Hundreds of multi-sig wallets managed by Parity Technologies have been frozen as a result of a code vulnerability discovered earlier this week. This incident has locked at least $152 million in Ether tokens, much of which is funds raised for ICOs. Parity is one of the most popular wallet platforms, managing an estimated twenty percent of all Ether. The wallets affected are those created after July 20.
According to Parity, a bug was discovered that would enable an owner of a single signature wallet to use a function in the contract library code to take ownership of multiple multi-sig wallets. A developer investigating the bug enacted the function, and then “suicided” the original wallet. This move disabled all of the wallets involved. Parity insists that this act was accidental, and not malicious.
Multi-sig wallets tend to be popular with ICO projects because withdrawals require permission from more than one individual. Among the ICO projects affected in this case are Polkadot, which has an estimated $98 million in Ether frozen, and Iconomi, which has an estimated $34 million frozen. Both projects have stated that the locked funds will not prevent development. One ICO affected, Cappasity, has stated that it considers the wallet lock ups a deliberate act of fraud, and not an accident.
Unlocking the frozen Ether will not be easy. Although a number of solutions are being investigated, it is likely that a hard fork will be required, yet Parity spokesman Afri Schoedon has said the company will not push for one at this time. Schoedon has also said that there is “plenty of time” to resolve the problem, and has even indicated that a fix could be integrated into Ethereum’s upcoming Constantinople update.
The Ethereum community is already heavily divided over a potential hard fork solution. Many oppose the idea, as it will impact the entire blockchain for the benefit of a select few. Many opponents also consider a hard fork the equivalent of a “corporate bailout” of Parity. Supporters assert that allowing the Ether to be permanently frozen reflects poorly on the entire platform, and may cause potential users to embrace one of the several Ethereum competitors. The Ethereum Foundation has said little on this matter, but is unlikely to support a hard fork at this time. Founder Vitalik Buterin stated on Twitter that he is “is deliberately refraining from comment on wallet issues.”
This is not the first time Parity wallets have been compromised. In July a wallet vulnerability enabled thieves to steal $30 million worth of Ether. In fact, the bug that caused the current lock up was part of the patch Parity installed after that incident. Parity has established a website for its users to check if their wallets are among those affected.