$300 million worth of the cryptocurrency Ethereum has been almost definitely lost forever. The losing of the currency was accidental and due to a bug in a digital wallet.
The Ethereum cryptocurrency has been lost after a series of bugs in a popular digital wallet service led one curious developer accidentally taking control of and then locking up the funds, according to reports.
The user, “devops199”, triggered the flaw completely accidentally. When they realized that they had taken control of the ether of other, they attempted to undo the damage by deleting the code which had transferred ownership of the funds. Rather than returning the money, however, the program simply locked all the funds in those multisignature wallets permanently, with no way to access them. “This means that currently no funds can be moved out of the multi-sig wallets,” Parity says in a security advisory.
Unlike most cryptocurrency hacks, however, the money wasn’t deliberately taken: it was effectively destroyed by accident. According to the Daily Mail, the lost money was in the form of Ether, the tradable currency that fuels the Ethereum distributed app platform, and was kept in digital multi-signature wallets built by a developer called Parity. These wallets require more than one user to enter their key before funds can be transferred.
On Tuesday, Parity revealed that, while fixing a bug that let hackers steal $32m out of few multi-signature wallets, it had inadvertently left the second flaw in its systems that allowed one user to become the sole owner of every single multi-signature wallet.
“We are analyzing the situation and will release an update with further details shortly,” Parity told users. Parity says that it is unable to confirm the exact amount lost and that the $300 million figure is “purely speculative”. The company also disputes that the currency is “lost.” They are arguing that the term “frozen” is more accurate. But if it is frozen, it appears that no-one has the ability to unfreeze the funds and there seems to be no resolution in sight.
“The Parity vulnerability was the result of an incorrectly coded smart contract used by the Parity wallet to store tokens on the Ethereum network,” said Dominic Williams, founder of blockchain firm DFINITY. “The vulnerability made it possible for anyone to ‘freeze’ the tokens held by that smart contract, making them immovable. At this time, the only method we are aware of to ‘unfreeze’ tokens held by the vulnerable smart contract would be to create a new ‘hard fork’ Ethereum client that deploys a fix. This would require every full node on the Ethereum network to upgrade by the date of the hard fork to stay in sync, including all miners, wallets, exchanges, etc.”