Parity's $280m Ethereum wallet freeze was no accident: It was a HACK, claims angry upstart

And we have evidence to prove it, says biz stiffed out of $1m


A crypto-currency collector who was locked out of his $1m Ethereum multi-signature wallet this week by a catastrophic bug in Parity's software has claimed the blunder was not an accident – it was "deliberate and fraudulent."

On Tuesday, Parity confessed all of its multi-signature Ethereum wallets – which each require multiple people to sign-off transactions – created since July 20 were "accidentally" frozen, quite possibly permanently locking folks out of their cyber-cash collections. The digital money stores contained an estimated $280m of Ethereum; 1 ETH coin is worth about $304 right now. The wallet developer blamed a single user who, apparently, inadvertently triggered a software flaw that brought the shutters down on roughly 70 crypto-purses worldwide.

That user, known as devops199 on GitHub although has since deleted their account, claimed they created a buggy wallet and tried to delete it. Thanks to a programming blunder in Parity's code, that act locked down all wallets created after July 20, when Parity updated the multi-signature wallet software following a $30m robbery.


Parity calamity! Wallet code bug destroys $280 MEEELLION in Ethereum


One of those now-frozen Ethereum wallets belongs to Cappasity, a startup an online marketplace for AR and VR 3D models. It says it had 3,264 ETH in the knackered Parity money store, worth about $1m at current prices, and isn't likely to get the funds back any time soon. Cappasity amassed the Ethereum from punters buying ARtokens, which can be exchanged for designs when the souk launches later this year. The biz still has access to the Bitcoins it received for ARtokens.

Now Cappasity has alleged the wallet freeze was no accident: someone deliberately triggered the mass lock down, we're told, and there's evidence to prove it. By studying devops199's attempts to extract and change ownership of ARToken’s and Polkadot’s smart contracts, it appears the user was maliciously poking around, eventually triggering the catastrophic bug in Parity's software

"Our internal investigation has demonstrated that the actions on the part of devops199 were deliberate," said Cappasity's founder Kosta Popov in a statement this week.

"When you are tracking all their transactions, you realize that they were deliberate... Therefore, we tend to think that it was not an accident. We suppose that this was a deliberate hacking. We believe that if the situation is not successfully resolved in the nearest future, contacting law enforcement agencies may be the right next step."

This rather gives a lie to the idea that this was a one-off accident. Instead it looks as though devops199 was deliberately trying to break the multi-sig system and took a number of tries to do so.

While the Ethereum in the wallets is untouched, it's simply not accessible. Parity has yet to issue an update on its progress to recover the currency, and did not reply to requests for comment today. That's not making customers like Cappasity very happy. If someone calls the cops on this, quite how the police would handle the case is unclear, given the current levels of tech cluelessness displayed by law enforcement on matters technical. So don’t hold your breath on a speedy resolution. ?

Biting the hand that feeds IT ? 1998–2017

  • 321961289 2018-02-18
  • 776731288 2018-02-18
  • 9075261287 2018-02-18
  • 3005511286 2018-02-18
  • 867341285 2018-02-18
  • 2234581284 2018-02-17
  • 1507351283 2018-02-17
  • 4371991282 2018-02-17
  • 6759701281 2018-02-17
  • 5507351280 2018-02-17
  • 44561279 2018-02-17
  • 1884971278 2018-02-17
  • 8364991277 2018-02-17
  • 713261276 2018-02-17
  • 1284591275 2018-02-17
  • 7923611274 2018-02-17
  • 8609021273 2018-02-17
  • 7607231272 2018-02-17
  • 3146191271 2018-02-17
  • 587901270 2018-02-17