How burn "accidentally” $269 million worth Ethereum

in #ethereum6 years ago

This now infamous statement, written by a user under the pseudonym Devops199 on November 6th 2017, began the cold drama of how over US $300 million in assets were frozen. The victim: Parity’s Multi-Sig smart-contract library on github.

However, it is notable that up until now there is still no solution for the rescue or resurrection of the frozen money. Parity was initially pushing for a hard fork but now seems to back away from this solution after loud protests from the community.

Who hacked it?
Some guy with a nickname @devops199 (not a member of the Parity team) and an “empty” github account. His Ethereum address is 0xae7168Deb525862f4FEe37d987A971b385b96952 and he has successfully verified it.

How @devops199 hacked it?
All Parity Multisig wallets use single library at 0x863DF6BFa4469f3ead0bE8f9F2AAE51c91A907b4
Library contract was not initialized properly. That allowed anyone to become its owner and selfdestruct it.

@devops199 “accidentally” called initWallet() method to own the library https://etherscan.io/tx/0x05f71e1b2cb4f03e547739db15d080fd30c989eda04d37ce6264c5686e0722c9

@devops199 “accidentally” called kill() method to selfdestruct it https://etherscan.io/tx/0x47f7cff7a5e671884629c93b368cb18f58a993f4b19c2a53a8662e3f1482f690

As a result, ALL Parity multisig wallets became useless. If you had any funds or tokens in the Parity multisig -> they are frozen forever (not yet an official position of Parity or Ethereum team, but mine) and you won’t be able to withdraw anything out of it.

N.B.: There are many other multisig wallets (simple contracts or with DApp frontends) that you can use instead. Just never ever use Parity multisig again.

Funny staff he also write "i accidentally killed it." in github comment.

Sort:  

Hi @korsandoro, I'm @checky ! While checking the mentions made in this post I noticed that @devops199 doesn't exist on Steem. Maybe you made a typo ?

If you found this comment useful, consider upvoting it to help keep this bot running. You can see a list of all available commands by replying with !help.

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://medium.com/chain-cloud-company-blog/parity-multisig-hack-again-b46771eaa838