Ethereum Slides After Coding Bug Freezes Wallets Containing $280 Million

In a vivid reminder of the risks involved for cryptocurrency investors, Ethereum slumped on Tuesday when a critical security vulnerability in multi-signature wallet belonging to London startup, Parity Technologies, was triggered on 6th November, paralyzing wallets created after July 19, and freezing tens of millions in ethereum. Parity is the same company whose coding error helped hackers steal $30 million worth of ethereum; on Tuesday, the company admitted it was facing more security problems.

Parity issued a "critical" security alert to inform its users about a bug that got "accidentally" triggered which resulted in freezing more than $280 million worth of ETH, including $90M belonging to Parity’s Founder & Ethereum former core developer, Gavin Woods. In the statement, Parity said that it had fixed the vulnerability that led to the original, July hack, but failed to catch and repair another weakness that allows users to rewrite code and take ownership of wallets that don’t belong to them. As a result, Bloomberg notes that many users found themselves unable to move funds out of their wallets because important code was deleted.

Ironically, Parity advised users not to deploy multi-signature wallets - the type impacted by the latest vulnerability - until the issue has been resolved. Multi-signature wallets are supposed to add an extra layer of security, as they require multiple verifications to confirm a transaction. The company hasn’t yet disclosed how many people have been affected.

Affected users: Users with assets in a multi-sig wallet created in Parity Wallet that was deployed after 20th July.


Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July. However that code still contained another issue - it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.

A user named devops199 claimed he triggered the bug “accidentally” and reported it through a GitHub ticket.

The newly deployed contract, 0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4, contains a vulnerability where its owner was uninitialized. Although, the contract is a library it was possible for devops199 to turn it into a regular multi-sig wallet since for Ethereum there is no real distinction between accounts, libraries, and contracts. The event occurred in two transactions, a first one to take over the library and a second one to kill the library - which was used by all multi-sig wallets created after the 20th of July.

Among those impacted is the Web3 Foundation which is working with Parity to build a blockchain network called Polkadot. "The multi-sig used by the Web3 Foundation to accept contributions for Polkadot was one of those affected, putting the ETH in it beyond access," the firm wrote. "The affected multi-sig wallet does not contain all of the Web3 Foundation’s funds; our ability to build Polkadot as planned and to the original timetable has not been affected."

The new vulnerable contract has been deployed more than 100+ days ago on July 20th, one day after the original multi-sig vulnerability had been exploited and fixed.

“A code has a library path. Somewhere in that path, someone removed one of the libraries. As a result, the code doesn’t work, and as a result of that, the money is frozen, which can be fixed," David Mondrus, chief executive of Trive, a blockchain-based research platform todl Bloomberg. "It does show the difference in performance and safety between hardware and software."

Contacted by Bloomberg, Parity spokeswoman Helena Flack said "We are still working on the final number and do not want to release any speculative figures."

More importantly, however, Flack said that "no ether has been stolen." That should ease the nerves of some cryptotraders who sold off Ethereum this morning when the news spread, sending the price from above $300 to the mid-$280.

As Matt Suiche concludes, "even though the vulnerable smart-contract was open source and deployed months ago, this bug managed to escape code review done by the Parity team. Since by design smart-contracts themselves can’t be patched easily, this make dependancies on third party libraries very lethal if a mistake happens.

We have seen a lot of enthusiasm from a lot of people about blockchain-based smart contracts, and the general assumption from users is that they would be secure. But just like any other piece of software a smart-contract can be vulnerable. All the recent security issues around smart contracts are challenging more and more the sustainability of storing money on a blockchain-based software layer.


Manthong Bokkenrijder Tue, 11/07/2017 - 13:56 Permalink

/* Style Definitions */
{mso-style-name:"Table Normal";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-bidi-font-family:"Times New Roman";
 ??   How do you spell “counter-party risk”   ?????

In reply to by Bokkenrijder

Luc X. Ifer IH8OBAMA Tue, 11/07/2017 - 15:29 Permalink

This is only one aspect however, it can be easily managed in the OS world - just have a look for example at Linux kernel or other components of the Linux ecosystem known for robustness. Robustness is what makes all the difference and designing the code and the processes surrounding it requires discipline, attention, experience and humbleness - problem is only genuine senior professionals exhibit them and very, very few youngsters active in the field. I'm totally in the Blockchain bandwagon and I see an awesome future resulting from the introduction of this paradigm, I admire Vitalik Buterin for the talent and work he put in the Ethereum whitepaper and initial prototypes however, I become pretty soon skeptic of Ethereum due to a list of choices they made process, platform and architecture wise - and I am till now, actually for the last few weeks I was talking with my buddies about the inevitability that something bad is going to happen technically in the near future to Ethereum, honestly I didn't expected it to be so soon, but the writing was on the wall. Basically, their mistake is that they let themselves dragged by the youngsters typical spirit of non contained adventure, humbleness is a learned virtue acquired with the age and known not available especially in the youngsters enjoying huge success and ascension on a short time period. Ethereum first and major mistake was choosing Go Lang ecosystem, Go Lang is extremely good at delivering tools certainly in the boundaries of defined, known ahead of time problems. Go Lang is catastrophically bad when you hit a wall due to requirement or new features need extending into a not known at initial design time area. Go Lang was by design created as such with very thin support for modeling high abstractions especially because it was desired to be a platform to deliver firm defined tooling level solutions not products which require continuous extensions potentially reaching new paradigms and scalability challenges. The correct solution for Ethereum I support my point even now would have been C++ for best of modeling/performance bang or JVM/Scala for a little bit less performance but tremendous easiness to scale architecturally where an innovative product like Ethereum would go sooner or later.

