Today, Ethereum Wallet Parity just got "hacked" due to error-filled code, for the second time in five months. $150M to $300M worth of Ethereum stored in multi-sig wallets is currently frozen, and a hard fork will likely be required to recover funds.

What happened?

This morning, Parity issued a security alert regarding a huge issue that had been accidentally exploited. This issue caused a huge amount of Ethereum (estimated from $150M to $300M) stored in Parity's multi-signature walletsto be completely frozen, allowing no withdrawal. But what exactly caused this?

A multi-sig issue was previously exploited in July 2017, affecting about $30M worth of Ethereum. The day after, Parity issued new versions of their contracts fixing the issue, however, this new version contained another issue as well:

"It was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWalletfunction."
—Parity

This exploit was accidentally triggered on November 6th, 2017 at about 2pm UTC, wiping out the code needed to sustain multi-sig wallets and rendering these wallets completely useless.

No funds, currently, can be moved out of the affected multi-sig wallets.

Who was affected?

Any user with Ethereum stored inside a Parity multi-sig wallet, deployed after July 20th is affected.

However, the fact is that multi-sig wallets are mainly used by:

• companies/organizations who are splitting their Ethereum holdings among shareholders
• users with extremely high regards for security

Both of these user classes would expected to store huge amounts of Ethereum in their wallets. This means this bug affected quite a lot of Ethereum, with estimates in the hundreds of millions of dollars ($150M - $300M).

Causes and Effects

Since the news was first published, Ethereum has taken a quick nosedive in price as shown below (reaching its lowest point in two weeks):

Many are suggesting that a hard fork will be required to regain access to funds, a move that would likely upset a lot of Ethereum holders. Though an unidentified user accidentally provided the "suicide call" nuking all the wallets, it's clear that this is the fault of Parity.

Parity has issued very limited information on their website's security alertand on their twitter account, so we're still waiting for more details.

We hope the situation can be dealt with soon, and that the cryptocurrency holders will be able to retrieve their tokens.

View original content here: steemit.com

mooncryption