Major Software Vulnerability sees Hundreds of Million Dollars Frozen in Ethereum Most Popular Wallet
Nov 11, 2017 Posted / 1490 Views
In a period of only five months parity wallet has discovered two major security flaws in it's software with direct linkage to risks of financial losses. In July a breach in the wallet caused a major loss of around $30 million in funds stored in the wallet. Recently Parity reported it has discovered yet another security risk in the wallet describing it as a critical risk making the company freeze all funds in the wallet. The announcement came at a bad time for the company as it is still fighting to restore it's reputation following the July hack on it's wallet whose impact was only reduce by the intervention of the white hat hackers who recovered about 377000 of stolen Ethers.
Following the mega hack parity developed a new software update aiming to fix the loophole in the wallet security. The update deploys a new library contract which resolved the issue for a short time till another bug was discovered on the new update. The update contained a major flaw in its code allowing the new library contract put in place to be converted into a regular multi-sig wallet resulting into an individual taking over the entire wallet using the initwallet function.
With rumours that millions of user funds stored in the wallet could have once again been stolen, Parity rushed to inform it's customers that it froze all the funds in the multi-sig wallet. According to a Parity Blogpost the company highlighted that the issue could have been accidentally triggered on 6th.Nov.2017 at around 02:33:47 pm +UTC time rending the library unusable. The post continued to explained the the event implies that no funds could be moved out of the multi-sig wallet. Wallet users are now questioning the ability of the parity team to protect their funds following the constant issues the wallet provider is suffering. An sympathizer with the Parity wallet posted in response to the news saying,
“Card not present error. Happens all the time in the old system, some `8 billion/yr. A little more complicated in this case, for sure. We are stuck until the industry, all the Fintechs, decide to invert security. Secure data is where no humans are allowed, only validated bots. Human operators are not even allowed to control the exchanges, only validated pit boss bots whose process is known. The entire exchange is then validated by Intel SGX protection to the core, secure data only accessible via direct exec calls that drop into protected code. Code is protects from any memory mapping whatsoever, access is via function calls inside the protected zone. ”
Following the announcement of this major flaw in the parity wallet security prices in the Ethereum market is reducing. The price of Ethereum dropped from $305 to $291 reaching the the lowest value in two weeks period. The market behavior following after will depend on the actual impact of this vulnerability on the overall percentage of Ethers affected. Lots of user comments are pouring on social media following the event that befell Parity. With users showing mixed reactions upon the event some people say it's a general problem within the Fintech industry while others believe its a lack ability by Parity to protect it's wallets.
Insecurity and constant attack brought about by reversed Engineering by Hackers is making the adoption of cryptocurrency hard within many financial Entities.
Applancer is an open platform for discussion on all things like Blockchain , Cryptocurrency and Ico news updates. As such, the opinions expressed in this article are the author's own and do not necessarily reflect the view of Applancer .
Hottest Blockchain Newsletter
For updates and exclusive offers, enter your e-mail below.