In reply to by IH8OBAMA

OpenThePodBayDoorHAL Gap Admirer Tue, 11/07/2017 - 15:17 Permalink

A contract is something that doesn't change. If it did you would call it something else, an "arrangement" or something. Software, however, must change, there are always upgrades, bug fix (!) and the like. Software that can't change is a really bad idea. So precisely how do you mix something that can't change (a contract) with something that must change (software)? And make it always and permanently backwardly-compatable? 

In reply to by Gap Admirer

Luc X. Ifer OpenThePodBayDoorHAL Tue, 11/07/2017 - 15:42 Permalink

Exactly. This is the main Go Lang problem due to lack of support for complex and heterogeneous abstractions and multiple paradigms. Tackling on new problems non specific to the scope of design of the Go Lang platform is excruciating hard and can be credited only to very experienced people knowing expertly level not only the Go Lang but also the proper paradigms to emulate. Also, to cover some of these paradigms you need typical to the paradigms testing support so, that is not existing in Go Lang. Bad, bad, poor choice.

In reply to by OpenThePodBayDoorHAL

VD Manthong Tue, 11/07/2017 - 15:47 Permalink

reposting from my previous comment -- this is all part of the endgame, NOT limited to Ethereum! "btc already is segwit hacked; so btc should really be called segwitcoin. do you know what segwit is? do you know what it does? do you know who is behind Blockstream, the co that hacked btc w/ their segwit by convincing miners to agree to it? hint: AXA. & you probably also don't know that Blockstream owns the segwit patent, ergo, they in effect own btc = segwitcoin. (segwitcoin didn't even solve the quadratic hash issue [in an efficient manner, esp going fw, assuming it does].) do you know that if miners agreed to segwit, as they did, what that implies for the whole chain? hint: the miners, if they agree as they did to allow for this hack, can now also agree to steal btc balances ("terrorism", "fraud" and all the other statist excuses now in the "decentralized" blockchain.) do your due diligence. btc is now officially a bankster owned scam. segwit2x is more of a distraction, since the btc is already compromised.   ps: segwit was a soft-fork and as such will forever remain as part of the btc chain, even w/ future soft-forks (which can further subvert the chain a la said segwit). you can't un-hack or "uninstall" segwit in btc, or segwitcoin. who controls AXA, which in turn controls btc? hint: Bilderberg Group. Don't believe me? please look up Henri de La Croix de Castries, CEO of AXA."

In reply to by Manthong

SILVERGEDDON tmosley Tue, 11/07/2017 - 14:56 Permalink

tmosley, let me be perfectly clear. I trust any crypto about as much as I trust the paper shit your all seeing eye is printed on, or about as much as I trust your investment advice. Slow but steady value wins the race. Knock yourself out chasing another bubble - this one was farted out of the crypto  investment tub bubble bath though I think. When it pops, it ain't gonna be pretty.  

In reply to by tmosley

Michigander Manthong Tue, 11/07/2017 - 14:15 Permalink ETH is down...wait for it...3%. Fuck all you blindered oldbugs. If you actually think this meets the definition of counterparty risk, then please allow me to introduce you to YOUR counterparty riskJP MorganGoldmanCME GroupBarclaysScotia MocattaDeutsch BankI'll take a fixable mistake in code as my counterparty risk 1,000 to 1 over yours.

In reply to by Manthong

SILVERGEDDON Michigander Tue, 11/07/2017 - 14:34 Permalink

Well, fuck, meet dick. Head, that is. Commodities investors wouldn't trust your list of thieves with a used condom. If you don't hold it, you don't own it. Fucking know it all kids these days - king of the world until the world turns upside down. Them, blubbering fools under a table with play-doh, scissors, a puppy, and zero funds.  

In reply to by Michigander

tmosley CH1 Tue, 11/07/2017 - 14:26 Permalink

The reply wasn't to you.If you woke up one day and found that a cult that preaches some of the most vile things imaginable (including that fucking babies three years and a day old is "as nothing" and that the Virgin Mary was a whore) had taken over your civilization, what would you do? Profess your undying love for those who think themselves your masters?

In reply to by CH1

Grave IH8OBAMA Tue, 11/07/2017 - 16:20 Permalink

shithereum is no bitcoin.

it has poor security and bad design, fundamentally flawed on the lowest level. its no longer immutable, cronies have been bailed out by owners ("developers")
it is banksters "answer" to bitcoin, just like number of other shitcoins and all the shitfork hostile takeover attacks, in desperate attempt to fight the rise of bitcoin.

debtfiat and the entire bankster racket died on 3rd january 2009 when the genesis block of bitcoin was mined.

In reply to by IH8OBAMA

CH1 tmosley Tue, 11/07/2017 - 15:02 Permalink

a cult that preaches some of the most vile things imaginable (including that fucking babies three years and a day old is "as nothing"... And you believed that shit? That's a collection of the worst things ever said by the stupidest Jews in history. (Tens of millions of people over centuries can produce a lot of stupidities.)I encourage you to sit in a synagouge and listen. You will NEVER hear such monstrosities.

In reply to by tmosley

CH1 tmosley Tue, 11/07/2017 - 19:37 Permalink

Please stop believing whoever told you that. It's plain bullshit.The Talmud is NOT "the highest holy book." It's a HUGE set of books containing arguments over hundreds of subjects, going back some 2000 years. And yes, some of the arguments were from stupid people.And, fwiw, lots of things that people claim are in the Talmud, are not. It's such a huge thing that no one has time to prove the other person wrong.

In reply to by tmosley