Get yourself a crypto tee or surprise a crypto enthusiast in your life with our festive Coin Bureau Merch!
Parity Wallet Freeze Post Mortem
3 min read

Parity issues a Post Mortem on the Kill that Froze Millions

By Editorial Team

On the 6th of November, the Ethereum community was shaken yet again by disclosure that the Parity multisig wallet was hacked. A user was able to take over control of a number of wallets and once done, accidentally “killed” the smart contract library.

This resulted in about 513,774 ETH being frozen in the wallets and unable to be moved. No doubt an embarrassing development for Parity as there was a similar multisig wallet hack in July where parity wallet users lost close to $30m.

Yesterday, the team at Parity gave a detailed analysis into what happened in the incident and how the plan to secure their software going forward.

Early Warning Signs

Parity disclosed that there were already some suggestions to fix the vulnerable code prior to the incident. One user suggested on github that the company could consider some changes in their next update.

The user suggested that the library contract should call the initWallet function in the code. This could have prevented any outside agent from taking over ownership of the contract in question.

This was then incorporated into the constructor function but was not immediately rolled out. This was because it was viewed more as a “convenience enhancement”. The team at parity would have rolled it out with one of the regular updates somewhere down the line.

Although Parity claims that the “original foundation” multi sig wallet code had no security issues, the library contract which was built by copying and modifying that code still had the original self-destruct function. This was coded in order to effectively “retire” the wallet.

This lead to the following frank assessment from the parity team:

If the contract code had not included the functionality to suicide or kill, even if someone had taken ownership, they would not have been able to do anything. The kill functionality was a remainder of the original audited contract.

Working Hard for the Future

Although they had great regret at failing to implement the fixes, they did note that the code was also created and audited the Ethereum foundation dev team. The Parity team is now working hard on a number of Ethereum Improvement Protocols (EIPs).

One of these is the previously proposed EIP156 which now could incorporate a number of changes to stave off future security concerns. Parity says that they will handle alot of the development around these particular proposals.

Apart from these EIPs, there are number of other steps that Parity is taking in order to prevent something like this happening again. One of them is to suspend the ability to deploy the multisig wallets until they are fully confident that they are safe.

They also said that they will complete a “full-stack external security audit of all existing sensitive code” as well as make use of a well thought out deployment checklist for future smart contracts. They would also want to work on other languages for smart contracts and consider increasing their bug hunting bounty.

It is indeed encouraging to see the effort that has been taken by Parity to comprehensively change procedural protocol to avoid future incidents. However, whether users will once again be comfortable to store large amounts of ETH in their wallets is another question entirely.

Featured Image via Fotolia

Editors at large. Posting the latest news, reviews and analysis to hit the blockchain.
View all posts by Editorial Team -> Best Crypto Deals ->

Related Posts

FTX Exchange
Withdrawals not Halted at FTX: Instead Binance will Buy FTX
FTX Exchange

Withdrawals not Halted at FTX: Instead Binance will Buy FTX

November 9th, 2022 3 min read
OKX invests in WAX
OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX
OKX invests in WAX

OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX

June 3, 2022 2 min read
Binance partners with the weekend
Binance Partners with The Weekend to Provide First-Ever Web 3 Enhanced World Tour
Binance partners with the weekend

Binance Partners with The Weekend to Provide First-Ever Web 3 Enhanced World Tour

June 3, 2022 2 min read
21Shares Releases Sixth State of Crypto Report
21Shares Releases Sixth State of Crypto Report: Summary
21Shares Releases Sixth State of Crypto Report

21Shares Releases Sixth State of Crypto Report: Summary

June 2, 2022 3 min read
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand

Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand

June 2, 2022 2 min read
Regulators are “Not Allowing” Banks to Engage with Crypto
Bank of America CEO: Regulators are “Not Allowing” Banks to Engage with Crypto
Regulators are “Not Allowing” Banks to Engage with Crypto

Bank of America CEO: Regulators are “Not Allowing” Banks to Engage with Crypto

June 1, 2022 2 min read
US Conference of Mayors Introduces Blockchain Resolution
US Conference of Mayors Introduces Blockchain Resolution
US Conference of Mayors Introduces Blockchain Resolution

US Conference of Mayors Introduces Blockchain Resolution

June 1, 2022 2 min read