The second most popular Ethereum client, Parity, has been exploited earlier today and 500.000 Ethereum has vanished into thin air. Again.
UPDATE: The user who hacked the smart contract claims he can't even code
That includes the Polkadot ICO multisig wallet and may consist of many others totaling around 500,000 eths, worth $150 million, according to early reports.
“Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July,”
Parity says before adding:
“However that code still contained another issue – it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”
The code library, a sort of collection of code templates, was a smart contract itself. That has now been wiped out, and with it, the code functions too. That, in turn, means that multi-sig wallets (addresses that require two or more private key signatures to move) are blacked out. So the funds can't be moved because you no one can “talk” to the wallets.
Or at least that’s what is known at this stage as the story is developing with further information to come in due time, but the looming question now is whether to fork or not in order to unblock the funds amounting to $150 Million USD dollars as stated earlier.
Ethereum forked again, in 2016 after the then biggest smart contract (DAO) was hacked.
Is Ethereum falling apart? Investors confidence does not seem to be shaken for now, with the price having a 24hour normal movement.
All Parity multi-sig wallets deployed after 20 July are affected by this latest exploit, with some users going as far to suggest that this is a nonreversible situation except for a fork. Just a few months ago, ethereum client Parity lost $30 million after being hacked.
Parity has issued an official alert on the matter.
Although scaling is a huge issue in Ethereum as proven by the huge ICO rise in the last months, contract security remains a much bigger one.