Millions of dollars of funds are being frozen due to a critical vulnerability announced by the makers of the Parity multi-sig Ethereum wallet. The first original Parity breach discovered in July had caused $30 million of ether being stolen and this is the second flaw.
Parity Discovers Second Flaw in Five Months
After the developers Ethereum Wallet Parity announced the second critical vulnerability due to security flaw causing $152 Million to be frozen, the users are in a confused state. Hundreds of millions of dollars of ether are locked up and all multi-sig contracts are unusable. This has happened when Parity was trying to restore its reputation after the July’s hack where 150,000 ethers were stolen. White hat hackers helped to recover additional 377,000 ethers causing little relief.
To resolve the issue, Parity issued a fix deploying a new library contract after the hack occurred. But the new code contains another flaw that can convert library contract in the Parity Wallet into a regular multi-sig wallet. This can help an individual to take ownership of the wallet using initWallet function.
Multi-Sig Funds Frozen
The Parity team stated in a blog post describing the recent flaw as,
“It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”
The conclusion of the post states, “This means that currently no funds can be moved out of the multi-sig wallets.”
During the multi-sig hack that happened around July 19th, many high profile companies lost their ether. Aeternity, Edgeless Casino and Swarm City were among them. Swarm City alone lost over 44,000 ethers. Even though there are no confirmed reports about the ethers being stolen, the companies should worry the effects of hacking as wallet clients are the major source for infrastructure of the public Ethereum network.
The company discards the social media reports circulating the hack and describes the rumors regarding stolen ether as “speculative”. They are planning to investigate the issue currently and put forward a new update shortly.