The $280M Ethereum bug

The biggest news in Ethereum this past week wasn’t good. Parity Technologies, a company that contributes to core Ethereum software, created “multi-sig” wallets that provision authority over funds across multiple people. Unfortunatley, they unknowingly created a bug in their code that locked in any ETH stored in Parity multi-sig wallets with no way to withdraw. Luckily, most people don’t use this type of wallet - most of the affected funds belonged to the Polkadot ICO (a Parity project) and ICONIMI, an Ethereum-based asset management platform. However, about USD $280m is currently locked on the blockchain because of this issue. Like the DAO fiasco of a year ago, there’s a debate about what should be done - should the funds stay locked away, or should there be a hard fork to unlock the ETH to their rightful owners? The latter option is the most likely, because Vitalik proposed a solution to this exact type of problem months ago, but nonetheless this is a powerful lesson in the importance of secure smart contract design. This was Parity’s 2nd major stumble, the first being the wallet vulnerability that cost $30 million this past July. 


Want to receive more content like this in your inbox?