At Least $150 Million of Ether Frozen in Hacked Parity Wallet
In what is now the second major breach of security in a year at the cryptocurrency wallet provider, Parity, the incident has caused many in the industry to question the integrity of their wallets and even digital wallets as a whole. Much like the last security breach, this one was caused by a bug found in the multi-sig (multi signature) wallet software.
This flaw allowed a hacker to infiltrate the wallet and change the administrative signature, giving him/her complete control over the wallet. The wallet itself was a storage library of many different wallets in their system that were owned by multiple users. By changing the multi-sig wallet to a single user version, it locked the access points for all other users. According to a post on Github, the apparent perpetrator of this hack posted an Etherscan address with the caption, “I accidentally killed it”.
The user, known as “devops199” from the handle found on the Github post, in realizing that the wallet signatures had been transferred to his/her control, attempted to correct the problem by deleting the portion of code that seemed to trigger the accidental lockout to other users. However, in doing so, vital code connected to the wallet’s internal logic was corrupted which effectively froze the entire library of wallets to all users, rendering at least half a million Ether completely unusable.
Now, with a large bulk of funds cut off from the rest of the network, the only way to recover them would be through a hard fork of the entire Ethereum blockchain. There are serious downsides to this, the most obvious being the creation of another currency like what happened last year with the creation of Ethereum Classic. Hopefully Parity will take extra steps to vet their smart contracts to prevent any more bugs from forming in their wallet operation.