The price of Ether tokens dropped significantly on Tuesday when a new vulnerability hit the Parity multi-sig Ethereum wallet and froze millions of dollars in funds. This is the second time in the year when such a flaw in the parity wallet has been detected. The first flaw back in July, where the Parity wallet was said to be breached and $30 million worth tokens were stolen. However, this time there is no stealing discovered, but a flaw in Parity has frozen tokens worth $150 million.
This threat has been rendered as “critical” by the developers and has paralysed all the multi-sig contracts in the Ethereum’s Parity wallet making them completely unusable. During the first time in July, when 150,000 Ether tokens were hacked, the white hat hackers on the other hand somehow managed to recover the amount by deploying a new library contract. However, a flaw was yet discovered in the new code which activated the library contract within the Parity Wallet and converted it into a regular multi-sig wallet.
While explaining the flaw, the Parity team in its blogpost said
“It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”
Currently, no funds can be over out of the multi-sig wallet and $152 million worth of Ether tokens are completely frozen. Startup Polkadot who has a substantial amount of digital tokens have reported that they were unable to access their funds.
While talking to IBTimes, cryptography consultant and bitcoin developer – Peter Todd – said :
“The security flaw really comes from the way the smart contract system is designed. All these contracts can break because they are all dependent on each other.”
With two vulnerabilities exposed pertains to the Ethereum wallet, there are serious question to be raised on the security features of the Ethereum blockchain backing the Ethereum cryptocurrency. However, experts believe that the developing team behind Ethereum is capable to overcome such challenges and resolve these issues.
Peter Van Valkenburgh, director of research at the nonprofit Coin Center, told IBTimes:
“There is certainly a whole lot of research, and security testing and auditing, and hardening, and better practices surrounding smart contract deployment on Ethereum that need to happen. But I’m pretty optimistic that it will happen. I think it’s a very vibrant community with some very talented people working on these problems.”
In a word regarding the latest expose of this vulnerability, a Parity spokeswomen told IBTimes :
“This is a learning opportunity, albeit a painful one, for our company for our collaborators and the community that stands with us. And we have to continue to work together to establish the processes and practices needed.”
Get latest Cryptocurrency news and updates on KryptoMoney.com