Parity Bug Breaks Wallets and Freezes $280 Million in Ether
Digital currency wallets and exchanges have often been attacked by hackers in the past, as an attempt to steal people’s money. For instance, last year, a heist worth $50 million affected Ethereum, and many people believed that this will likely break the platform and its underlying currency, ether.
However, Ethereum is now being affected by yet another issue: reportedly, $250 million worth of funds belonging to people throughout the world were either deleted or frozen, after a bug on the Parity Ether wallet was discovered, and triggered. This eventually broke a high number of wallets, hence making it impossible for the owners to transfer the funds out of them.
The result of this bug triggering is having 1 million ETH frozen in users’ accounts, worth approximately $280 million. Out of this amount, around $90 million belongs to the ex Ethereum core developer Gavin Woods, who is also the founder of the Parity wallet.
This bug reportedly affects wallets that are based on the multi-signature protocol, created after the 20th of July. For those who do not know, multi-signature wallets work by implementing additional security measures, hence requiring multiple users to sign a transaction before it can be processed and approved by the network. This is a form of escrow payment, meant to control funds that belong to a group of people, rather than only one person.
Because of the bug, a wallet owner could reportedly turn a wallet owned by a single owner into a multi-signature wallet, hence taking ownership of it. This bug in the code therefore allows people to kill contracts within the core of the wallet, which is pretty much what happened in the case. So far, it seems like the funds being frozen was not a hack, but rather an accidental triggering of the bug made by a user by mistake.
The individual who both triggered the bug and reported it via GitHub revealed his online identity, and mentioned that he is scared for what could happen to him, given the accidental exploit.
At this time, it remains unsure whether any action can be taken to reverse this action. If not, then chances are that $280 million worth of ether could remain locked, thus drastically affecting the digital currency.
Something similar happened when a Node.js library was mistakenly pulled from its afferent npm registry. In return, this caused thousands of web-based applications to be broken. The only difference is that now we’re talking about large amounts of money belonging to people throughout the world.