Parity Technologies, the developer of multi-sig wallets for Bitcoin and Ethereum , has issued an update on its investigation over the critical vulnerability that has resulted in 513,774.16 ETH, equivalent to approximately $161 million, being permanently frozen in its wallets.
Parity revealed that, while continuing to fix the bug, its efforts to undo the damage have not yielded any results thus far. Rather than returning the funds, they remain locked in those multi-signature wallets, with no way to access them.
A security alert was issued by Parity Technologies last week. According to the company, the code that fixed a previous bug in July had inadvertently left another vulnerability in its systems that allowed a single user to permanently lock down dozens of digital wallets.
“While the funds remain in the affected wallets, the wallets themselves are inaccessible,” Parity said in its latest update.
More specifically, a user known as 'devops199' on GitHub, a site for developers to collaborate on open source code, triggered the flaw, apparently by accident. The action turned the contract governing Parity multisignature wallets into a regular wallet address and made devops199 the owner, who then tried to kill this wallet contract, or as Parity described, "suicided it”. This made all wallets tied to that contract instantly useless, therefore their funds were locked away with no way to access them.
Now, some in the Ethereum community are considering the possibility of a risky hard fork to fix the problem. This effectively means that the majority of Ethereum users will be asked to pretend that devops199’s action had never happened. The risk is that many users are refusing the hard fork, resulting in a network split into two parallel groups.
One possible solution, which could be also implemented by means of a hard fork, is an Ethereum Improvement Proposal referred to as EIP156. However, Parity didn’t describe the details, stating: ”We have spent the last few days rigorously examining the events. While it is too early to decide on a fixed solution, EIP156 has been discussed for a significant time and has drawn support from various directions in the community. The team is working on a broadly accepted solution that will unblock the funds.”
Jutta Steiner, founder of Parity Technologies, also stated: “We deeply regret the impact this situation is causing among our users and within the community. We do ask that people get in touch with us if they have any uncertainties and to not believe the speculation circulating the media. We are endeavouring to find a solution as soon as possible and we would like to thank everyone for the support we’ve experienced so far.”
