100s Million USD of Ether lost with Parity: What, Why, How?!
Below is a full transcript of the video.
Welcome to today’s video, my name is Julian, one of the co-founders of TenX.
The Parity “Hack” or the Parity Attack or the Parity Wallet Malfunction is something that affected the entire ecosystem. Some companies more, some people more, some less. Fortunately, TenX did not have anything stored in a Parity multi-signature account. We are close to the Ethereum ecosystem, so this sort of affects us as well. There are many companies that we know of that are affected by this.
In this video, I want to talk about “Why did this happen, How did this happen, and what does it mean.”
Even though this is not directly related to TenX, it highlights certain thought processes with regard to security procedures and audits. While we did not know that this was possible, we did see some red flags. After the attack in June, they redeployed the Parity multi-signature feature. There were some problems, but before I go into the details, let me briefly provide some context. Ethereum has many different wallet providers. Gavin Wood, one of the original co-founders of Ethereum, is one of the people who founded the Parity project. Parity is written in Rust.
Some people attribute this to Solidity being a difficult language to code in, but I feel that one of the reasons why this occurred might be because of a lack of auditing. One important thing that I want to highlight is that Parity is not Ethereum. The challenges that plague Parity are not the challenges that Ethereum face. Currently, approximately half a million Ether, 150 million dollars, are stuck and cannot be moved.
Unless the entire Ethereum community decides to implement a hard fork and release these funds, they are lost for good. This problem does not lie with Ethereum. Parity is the one responsible for the stuck funds, and Parity is not Ethereum. Parity is a node, not Ethereum.
I feel that the ecosystem handled the situation well. Despite the problem, the price of Ethereum did not fall, but increased instead. This demonstrates the strength of the ecosystem, being able to withstand such an event.
How did this occur? Why did such a huge amount of money suddenly become stuck?
This is how it happened.
If you have a Parity multi-signature wallet, this wallet has a library that it needs to access. The library works similar to that of a smart contract. Somebody is the owner of the smart contract. The problem here was that the ownership was uninitialised. This means that there was someone who modified the contract. The person claimed ownership and deleted the library. This is what developers do. They look for bugs, they test things. Once this person deleted the library, but having the ownership, all of the wallets that require that library can no longer function. The question is, why was the smart contract not initialised?
This is very similar to the event in June, where the init function was set to “1”. This meant that anybody could just claim ownership. For some weird reason, something similar is happening. All these multi-signature features are still there, but nobody can move the money anymore because the library has been killed.
What is the solution?
The solution is to implement a hard fork and undo this, similar to how the DAO happened. There has been a lot of discussion on the internet. My personal opinion, and this is not the company’s opinion, is that bad code must die. While this incident may be unfortunate, at the end of the day, we need to make sacrifice for progress to occur. I totally understand that you might support a hard fork, but where do we draw the line? For example, Swarm city lost a lot of money in June to these hackers, why should they not get their money back? In my opinion, code is law, because otherwise we do not have to be part of the blockchain ecosystem.
Bad code must die. I truly believe this. Once again, this is my personal opinion, not the company’s opinion.
Let me know in the comments below, if you agree or disagree.
Lastly, how does this affect us at TenX, and why do we do videos on topics like this?
We care because it shows that how important great developers such as Gavin Wood and the entire Parity team are necessary for the blockchain ecosystem to succeed. By the way, if you are from Parity and you know how to code in Rust, we are looking for developers. I’m just kidding. Of course we would be happy to have you because we are always looking for talented individuals.
On a more serious note, it shows how important it is as a company to have good security processes, especially in an industry like Financial Technology. You always need to be aware of the possible scenarios and reflect on the best and worst case scenarios. I think TenX has done a great job navigating such pitfalls and facing such challenges. We are really proud as a company, because we have been pushing the boundaries. Everyone will make mistakes, and I think we have done a great job limiting our mistakes.
Let me know in the comments below if you agree or disagree with me, or if you have any questions.
If you are a Rust developer, reach out to us at jobs.tenx.tech, we would love to have you on our team. This is not a hiring video by the way, I just threw that in.
Please subscribe to our channel, we have more of these videos where we talk about TenX and the entire crypto ecosystem.
See you at the next video,
Yours Truly,
Julian
