Triggered wallet vulnerability freezes $280M in Ethereum holdings
A security vulnerability in a popular wallet used to store the Ethereum cryptocurrency has been triggered, freezing more than $280 million worth of ETH in the process with no fix currently in sight.
The triggered vulnerability involves code in wallets from Parity that was introduced on July 20. That code was intended to patch a previous coding issue that had allowed hackers to steal the equivalent of $31 million in ETH from wallets earlier the same month.
The new code introduced a new issue that made it possible to turn the Parity wallet library contract into a regular multisignature wallet, which requires more than one key to authorize a transaction, and become an owner of it by calling the “initWallet” function.
That’s exactly what happened on Nov. 6, though apparently by accident. According to a security alert issued by Parity, the process involve a user getting claimed to have “suicided the library-turned-into-wallet.” As a result, the library code is wiped out, rendering unusable all multisig contracts that employed the code.
To put that in more simple terms, the code library was a type of smart contract that facilitated transactions and balance holdings for users. Now that it has been deleted, wallets that rely on them can’t function, meaning that those using those wallets could be described as being stuck in Ethereum purgatory. Parity has issued a new version of its code to fix future wallets, but the fix isn’t retrospective, meaning that at least for now, it doesn’t appear clear when or even if those affected will regain access to their Ethereum holdings.
The implications of the frozen ETH go further than simple Ethereum traders. Potentially dozens of companies that have either undertaken an initial coin offering or are in the process of raising funding that way are also affected. One such company is Pokadot, a private-public blockchain startup that raised $140 million in a token sale, which told TechCrunch that 60 percent of the funds raised in its ICO had been potentially affected by the Parity issue.
Although the vulnerability here isn’t the fault of the underlying smart-contracts-based blockchain used by Ethereum, it’s not a good look for a cryptocurrency that has long been touted as an alternative to bitcoin and still remains the second-largest by market cap.
The price of Ethereum was not greatly affected by the news, dropping slightly in trading Tuesday. But at a time where bitcoin is hogging the limelight with new record highs, it’s a confidence hit that Ethereum doesn’t need.
Photo: btckeychain/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU