Parity Flaws are Exposed
4 min read

Parity Flaw Lets Amateur Dev Lock Away Millions’ Worth of ETH

By Editorial Team

November 6, 2017, will go surely go down as a day of infamy for the Ethereum community.

On this day, a user accidentally locked away all ether (and tokens) inside of every Parity multi-sig wallet. Right now, the amount of funds that have been locked away top a whopping $300 million U.S. dollars.

But how was this possible? How is Parity being rocked by a major debacle once again after they were already shaken by a major bug back in July?

Let’s bring you up to speed on all the major details of this astounding story.

How the flaw unfurled

“devops199,” a developer who’s described themselves as being new to Ethereum, was exploring the Parity GitHub repository when his curiosity took a turn for the catastrophic.

devops199 was able to take control of one of the main libraries that Parity’s multi-sig wallets run on, at which point he sent a “kill” command to the library—destroying it and blocking thousands of users from being able to access their crypto holdings.

As devops199 infamously explained, “I accidentally killed it.”

Parity Disclosure DevOps

Image via GitHub

The bug, here, was that Parity had that particular library uninitialized and thus anyone was able to take ownership of it. devops199 did.

The second critical error was that devops199 had the not-so-genius idea to send a “kill” command to the library, something no Parity dev (or anyone else, really) would’ve ever done under the same circumstances.

Think of it like devops199 pressing an individual delete button for every Parity multi-sig wallet. It’s not literally what he did, but it’s what he did in effect by deleting the library in question.

Such a valuable library shouldn’t have been uninitialized in the first place. The responsibility for that lies squarely with Parity.

Who’s affected

For now, it looks like anyone and everyone who held their ether and ERC-20 tokens in a Parity multi-sig wallets are affected by devops199’s deletion.

Notably, Parity users who weren’t holding their crypto in a multi-sig wallet aren’t affected.

Current estimates place 900,000 ether (+$300M) as being locked away from the flaw. This means a range of members from the community have been affected, from individual investors to ICO projects like Polkadot.

Parity’s warned the community that users should avoid creating or sending money to Parity multi-sig wallets for the indefinite future:

We are asking for everyone to be patient until the full extent of the issue has been identified and we will communicate any necessary instructions or advice. We are advising users not to deploy any further multi-sig wallets until the issue has been resolved and to not send any Ether to wallets that have been deployed and are in use already.

Potential hard-fork looms

It’s unclear for now how these 900,000 ether can be recovered short of a hard-fork. The Ethereum community is seemingly going through a larger and stranger replay of the DAO hack and ensuing hard-fork, except this time it wasn’t a hack … it was devops199.

Ethereum Foundation security head Martin Swende has already chimed in, arguing that he sees a hard-fork as the only remedy going forward:

There’s unfortunately no way to recreate the code without a hard fork. Any solution which makes the locked funds accessible requires a hard fork … I’d like to see this spearheaded by the affected parties, not the foundation.

Ethereum creator Vitalik Buterin is largely staying mum, seemingly letting the community work through the problem democratically.

If a hard-fork were to occur, an Ethereum Classic-like situation could be possible. Non-affected ether holders would end up with two coins with as-yet determined worth, all depending on the contentiousness of the fork.

Bad year for Parity

This latest incident marks only the second major flaw that’s rocked the Parity user base in 2017.
Back in July, you may recall how hackers were able to penetrate Parity’s multi-sig wallets, making away with a $30 million crypto heist.

Now that this second catastrophic bug has actualized, Parity will surely face difficulties in being seen as a viable wallet provider in the months ahead.

Featured Image via Fotolia

Editors at large. Posting the latest news, reviews and analysis to hit the blockchain.
View all posts by Editorial Team -> Best Crypto Deals ->

Latest Posts

PrimeXBT vs Bybit 2022: Which Exchange is Best for Crypto Trading?

PrimeXBT vs Bybit 2022: Which Exchange is Best for Crypto Trading?

September 27, 2022 26 min read
How to Buy Bitcoin on Binance

How to Buy Bitcoin on Binance

September 26, 2022 7 min read
How to buy Polkadot at FTX
How to Buy Polkadot (DOT) on FTX Exchange
How to buy Polkadot at FTX

How to Buy Polkadot (DOT) on FTX Exchange

September 23, 2022 9 min read
Crypto Safety 101: How to Protect your Crypto

Crypto Safety 101: How to Protect your Crypto

September 22, 2022 44 min read
Blockchain Security: How to Understand Blockchain Audits to Stay Safe in DeFi

Blockchain Security: How to Understand Blockchain Audits to Stay Safe in DeFi

September 21, 2022 26 min read
IDEX Review
IDEX Review 2022: The First Hybrid Approach to Non-Custodial, High-Performance Crypto Trading
IDEX Review

IDEX Review 2022: The First Hybrid Approach to Non-Custodial, High-Performance Crypto Trading

September 14, 2022 37 min read
Using Modern Portfolio Theory to Build a Crypto Portfolio
Using Modern Portfolio Theory and How to Build a Crypto Portfolio
Using Modern Portfolio Theory to Build a Crypto Portfolio

Using Modern Portfolio Theory and How to Build a Crypto Portfolio

September 12, 2022 48 min read

Related Posts

Crypto Safety 101: How to Protect your Crypto

Crypto Safety 101: How to Protect your Crypto

September 22, 2022 44 min read
Blockchain Security: How to Understand Blockchain Audits to Stay Safe in DeFi

Blockchain Security: How to Understand Blockchain Audits to Stay Safe in DeFi

September 21, 2022 26 min read
Top 5 Crypto Scams to Avoid in 2022

Top 5 Crypto Scams to Avoid in 2022

September 7, 2022 30 min read
What is Etherscan and how to use it
Etherscan Review: Public Face of Ethereum
What is Etherscan and how to use it

Etherscan Review: Public Face of Ethereum

August 30, 2022 16 min read
Can you still make money mining Monero
Can You Still Make Money Mining Monero in 2022?
Can you still make money mining Monero

Can You Still Make Money Mining Monero in 2022?

August 27, 2022 16 min read
Crypto Staking Complete Guide
Stake and Earn: Complete Guide to Staking Crypto
Crypto Staking Complete Guide

Stake and Earn: Complete Guide to Staking Crypto

August 25th, 2022 33 min read
What is a rug pull
Crypto Rug Pulls: How To AVOID Them and Keep SAFE!
What is a rug pull

Crypto Rug Pulls: How To AVOID Them and Keep SAFE!

August 13, 2022 15 min read