Newbie Hacks Ethereum Parity Wallets for $150 Million.
Yesterday at 6th Nov 2017 02:33:47 PM a New user accidentally deleted library code for parity wallets rendering multi sig contracts unusable and funds trapped it is unknown at this time the extent or the fixs for and exchanges might be halting trading of Ethereum till more is known.
Check ParityTech on Twitter for updates https://twitter.com/ParityTech
Statement from Parity: paritytech.io
Security Alert
7 November 2017
Severity: CriticalProduct affected: Parity Wallet (multi-sig wallets)
Summary: A vulnerability in the Parity Wallet library contract of the standard multi-sig contract has been found.
Affected users: Users with assets in a multi-sig wallet created in Parity Wallet that was deployed after 20th July.
Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July. However that code still contained another issue - it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.
All dependent multi-sig wallets that were deployed after 20th July functionally now look as follows:
contract Wallet {
function () payable {
Deposit(...)
}
}
This means that currently no funds can be moved out of the multi-sig wallets.
We are analyzing the situation and will release an update with further details shortly.
Wait...
the parity wallet software (not ethereum itself) gave a user the ability to wipe out system wide libraries? WTF?? Given this was the second massive code failure for the team, I'd definitely stay away from anything "Parity Wallet" related.
Go Be Awesome!
be safe stay away from anything ethereum related there is hack after hack and price is massively inflated with the amount of ICOs under them.
I'm not disagreeing with you about keeping distance to be safe, but I think the word HACK in the title was way misleading since the article itself then goes on to say a Newb "accidentally" deleted the code in question. Hardly a hack, and There was no $150 mil theft as the title also implies. This was big news, the clickbaity title was overkill imho. But still, thanks for sharing it with us!
It is a HACK that occurred by accident or on purpose.
The $150 million is hacked and unusable i never said stole neither does title says the amount that was effected.
Definition of hacking:
Source:techopedia.com
yea.. thats stretching the word as far as possible i think. Accidental deletion is not a hack in my view. The funds are indeed frozen, and it is indeed possible that there is an actual hack in play here, but the implication from the text is that a user did it, by accident. Thats a flaw in the program code that would allow that to happen "accidentally" by a random new user.
how is it a stretch of the word?
access to areas of a system by any means is called a hack.
luckily it was a new user as a=had this exploit been known somebody with technical knowledge could have used to their benefit.
You never shut something down, because you knew how, before it hurt people? I can remember many times where I resisted the urge for easy profit, in the name of helping others keep their assets. ;)
what are you talking about shutting down and what do you refer to in resisting easy profits and helping others
I agree. As far as I can see (from my limited perspective on the subject) this affects parity wallet users and those who've written code or created tokens using the parity wallet.
Ethereum? I haven't found any indication Ethereum itself has any issues. Not even in the weirder places on the net. lol
this post details how ethereum funds are effected
http://www.trustnodes.com/2017/11/07/ethereums-parity-hacked-half-million-eth-frozen
This Does Not Affect ETHEREUM
it only affects tokens which have been created USING the Parity Wallet client. The ethereum which backs the affected tokens is perfectly fine, the ethereum network/blockchain is perfectly fine. The Parity Wallet developers are in pretty hot water right now.
effects $150 million so is not a small problem
This Doesn't Look Like an "Accident" or "Newbie" Event
I'm guessing there's a more than 50% chance this was done on purpose, by someone who knows the Parity Wallet code...
he deleted library code making the ethereum unusable
Had they the knowledge of Parity code would have stolen funds and not lost their own.
Exactly what portion of Eth users are/would be effected by this? I dont use ETH much, only when necessary in trades and even then I just use a Jaxx wallet. So I'm not really familiar with how interconnected this Parity wallet thing is within the ETH ecosystem.
Maybe you could explain?
its a wallet for multi sig contracts usually ICOS for more details check there site https://paritytech.io/
A Chunk of Ethereum, Already Connected With Tokens, Will Not
be moving until the developers of the parity wallet code (which was used to issue the tokens) fix their issue and unlock the tokens.
In Short
the ethereum which was already locked away for use as tokens, is still locked away for use with tokens. The parity wallet team needs to figure out how to get things moving again.
Go Be Awesome! :)
Funds are trapped and parity team dont know if can be fixed
Unless stealing was not their intent. And losing a single token? Where is this a tragedy? Unless I'm missing where some vast ethereum amount is now gone?
the user did by accident,
$150 million funds effected,
not gone but not usable.
$150 Million which did not belong to them, so no personal loss.
it was a loss for holders and investors
Ethereum is by far , IMHO, the most ambitious but very innovative technology, it's such a shame it is surrounded by incompetent developers. Are we expecting another DAO stupidity here? :(
Maybe but sometimes aims are to high at the expense of security.
No funds in Parity wallets are currently inaccessibly to anyone.
Hahahahaha the banksters own crypto is doomed, especially if another rollback occurs :)
You have collected your daily Power Up! This post received an upvote worth of 0.67$.
Learn how to Power Up Smart here!
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by isacoin from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews/crimsonclad, and netuoso. The goal is to help Steemit grow by supporting Minnows and creating a social network. Please find us in the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.