Parity Flaws are Exposed
4 min read

Parity Flaw Lets Amateur Dev Lock Away Millions’ Worth of ETH

By Editorial Team

November 6, 2017, will go surely go down as a day of infamy for the Ethereum community.

On this day, a user accidentally locked away all ether (and tokens) inside of every Parity multi-sig wallet. Right now, the amount of funds that have been locked away top a whopping $300 million U.S. dollars.

But how was this possible? How is Parity being rocked by a major debacle once again after they were already shaken by a major bug back in July?

Let’s bring you up to speed on all the major details of this astounding story.

How the flaw unfurled

“devops199,” a developer who’s described themselves as being new to Ethereum, was exploring the Parity GitHub repository when his curiosity took a turn for the catastrophic.

devops199 was able to take control of one of the main libraries that Parity’s multi-sig wallets run on, at which point he sent a “kill” command to the library—destroying it and blocking thousands of users from being able to access their crypto holdings.

As devops199 infamously explained, “I accidentally killed it.”

Parity Disclosure DevOps

Image via GitHub

The bug, here, was that Parity had that particular library uninitialized and thus anyone was able to take ownership of it. devops199 did.

The second critical error was that devops199 had the not-so-genius idea to send a “kill” command to the library, something no Parity dev (or anyone else, really) would’ve ever done under the same circumstances.

Think of it like devops199 pressing an individual delete button for every Parity multi-sig wallet. It’s not literally what he did, but it’s what he did in effect by deleting the library in question.

Such a valuable library shouldn’t have been uninitialized in the first place. The responsibility for that lies squarely with Parity.

Who’s affected

For now, it looks like anyone and everyone who held their ether and ERC-20 tokens in a Parity multi-sig wallets are affected by devops199’s deletion.

Notably, Parity users who weren’t holding their crypto in a multi-sig wallet aren’t affected.

Current estimates place 900,000 ether (+$300M) as being locked away from the flaw. This means a range of members from the community have been affected, from individual investors to ICO projects like Polkadot.

Parity’s warned the community that users should avoid creating or sending money to Parity multi-sig wallets for the indefinite future:

We are asking for everyone to be patient until the full extent of the issue has been identified and we will communicate any necessary instructions or advice. We are advising users not to deploy any further multi-sig wallets until the issue has been resolved and to not send any Ether to wallets that have been deployed and are in use already.

Potential hard-fork looms

It’s unclear for now how these 900,000 ether can be recovered short of a hard-fork. The Ethereum community is seemingly going through a larger and stranger replay of the DAO hack and ensuing hard-fork, except this time it wasn’t a hack … it was devops199.

Ethereum Foundation security head Martin Swende has already chimed in, arguing that he sees a hard-fork as the only remedy going forward:

There’s unfortunately no way to recreate the code without a hard fork. Any solution which makes the locked funds accessible requires a hard fork … I’d like to see this spearheaded by the affected parties, not the foundation.

Ethereum creator Vitalik Buterin is largely staying mum, seemingly letting the community work through the problem democratically.

If a hard-fork were to occur, an Ethereum Classic-like situation could be possible. Non-affected ether holders would end up with two coins with as-yet determined worth, all depending on the contentiousness of the fork.

Bad year for Parity

This latest incident marks only the second major flaw that’s rocked the Parity user base in 2017.
Back in July, you may recall how hackers were able to penetrate Parity’s multi-sig wallets, making away with a $30 million crypto heist.

Now that this second catastrophic bug has actualized, Parity will surely face difficulties in being seen as a viable wallet provider in the months ahead.

Featured Image via Fotolia

Editors at large. Posting the latest news, reviews and analysis to hit the blockchain.
View all posts by Editorial Team -> Best Crypto Deals ->

Latest Posts

Bancor Review
Bancor Review: Impermanent Loss Protector?
Bancor Review

Bancor Review: Impermanent Loss Protector?

June 22, 2022 15 min read
Bridge Mutual Review
Bridge Mutual: Insurance for your Crypto
Bridge Mutual Review

Bridge Mutual: Insurance for your Crypto

June 18, 2022 22 min read
Serum Review
Serum Review: Solana’s One-Stop DeFi Toolbelt
Serum Review

Serum Review: Solana’s One-Stop DeFi Toolbelt

June 16, 2022 17 min read
Raydium Review: Solana’s DeFi Liquidity Mammoth

Raydium Review: Solana’s DeFi Liquidity Mammoth

June 11, 2022 17 min read
crypto com
Crypto.com Exchange Review 2022: A World-Class Crypto Exchange
crypto com

Crypto.com Exchange Review 2022: A World-Class Crypto Exchange

June 10, 2022 30 min read
OKX invests in WAX
OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX
OKX invests in WAX

OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX

June 3, 2022 2 min read
Binance partners with the weekend
Binance Partners with The Weekend to Provide First-Ever Web 3 Enhanced World Tour
Binance partners with the weekend

Binance Partners with The Weekend to Provide First-Ever Web 3 Enhanced World Tour

June 3, 2022 2 min read

Related Posts

OKX invests in WAX
OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX
OKX invests in WAX

OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX

June 3, 2022 2 min read
21Shares Releases Sixth State of Crypto Report
21Shares Releases Sixth State of Crypto Report: Summary
21Shares Releases Sixth State of Crypto Report

21Shares Releases Sixth State of Crypto Report: Summary

June 2, 2022 3 min read
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand

Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand

June 2, 2022 2 min read
Regulators are “Not Allowing” Banks to Engage with Crypto
Bank of America CEO: Regulators are “Not Allowing” Banks to Engage with Crypto
Regulators are “Not Allowing” Banks to Engage with Crypto

Bank of America CEO: Regulators are “Not Allowing” Banks to Engage with Crypto

June 1, 2022 2 min read
US Conference of Mayors Introduces Blockchain Resolution
US Conference of Mayors Introduces Blockchain Resolution
US Conference of Mayors Introduces Blockchain Resolution

US Conference of Mayors Introduces Blockchain Resolution

June 1, 2022 2 min read
Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40Increase
Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40% Increase
Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40Increase

Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40% Increase

May 31, 2022 3 min read
All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours
All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours
All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours

All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours

May 31, 2022 2 min read