Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Coding Error Locks Users Out of $280m in Ether

Users of popular crypto-currency wallet Parity were left locked out of almost $300m in funds after a user triggered a coding error, it has emerged.

The firm deals in ether — the currency traded on the Ethereum blockchain. A critical security alert on Tuesday explained that the issue came about following a bug in its platform in July, which ended up in the theft of $32m worth of ether from its popular multi-sig wallets.

Multi-sig wallets are so-named because they require multiple people to verify and sign-off transactions.

Following the July incident a new version of the Parity Wallet library contract was deployed.

The alert continued:

“However that code still contained another issue — it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”

The result is that no funds can be moved from any multi-sign wallets.

It’s believed that over 900,000 ether are locked in those wallets, worth roughly $282m at today’s prices. It’s been reported that $90m in funds raised by Parity founder Gavin Wood is also locked down.

However, a Twitter update from Parity yesterday claimed that: “The total ETH circulating social media is speculative.”

The news will do nothing to calm the nerves of investors, who have seen a string of cyber-attacks and reliability issues plague start-ups in the crypto-currency space.

Just last month, hackers were spotted using malicious spoof apps for crypto-currency exchange Poloniex, in a bid to harvest log-ins for users of the platform and their Gmail accounts.

What’s Hot on Infosecurity Magazine?