The big news of Tuesday night is that the Parity wallet has been exploited once again. It is the second time the second-most popular Ethereum wallet has suffered from such a big issue. Around half a million ETH is currently frozen due to this bug. It is not a good sign for the Ethereum ecosystem by any means. However, it is doubtful we will see another bailout by the developers at this crucial stage.
It is always easy to point blame in one direction or another. While finger-pointing won’t help anyone, it is also necessary to point out how issues like these are caused in the first place. Parity is one of the more popular Ethereum wallet clients to date. Surprisingly, it has dealt with two major exploits already, the latest of which is of grave concern. With around half a million ETH currently locked up as a result, things aren’t looking all that great by any means.
Unfortunately, our multi-sig is among those frozen. @ParityTech is working on the situation and will provide updates when available.
— Polkadot (@polkadotnetwork) November 7, 2017
As one would expect, this news affects ICOs as well. It seems the Polkadot ICO, for one, has had its funds frozen. It is unclear how big the total damage will be, as there are still reports coming in. All of this goes to show that Ethereum is a technology not suited for mainstream usage in its current form, as some issues still need to be worked out. This is to be expected in the early stages of development, though.
Trive CEO David Mondrus commented on this ordeal as follows:
“While Ethereum is a great language and platform, it’s important to remember that it’s still very early in its development and issues like this will arise. Diversification of funds, people, technology, and locations is key.”
This latest critical vulnerability was first discovered by Jincor CTO Andrey Degtyaruk, according to our sources. It is evident a lot of people are all too aware that bad things can happen to Ethereum users and wallets on a moment’s notice. Although bugs like this one are pretty rare, they certainly highlight some of the critical issues in the underlying infrastructure. For its part, Parity has issued its two cents on the new vulnerability and how it plans to move on from here.
According to the team, anyone with assets in multi-sig wallets deployed after July 20th may have suffered from this bug. The new Parity client deployed on this date included a fix for another multisignature issue reported a day prior. Someone has triggered this new exploit – probably accidentally – and made all multisig contracts unusable. It is impossible to move funds out of the affected contracts for the time being. A new update to fix this issue should be released soon, even though no official ETA has been provided yet.
Some users are already speculating that the Ethereum developers will have to perform another DAO hard fork to resolve this problem. It is still too early to say that is the only viable course of action at this stage. Assuming there is no other option, however, rolling back the blockchain for the second time in a few years would send major shockwaves throughout the Ethereum community. After all, the Ethereum blockchain already has a precedent for not being immutable whatsoever. For now, it is up to the Parity team to come up with a less invasive solution than a rollback.