Critical bug in Parity Ethereum wallet freezes $285 million

Parity Technologies (Parity Wallet) notified the users that multi-signature wallets created after July 20 are experiencing a critical bug that makes it impossible to transfer funds out of affected wallets.

The issue was exploited by a regular user who tried to exploit a flaw in the source code, randomly removing crucial library code in the process, as it seems unaware of the consequences.

This issue comes after another Parity issue from earlier this year, where wallets were hacked and $30 million in etherum was stolen. While Parity Technologies fixed that issue, another issue was still existing in the code that enabled for today’s exploit to occur.

According to Parity developers:
“it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”

The company promised that it will release an update with further details shortly.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients