Someone Accidentally Triggered A Flaw That Locked Up $280 Million In Ethereum

in ethereum •  7 years ago  (edited)

Horrible news for some Ethereum users.

 About $300 million worth of Ether—the  cryptocurrency unit that has become one of the most popular and  increasingly valuable cryptocurrencies—from dozens of Ethereum wallets  was permanently locked up today.
 

Smart contract coding startup Parity Technologies, which is behind the popular Ethereum Parity Wallet, announced earlier today that its "multisignature" wallets created after this July  20 contains a severe vulnerability that makes it impossible for users  to move their funds out of those wallets.


According to Parity, the vulnerability was triggered  by a regular GitHub user, "devops199," who allegedly accidentally  removed a critical library code from the source code that turned all  multi-sig contracts into a regular wallet address and made the user its  owner. 

 Devops199 then killed this wallet  contract, making all Parity multisignature wallets tied to that contract  instantly useless, and therefore their funds locked away with no way to  access them. 

 

"These (https://pastebin.com/ejakDR1f)  multi_sig wallets deployed using Parity were using the library located  at "0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4" address," devops199  wrote on GitHub.
"I made myself  the owner of '0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4' contract and  killed it and now when I query the dependent contracts  'isowner(<any_addr>)' they all return TRUE because the delegate  call made to a died contract."

 

Parity multisignature wallets also experienced a vulnerability in July this year that allowed an unknown hacker to steal nearly $32 million in funds (approximately 153,000 units of Ether) before the Ethereum community secured the rest of its vulnerable Ether.
 

According to Parity, a new version of the Parity Wallet library contract  deployed on 20th of July contained a fix to address the previously  exploited multi-sig flaw, but the code "still contained another issue,"  which made it possible to turn the Parity Wallet library contract into a  regular wallet.
 

The vulnerability affected Parity multi-sig wallets that were deployed  after July 20—meaning ICOs (Initial Coin Offerings) that were held since  then may be impacted.
 

So far, it is unclear exactly how much cryptocurrency has disappeared  due to this blunder, but some cryptocurrency blogs have reported that  Parity wallets constitute roughly 20% of the entire Ethereum network.
 

This made researchers familiar with the space estimating around $280  Million worth of Ether is now inaccessible at this time, including $90  million of which was raised by Parity's founder Gavin Woods.
 

Parity froze all affected multi-sig wallets (that is millions of  dollars' worth of Ethereum-based assets) as its team scrambles to  bolster security. The team also promised to release an update with  further details shortly.


 Found this interesting? Kindly upvote and follow @steemvore for more cryptocurrency news   

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://thehackernews.com/2017/11/parity-ethereum-wallet.html

Congratulations @steemvore! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes
Award for the number of upvotes received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Congratulations @steemvore! You have received a personal award!

1 Year on Steemit
Click on the badge to view your Board of Honor.

Do not miss the last post from @steemitboard:

SteemitBoard - Witness Update
SteemFest³ - SteemitBoard support the Travel Reimbursement Fund.

Support SteemitBoard's project! Vote for its witness and get one more award!

Congratulations @steemvore! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!