Someone ‘Accidentally’ Allowed $300M Worth of Other People’s Ethereum Funds To Be Stolen
$300 million worth of Ether – the unit of cryptocurrency used on the Ethereum platform –was stolen from dozens of digital wallets and is permanently locked up today because of one person’s mistake.
The Ether had been stored in Parity’s “multisignature” wallets when a GitHub user, “devops199,” came across a detrimental vulnerability.
According to a blog post released by Parity on Tuesday, the code that fixed the July bug contained another vulnerability. That vulnerability allowed a user known as “devops199” on GitHub, a site for developers to collaborate on open source code, to allegedly accidentally trigger a function that turned the contract governing Parity multisignature wallets into a regular wallet address and made him or her the owner. Devops199 then killed this wallet contract, or, as Parity put it, “suicided” it. This made all multisignature wallets tied to that contract instantly useless, their funds locked away with no way to access them.
If the story is true, it seems like Devops199 was jiggling door handles and when one door opened, they tried to close it and the whole house exploded.