Ethereum Wallet Vulnerability: Millions of Dollars Frozen


Ethereum is a promising blockchain tech which took off this year. Its value is also as promising as its technology. Currently, it is valued at around $28 billion and is also an excellent platform for Initial Coin Offerings (ICOs).

A lot of startups are turning to Ethereum for raising money. They are using smart contracts for this purpose. But, the problem here is the vulnerability in a popular wallet which puts hundreds of millions of dollars at risk.

Also read, Coinbase Hack The World Bug Bounty

Parity, the wallet we are talking about said that the vulnerability is in the code since July 20th. However, it was discovered just now. As a result of this vulnerability, “no funds can be moved out of the multi-sig wallets” which were created after July 20th.

Parity found about this issue when a user’s wallet was wiped out.

Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July. However that code still contained another issue – it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.

The company believes that the funds are frozen and can’t be moved anywhere.

There is no estimate that how much Ethereum is frozen, but at the time of writing this article, that amount is 500,000. It is equivalent to $150,000,000. The Ethereum bug is bad news for the ENTIRE Ethereum network. Not just ETH, but all tokens running on Ethereum.

After the news came out, the value of ETH dropped from $305 to $291 which is the lowest in the past two weeks. You can see the graph of price dropping below:


Parity is already working on fixing this and will release an update soon.