Just as it was recovering from an embarrassing hack back in July, Ethereum wallet client Parity makes the news again for all of the wrong reasons. A coding crisis has hit the company and frozen up to $150 million in Ether from its customers.
A developer accidentally hit a vulnerable patch of code this week causing a lockup of all funds in Parity multi-signature wallets. The company has been reeling since July when another code exploit resulted in hackers making off with $30 million in ETH, an estimated 150,000 Ether. Since then Parity has been working on patches and fixes to the flawed wallets and it seems that the new version had another bug in it which has caused this latest big Ether freeze.
Parity staff made the following blog post to clarify the situation:
“Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July. However that code still contained another issue – it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”
In essence any wallets deployed after July 20 have been locked out but this latest coding calamity. Some estimates are as high as $280 million Ether that is now inaccessible by Parity users. The company did state that no funds have been moved out of any of the wallets and it estimates a figure closer to $152 million could be affected.
Ethereum is no stranger to coding crises and hacking, its darkest hours were in June last year when the Decentralized Autonomous Organization hack resulted in the loss of $60 million in Ethereum. This latest exploit does not impact the Ethereum network as a whole and prices still remain stable at $295 at the time of writing. It does however address some serious security questions that the community and developers need to work on.
The likelihood of Parity wallets gaining any more customers is slim; the ones that are with the company are still hoping that they get their funds back in this fork or the next.