SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
8 Nov 2017

A major vulnerability has frozen hundreds of millions of dollars of Ethereum

Today is not a good news day for Ethereum. A vulnerability found within a popular wallet has frozen potentially hundreds of millions of dollars of the crypto currency in a second setback in recent months.

Parity Technologies, the company behind widely used wallet service Parity, today disclosed an issue that could enable the contents of a wallet to be wiped.

The issue affects multi-sig wallets — a technology that uses the consent of multiple parties for additional security on transactions — that were deployed after July 20. In other words, ICOs that were held since then may be impacted. It’s a kicker because it is the second time in just a few months that a major Parity bug has been unearthed with potentially costly repercussions for Ethereum, which is the world’s second highest-valued crypto currency with a total market cap of over $27 billion. Back in July, a vulnerability in Parity led to 150,000 ETH (then worth around $30 million) being stolen. 

That bug was fixed July 19 — hence the significance of the July 20 date — but one positive element of that first scare is that many in the Ethereum community, and particularly those who have held ICOs, backed away from the technology in favor of alternatives. Even those who did use Parity may not have opted for the multi-sig wallet. But still it is a major security issue with wider implications. Parity explained that it found the problem when one user’s wallet was wiped:

Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July. However that code still contained another issue – it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.

The issue appears to center around the fact that the Parity Wallet operates as a smart contract. There are no immediate reports of lost or stolen coins, but already it is clear that a sizable amount of Ethereum is at risk. There are no immediate reports of lost or stolen coins, but already it is clear that a sizable amount of Ethereum is at risk.

Early estimates from UCL cryptocurrency researcher Patrick McCorry suggest that at least 600,000 ETH (worth around $150 million) is frozen. McCorry told TechCrunch said the total is likely to be higher still as more information about Parity usage and wallet volumes comes to light.

One high-profile company impacted is Polkadot, a project to link private-public blockchains that raised over $140 million in a token sale and was started by Parity co-founder Gavin Wood. Polkadot confirmed its wallets have been frozen and experts understand that 60 percent of its ICO raise is potentially affected. Parity continues to look into the problem. The company said on Twitter that it believes that wallets are locked. It added that projections for the amount of ETH impacted were “speculative”.

The price of Ethereum dropped on news of the vulnerability, falling from $305 to $291 to reach its lowest value for two weeks. What happens next on that scale may depend on how severe the vulnerability is, and what total portion of ETH is affected.

Tags:
information leaks
Source:
TechCrunch
1594
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015