Coding Error Locks Users Out of $280m in Ether

Written by

Users of popular crypto-currency wallet Parity were left locked out of almost $300m in funds after a user triggered a coding error, it has emerged.

The firm deals in ether — the currency traded on the Ethereum blockchain. A critical security alert on Tuesday explained that the issue came about following a bug in its platform in July, which ended up in the theft of $32m worth of ether from its popular multi-sig wallets.

Multi-sig wallets are so-named because they require multiple people to verify and sign-off transactions.

Following the July incident a new version of the Parity Wallet library contract was deployed.

The alert continued:

“However that code still contained another issue — it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”

The result is that no funds can be moved from any multi-sign wallets.

It’s believed that over 900,000 ether are locked in those wallets, worth roughly $282m at today’s prices. It’s been reported that $90m in funds raised by Parity founder Gavin Wood is also locked down.

However, a Twitter update from Parity yesterday claimed that: “The total ETH circulating social media is speculative.”

The news will do nothing to calm the nerves of investors, who have seen a string of cyber-attacks and reliability issues plague start-ups in the crypto-currency space.

Just last month, hackers were spotted using malicious spoof apps for crypto-currency exchange Poloniex, in a bid to harvest log-ins for users of the platform and their Gmail accounts.

What’s hot on Infosecurity Magazine?