Monday, November 13, 2017 by Ethan Huff
A buggy blockchain appears to have been responsible for the recent accidental loss of more than $300 million worth of “Ether” cryptocurrency, new reports indicate. It was actually a series of bugs that supposedly led an Ethereum developer to mistakenly take control of and permanently lock up – vanishing into thin air! – this mass of digital funds, highlighting a serious flaw with the digital currency’s integrity, at least when stored in the distributed Ethereum system.
Unlike most cryptocurrency hacks that have been reported in recent years (including those associated with Bitcoin), this one is not said to have been intentional or malicious in any way. It was a simple mistake – and yet one that has created major turmoil amongst cryptocurrency holders everywhere who are now questioning whether or not their funds are truly safe when stored in online digital wallets such as Ethereum, which clearly has some serious problems.
In this case, Ethereum’s digital app platform, which was built by a developer known as Parity, failed to keep Ether funds from being unintentionally eliminated due to human error. In fact, the developer’s “panicked” efforts to salvage the funds by returning them back to their rightful owners only made the problem worse.
As the whole fiasco was taking place, hackers apparently entered the system and stole about $32 million worth of the misplaced coins from several of the multi-signature wallets, which is bad enough on its own. But in the process of the developer trying to remedy the problem, a second flaw was exposed that resulted in one user becoming the sole owner of every single multi-signature wallet on the platform.
“The user, ‘devops199,’ triggered the flaw apparently by accident,” writes Alex Hern for The Guardian. “When they realised what they had done, they attempted to undo the damage by deleting the code which had transferred ownership of the funds. Rather than returning the money, however, that simply locked all the funds in those multisignature wallets permanently, with no way to access them. …
“Effectively, a user accidentally stole hundreds of wallets simultaneously, and then set them on fire in a panic while trying to give them back.”
This seems to be a trend with Ethereum. There have been numerous flaws and bugs exposed in the system over the years that developers have attempted to “fix,” but every time they do so, it almost always seems to expose several more that result in even worse outcomes, such as occurred two years back when $150 million worth of Ether was stolen as part of a vulnerability hack.
In this instance, the Ethereum platform was put on what’s known as a “hard fork,” which while successful hasn’t stemmed the tide of problems for the cryptocurrency platform. The recent accidental theft of the $300 million in Ether is what exposed the July bug that led to the $32 million in Ether being stolen by a hacker, which prompted what reports call a “marathon coding and hacking effort” to fix the problem. And yet it was this “fix” that led to the most recent loss of the $300 million in Ether.
“The Parity vulnerability was the result of an incorrectly coded smart contract used by the Parity wallet to store tokens on the Ethereum network,” stated Dominc Williams, founder of the blockchain firm DFINITY.
“The vulnerability made it possible for anyone to ‘freeze’ the tokens held by that smart contract, making them immovable. At this time, the only method we are aware of to ‘unfreeze’ tokens held by the vulnerable smart contract would be to create a new ‘hard fork’ Ethereum client that deploys a fix. This would require every full node on the Ethereum network to upgrade by the date of the hard fork to stay in sync, including all miners, wallets, exchanges, etc.”
Sources for this article include: