A Major Vulnerability Has Frozen Hundreds Of Millions Of Ethereum DollarsNovember 8, 2017 3:00 pm
A vulnerability found within popular wallet Ethereum has frozen potentially hundreds of millions of dollars worth of the cryptocurrency for the second time in recent months, TechCrunch reported.
Parity Technologies, the company behind widely used wallet service Parity, disclosed the issue that could enable the contents of a wallet to be wiped, the report said.
Explaining the issue further, TechCrunch said Initial Coin Offerings (ICOs) held since July 20 may be impacted as the issue affects multi-sig wallets – a technology using the consent of multiple parties for additional security on transactions.
Ethereum, the world’s second highest-valued crypto currency with a total market cap of over $27 billion, was affected in July when a vulnerability in Parity led to 150,000 ETH (then worth around $30 million) being stolen.
That bug was fixed, TechCrunch reported, but one positive element of that scare is many in the Ethereum community – and particularly those who have held ICOs – shied away from the technology in favor of alternatives. Even those who did use Parity may not have opted for the multi-sig wallet, the report said.
Following the fix on 19th of July (function visibility), the report said, a new version of the Parity Wallet library contract was deployed on July 20.
However, the report continued, that code still contained another dangerous issue – it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function, the report said..
“It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library,” TechCrunch reported.
The issue appears to center around the fact the Parity Wallet operates as a smart contract.
There are no immediate reports of lost or stolen coins, but already it is clear a sizable amount of Ethereum is at risk, the report said.
TechCrunch reports early estimates from UCL cryptocurrency researcher Patrick McCorry suggests at least 600,000 ETH (worth around $150 million) is frozen.
McCorry told TechCrunch the total is likely to be higher still as more information about Parity usage and wallet volumes comes to light.
Parity continues to look into the problem. The company said on Twitter it believes that wallets are locked. It added projections for the amount of ETH impacted were “speculative,” the report said.
– WN.com, Jack Durschlag