Wednesday, November 8, 2017

Crypto News: Ethereum Wallet Parity Hit by Second Critical Vulnerability – $150+ Million Frozen

Ethereum Wallet Parity Hit by Second Critical Vulnerability – $150+ Million Frozen

Users of the popular Parity Ethereum wallet have been left reeling after its developers Ethereum Wallet Parity Hit by Second Critical Vulnerability – $152 Million Frozenrevealed the discovery of a security flaw. The threat, which has been described as “critical”, renders all multi-sig contracts unusable and has locked up hundreds of millions of dollars of ether. The news couldn’t have come at a worse time for Parity, which has been battling to restore its reputation following July’s embarrassing hack which led to at least 150,000 ethers being stolen. The original theft would have been worse were it not for the actions of white hat hackers who helped to recover an additional 377,000 ethers.

Following the hack, Parity issued a fix for the exploit, deploying a new library contract that was meant to resolve the issue. It’s now transpired that the new code contained another flaw which enabled the library contract in the Parity Wallet to be converted into a regular multi-sig wallet. As a consequence, an individual was able to use the initWallet function to take ownership of the wallet.

In a blog post explaining the latest flaw, the Parity team stated:

"It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library."


Full story at http://bit.ly/2jey52Q


Source: Bitcoin News


Tweet This Story

 

 

 

Donation:
If you appreciate the things I share, consider making a contribution
no matter how small via PayPal or with TransferWise (EUR).
If you use Waves my wallet address is: 3PPeCnXEDAiRVzvsuGRycrNDHhWgDq68uVt
If you use Bitcoin my wallet address is: 12pAsyMdZoTHPvkiRAZiuQhC8bF4DLbYpQ

Bitcoin QR-Code

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Copy and paste this code into your pages.