Half a million ETH frozen as Parity Wallets get hacked

At least $150 million worth of Ethereum funds have been “frozen” after an accidental exploitation of a code bug. Over a hundred miners using multi-signature wallets to store their Ether virtual coins have permanently lost access to their accounts.
Danish Yasin

Published on Nov 10, 2017 15:58 By Danish Yasin

At least $150 million worth of Ethereum funds have been “frozen” after an accidental exploitation of a code bug. Over a hundred miners using multi-signature wallets to store their Ether virtual coins have permanently lost access to their accounts.

The multi-signature wallet software requires more than one key from the user to transfer funds. This functionality was introduced by Parity Technologies earlier this year in order to patch another bug in the software that had led to a theft of 150,000 Ethers, worth $30 million. After the removal of this bug, another issue was apparently still present in the software and led to the recent hack.

A developer, going by the name “devopps199” on GitHub, had the link to an Ethereum contract address on Etherscan. He turned the Parity Wallet library contract into an ordinary multi-signature wallet via the unintentional exploit of a bug, and then proceeded to make himself its owner.

The developer claimed that he is a “newbie” and that he did this “accidentally”. After having realized his mistake, he tried to reverse it by deleting the code that had transferred the ownership to him. The wallets, however, contained library contract code and as a result of this deletion, almost $150 million in funds were locked in the wallets with no way to access them. “I accidentally killed it,” the developer wrote on GitHub.

In a statement released this Wednesday, Parity explained that all wallets created after July 20th have been affected by this mistake. A link was provided for the users that listed all the affected accounts. Users were further warned against creating more multi-signature wallets until the issue has been resolved and were advised not to send any ether to the inaccessible wallets. The firm apologized for the “great deal of stress and confusion among our users and the community as a whole.” They are continuing to investigate in order to uncover all implications of the situation as well as possible solutions.

Some reports indicate that a hard fork is the only way to make the locked wallets accessible as it will change the code that controls Ethereum. This change would need to be adopted by the users. If they refuse to upgrade, the Blockchain will split into two. This has actually happened before when Ethereum forked last year to recover $50 million stolen in the DAO hack. Following that incident, many users are currently “refusing” to execute such an upgrade.