The $300MM Crypto Whodunnit
Well. It happened again. Another cryptocurrency disaster. $300+MM of Ether has been totally wiped out — lost forever — destroyed — gone. Why? The currency, held in digital, multi-signature wallets developed by Parity, was hit by a bug, of sorts. After Parity, the developer, notified the world that it was fixing a bug which allowed hackers to abscond with $32MM out of its wallets, it was hit again. This time, by accident.
There was a second bug in the Parity system. These multi-signature wallets are supposed to be governed by rules that require multiple users to enter their key before funds can be transferred. This is, in effect, like the two-man rule used to launch nuclear weapons, where multiple key holders must turn their keys in agreement. This is to keep, whether by accident or malicious activity, unintended destruction from occurring.
The second bug, caused by patching the original bug, according to the Guardian, “allowed one user to become the sole owner of every single multi-signature wallet.” devops199, the user who triggered the bug, wasn’t some hacker who executed on a sophisticated plan. Instead, he/she triggered the bug by accident — stealing hundreds of wallets accidentally. When devops199 tried to undo what they’d done, deleting the code which completed the transfer, they failed. Instead, they ended up locking up all the money permanently.
It seems the only way to undo the damage would be to push what’s called a “hard fork.” This would require the majority of Ethereum users to agree that the transaction never happened through a change in the code that controls the currency. This is critical, in part, because Ethereum is, behind Bitcoin, one of the hottest cryptocurrencies in the market. This is a situation to keep an eye on, as, given the size of the loss, it will be scrutinized heavily by organization’s considering the best ways to regulate cryptocurrencies in the future.