Someone Exploited a Vulnerability in Parity Wallet Causing Funds to Freeze

Have hackers just attacked another cryptocurrency service provider? Parity Technologies revealed a couple of hours ago that someone has messed with its code, causing funds to freeze.

In an urgent security alert issued to users, the Parity developers say that a vulnerability in the wallet library contract of the standard multi-sig contract has been found. They add that the issue only affects users with assets in a multi-sig wallet created in Parity Wallet that was deployed after July 20th.

The message read:

“Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July. However that code still contained another issue – it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”

In online crypto community forums people speculate that between 500,000 to a million ETH might be forever unrecoverable due to this incident. If true, Vitalik might face incredible pressure to hard fork the Ethereum blockchain as he did after the DAO crisis. On their part, the Parity team is trying to reassure users they are working on a solution at the moment and that no funds have been lost so far.

Parity Technologies was founded by Gavin Wood, founder and former CTO of Ethereum. Earlier this year it released a Bitcoin technology stack including its own implementation of the Bitcoin protocol.

Powered by WPeMatico