Trouble in Ethereum: Bug Indefinitely Freezes $150 million of Users’ Funds
Parity, one of the main clients for the software on the Ethereum network, has had yet another issue with it’s multisig option.
Earlier this year, an estimated $30 million was stolen from their multisig accounts, though much of it was later returned by white hat hackers. And their updated version, which has been used since July 20th, is apparently not up to scratch either.
Bug Freezes Parity Multisig Accounts
Thanks to a bug in a smart contract upon which the new multisig relied, all operations on the multisig accounts have been rendered unusable. All except one, that is — you can still deposit. Parity multisig has essentially turned into Ethereum’s own Hotel California.
Or, as devopps199 eloquently phrased it:
It’s simple really, imagine walking up to a bank vault and there’s a button that says “Lock Forever”……. someone accidentally pushes it.
And who is devopps199? He or she is the individual who triggered the freezing of funds. And if you think this is a dastardly criminal mastermind who managed to exploit a hidden weakness and is just being modest…think again. It was just a seemingly new user experimenting with the kill operation on different smart contracts.
As it turns out, that’s all it took to throw $150 million into a virtual black hole.
devops199 public reaction upon realizing what they’d done?
The Markets React
The price of Ether took a gentle 3% tumble in the immediate aftermath, but appears to have avoided a more significant crash for the time being. But don’t lean back and crack a beer just yet:
The more significant effects may be yet to come as we see how Ethereum responds to the issue. The last time there was an issue this big was the DAO, and the Ethereum Foundation made the decision to roll back the chain.
This forced them to abandon any legitimate claim to the mantra “code is law”, resulted in the permanently splitting of the network into two parts as Ethereum Classic was born, and exchanges lost millions in replay attacks after being promised there would only be one surviving chain.
Strangely enough, the markets responded by Ethereum’s value moving up two orders of magnitude in the following year.
Another Bailout?
So Ethereum might need to bail out users, but risk another hit to their reputation, and another Ethereum chain. Or they can leave $150 million of their users’ funds stranded. Not good either way, and Vitalik Buterin has been tight-lipped about it.
Luckily this case seems somewhat less dire than the DAO incident. Because funds were frozen rather than stolen, and rollback doesn’t seem necessary, but the Ether could be redeemed more smoothly during the coming scheduled Constantinople hardfork. But whether or not that would be practical or prudent remains to be seen.
In any case, Ethereum’s social media community seems vocally divided on the issue.
And for those of you holding or looking for the next opportunity to jump in, it seems like as good a time as any to keep your ear to the ground.
