After an unidentified actor “accidentally” triggered a series of bugs that destroyed approximately $150 million worth of digital currency, the world waits for a substantive answer – is this vulnerability an anomaly? An “I told you so”? Or a humbling opportunity to secure the Ethereum network?
On November 6, “Devops199,” an alleged amateur programmer, set off a chain of bugs on Parity, a popular digital wallet for Ethereum. These bugs affected multisignature, or “multisig,” accounts – “wallets” that require multiple users to enter their keys before funds can be transferred. The place these wallets connect to is known as a “library” contract.
- According to Parity, an attempt to fix a vulnerability that allowed hackers to steal $32 million from multisignature wallets in July of 2017 inadvertently created a second vulnerability in the library contract. This allowed Devops199 to gain control of every multisignature wallet as a sole owner.
- After Devops199 realized what had happened, he “killed” (deleted) the code. Unfortunately, this locked all funds into multisignature wallets permanently, with no way to access them.
- Because of the functionality of the current blockchain, $150 million worth of ether ( ETH ), the tradable currency that fuels the Ethereum platform, is now effectively destroyed and inaccessible to anyone.
Among the victims of this bug are several recently successful ICOs that chose to store their funds in a Parity wallet because of its multisig option and compatibility with various hardware wallets.