Parity has warned users that due to a mistake by code contributor devops199, the library needed to use the multi-signature wallet has been deleted. As a result, multi-signature wallets–the ones which need more than one signature to move funds–are now unusable.
This accident also triggered an old unpatched bug which has converted wallet contract into a standard multi-signature wallet and could enable the contents of a wallet to be erased.
“It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library,” according to Parity.
It’s worth mentioning that this issue affects the multi-sig wallets that were deployed after July 20. As per the estimation (Via: Engadget), there could be 1 million in ether locked away, which amounts to about $280 million.
This is the second time Parity’s security measures have found themselves under the radar. A couple of months ago, a major bug led to the theft of Ethereum of about $30 million worth.
This development highlights the underlying security issue that affects the wallets and their users. In other words, the security of your cryptocurrency is as reliable as the code that powers your wallet
No comments:
Post a Comment