Bug freezes hundreds of millions of Ethereum

Bug freezes hundreds of millions of Ethereum

Faulty fix had vulnerability.

 

Hundreds of millions of dollars worth of the Ethereum cryptographic currency are at risk after a user triggered a software bug that gave them ownership of wallets containing the funds.

 

Ethereum software developer Parity Technologies overnight issued a security alert for a critical vulnerability in its multi-signature wallets.

 

The vulnerability stems from a fix for an issue in the wallets that appeared in July this year and which saw some A$39 million stolen from three victims.

 

Parity Technologies said the fix was faulty and allowed a user going by the moniker devops199 to accidentally lock away over 900,000 units of the Ethereum currency from 71 multi-signature wallets.

 

 

Ethereum is currently trading at A$386, meaning the total value of the incident could be as high as A$347.4 million.

 

It appears the software bug allowed devops199 to turn the Ethereum smart contract that governed the multi-signature wallet into a regular wallet address, and become the owner of it.

 

Devops199 then "suicided" the contract for the wallet, Parity said, rendering all multi-sig contracts unusuable "since their logic (any state-modifying function) was inside the library [that was wiped out]" for the wallet.

 

According to Parity, no funds can be moved out of the multi-signature wallets affected by the bug.

 

Multi-signature wallets deployed after July 20 this year are affected by the bug. It is unclear at this stage if the issue can be sorted out with a software version upgrade for Ethereum, a so-called hard fork.

Itnews

We’d love to hear your views on this…