Faulty fix had vulnerability.
Hundreds of millions of dollars worth of the Ethereum cryptographic currency are at risk after a user triggered a software bug that gave them ownership of wallets containing the funds.
Ethereum software developer Parity Technologies overnight issued a security alert for a critical vulnerability in its multi-signature wallets.
The vulnerability stems from a fix for an issue in the wallets that appeared in July this year and which saw some A$39 million stolen from three victims.
Parity Technologies said the fix was faulty and allowed a user going by the moniker devops199 to accidentally lock away over 900,000 units of the Ethereum currency from 71 multi-signature wallets.
Ethereum is currently trading at A$386, meaning the total value of the incident could be as high as A$347.4 million.
It appears the software bug allowed devops199 to turn the Ethereum smart contract that governed the multi-signature wallet into a regular wallet address, and become the owner of it.
Devops199 then "suicided" the contract for the wallet, Parity said, rendering all multi-sig contracts unusuable "since their logic (any state-modifying function) was inside the library [that was wiped out]" for the wallet.
According to Parity, no funds can be moved out of the multi-signature wallets affected by the bug.
Multi-signature wallets deployed after July 20 this year are affected by the bug. It is unclear at this stage if the issue can be sorted out with a software version upgrade for Ethereum, a so-called hard fork.