashed out through instant swap tools that allowed them to launder their funds through other networks, these tools became unavailable as more stringent KYC/AML regulations were implemented.

This led to a period where the attacker did not cash out his funds.

But now, they have begun to move their Ethereum again.

Here’s how they’re cashing out their funds.

How the Parity hacker is moving their Ethereum

All of the Parity hacker’s addresses are tagged, leaving them with little opportunity to cash out their funds via a centralized exchange.

This raises the question, what can they do.

According to crypto research Igor Igamberdiev, what the individual or group is doing is swapping their Ethereum into RenBitcoin (RenBTC) via decentralized exchanges (take Uniswap, for instance),  then withdrawing those RenBTC to their own Bitcoin addresses.

From there, they can mix their funds using “mixer” services, then attempt to cash them out.

That is much more decentralized and private than the Tornado Cash solution, which may find it difficult to correctly hide the originations of millions of dollars worth of Ethereum.

One address cashed out a handful of RenBTC, though the rest of the hacked funds are inactive for some reason.

Posted In: , Analysis, Hacks

CryptoSlate Newsletter

Featuring a summary of the most important daily stories in the world of crypto, DeFi, NFTs and more.


Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis
Price snapshots
More context
Join now for $19/month Explore all benefits