Earlier in November, a digital bug in online wallets left more the $160-million worth of the Ethereum cryptocurrency frozen in time. The wallets were maintained by Parity Technologies.
But, after an analysis of the situation, the company could confirm that it was first made aware of the vulnerability, three months before the incident. After a major hack, Parity released updates to its code for multi-signature wallets, on 20 July.
During the release, the company failed to spot a vulnerability which a developer later triggered by accident. The developer was only known as devops199. The incident left all multi-signature wallets which were created after the update on complete lockdown.
It was estimated at the time that $280m-worth of Ethereum had been lost, possibly forever. But the company have now said that some 587 wallets holding 513,774.16 coins were compromised. The coins totaled around $162-million.
Ethereum, a blockchain-based distribution platform is specifically made for smart contracts. Many users opt for Multi-sig wallets as they require multiple approvals for any money to be transferred or moved. And like Bitcoin, Ethereum is only used online.
In a statement this week the company said that it was first warned of the potential exploit in August. Despite a recommendation from a coder that the wallet should be renamed so that it is not used, the company considered the move to be a convenience enhancement.
According to Parity, the company interpreted the recommendation as an enhancement and the changed code was to be deployed for a future update. Unfortunately for investors, the update didn’t come in time.
The company also said that the exploit could have been avoided. Many avid cryptocurrency community members expressed their disbelief when Parity missed the coding error. One user stated that it is easy to be smart in hindsight. He added that these were huge design errors.
He also could not understand how the error could have passed reviews in the architecture phase. Another user added that the problem was that the library had blatant non-library-like features. The user added that it was not only bad design practice but it was massively and obviously wrong.
He said the fact that it was deployed and used showed fundamental problems with the process which was used. He blamed “pretty much everyone involved”. Adding that things like this often go beyond just a specific bug.
As of Friday, the funds remained frozen. And, Parity assured its users that it was working on a solution. In a statement, the company said that it had reached out to affected users. It also took cognizance that the issue has caused distress about any future projects and funds. It said that it was working hard to find feasible solutions.