Earlier this week, as CCN.com reported, a bug in the Parity software of Ethereum was discovered, effectively freezing hundreds of millions of dollars in Ether as a consequence.
Initially, many speculative reports were made on social media, to which the Parity development team responded:
“Update: To the best of our knowledge the funds are frozen & can’t be moved anywhere. The total ETH circulating social media is speculative.”
Parity Team Releases Official Statement
On November 8, the Parity development team released an official statement regarding the bug as a critical security alert, announcing that large sums of ether from users storing “assets in a multi-sig wallet created in Parity Wallet that was deployed after 20th July” have been frozen and cannot be moved.
“We very much regret that yesterday’s incident has caused a great deal of stress and confusion amongst our users and the community as a whole, especially with all the speculation surrounding the issue. We continue to investigate the situation and are exploring all possible implications and solutions. Blockchain and related technologies are a vanguard area of computer science,” the statement added.
While the estimates of the number of funds frozen in multi-sig Parity wallets remain uncertain, cryptocurrency analysts have speculated the amount to be in the range of $150 to 280 million dollars.
What Was the Bug?
A user, who claimed to be “newbie” in the cryptocurrency sector, discovered a severe flaw in Parity, as the user took control of a smart contract which contained highly sensitive information including transaction instructions for many multi-signature wallets. The problem occurred when the user declared itself as the owner of the smart contract and disabled it shortly thereafter, effectively disallowing any funds from being moved or accessed.
Patrick McCorry, a cryptocurrency researcher at University College London, told Fortune in an interview that the only method of restoring the hundreds of millions of dollars that have been frozen in multi-sig wallets is to perform a hard fork to reverse the incident.
“The only way to ‘re-activate’ the smart contract is to perform a ‘hard fork’ that effectively reverses the work,” said McCorry.
Tuur Demeester, a prominent bitcoin investor, and analyst revealed that $90 million in Ether of an initial coin offering (ICO) of Gavin Wood has also been frozen, and the bug affected commercial projects apart from user wallets.
At this point, it is difficult to justify the Parity flaw as a bug or a vulnerability in the Ethereum software, as Ethereum co-founder Vitalik Buterin has always advocated the development and deployment of simpler and safer wallet contracts. Upon the disclosure of the bug, Buterin praised developers actively working to provide a secure infrastructure for Ether users.
Where Does Ethereum Go From Here
Previously, even up until late 2016, the Ethereum network had carried out four consecutive hard forks to solve memory outages and bugs within the Ethereum software. Optimistically, none of the funds that have been frozen have been stolen, and all of the funds will likely be restored with a hard fork execution in the upcoming weeks. It is important to understand that vulnerabilities can be fixed with updates and speedy recovery will allow the Ethereum network to become more resilient to such flaws in the future.
For Parity and the Ethereum Foundation, it is vital to react speedily and accordingly to the flaw found in the Parity software and provide a hard fork solution to reverse the freezing of large amounts of Ether.