Picture of Parity Multisig wallets security alert: A random story of a newbie accidentally pushing a red button.

I’ll try to keep everyone updated as much as possible but I’m flying today.

Please keep in mind — this bug or security alert has nothing to do with Ethereum. To make it very simple: all wallet contracts became instantly frozen by targeting a “dead” shared library 😣

I’ll stick to the high level of the security alert for keeping everyone into the loop.

Update 07/11/2017: Since I have published this post — already several posts are now covering the deep technical aspect of Parity security alert. Great one:

Santiago Palladino (from zeppelin): https://blog.zeppelin.solutions/the-parity-wallet-hack-reloaded-91bbfa5e510c

Shivhari Shankar (from SpringRole): https://blog.springrole.com/parity-multi-sig-wallets-funds-frozen-explained-768ac072763c

The “Hacker”

Screenshot to get a better understanding of the entire story (from Parity Gitter chat)

The unidentified person (#devops199 😌) basically just said that he has accidentally just froze millions of $ in a single line of code. The exact number has to be verified but we are talking about at least 151 addresses total with 513,743 ETH frozen. Polkabot ICO + Web3 Foundation team apparently.

Parity official statement: https://paritytech.io/blog/security-alert.html

Gav: “it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function.”

It sounds like a cartoon about someone accidentally finding a red button and pushing it for fun.

#Devops199 also posted a bug on parity saying: “anyone can kill your contract” with proof of the security alert. (https://github.com/paritytech/parity/issues/6995)

“I accidentally killed it” with a link to the consumed bullet: https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4

Web 3 Foundation

Official statement from Web 3 Foundation (https://medium.com/web3foundation/web-3-multi-sig-wallet-update-245d30df0fb3):

It’s better to discover this mistake sooner than later but still…