The world of cryptocurrency can be a volatile place, and not just in terms of the value of virtual coins, as a fresh blunder with Ethereum has illustrated, leaving hundreds of millions of dollars in limbo.
An estimated $280 million (around £215 million) of the virtual currency – the exact amount is unclear at this point – has been frozen following an issue that affects multi-sig wallets with the Parity service (those are wallets designed for organizations which require more than one signature, hence the name multi-signature).
The problem occurred thanks to a vulnerability in the multi-sig wallets introduced when a new version of the Parity Wallet library contract was implemented back on July 20. Ironically, this was a fix for a previous issue affecting multi-signature wallets.
Apparently this flaw was triggered thanks to a mistake made by an unidentified code contributor.
Suicide is painful
In a ‘critical security alert’, Parity explains (opens in new tab): “It would seem that issue was triggered accidentally 6th Nov 2017 and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”
The upshot of this is that no funds can be withdrawn from the affected multi-sig wallets.
In yesterday’s statement, Parity notes that it is currently analyzing the situation, and will provide an update ‘shortly’; so perhaps today. And hopefully with a solution that will ease the fears of those with affected wallets.
Even if a swift and solid solution is found, these sort of incidents damage the reputation of virtual currency for obvious reasons.
Via: Engadget (opens in new tab)
Top image credit: BTC Keychain (Flickr) (opens in new tab)
- We've rounded up the best mining GPUs of 2017