Up to $300 million in ether, the cryptocurrency on the Ethereum platform, was frozen Tuesday in a potentially catastrophic coding mistake.
The lockdown affects those using multisignature wallets – which require multiple parties’ consent as an added security measure – run by Parity Technologies and deployed after July 20.
That’s when Parity fixed a previous bug that allowed $32 million in ether to be stolen. But the new coding had a vulnerability that a user on the developer forum GitHub, who goes by the handle “Devops199”, apparently accidentally exploited Monday.
According to a security alert by Parity, that user “accidentally” triggered a function that allowed him or her to become the sole “owner” of all the post-July 20 multisignature wallets. “Subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”
It other words, once Devops199 realized what happened, he or she tried to delete the wallet contract, which froze them and made them unusable – and now the real owners have no way to access the accounts.
Vice’s Motherboard put it this way: “If the story is true, it seems like Devops199 was jiggling door handles and when one door opened, they tried to close it and the whole house exploded.”
It’s still unclear how many Ethereum users are affected, or how much ether may be frozen. But Parity reportedly constitutes about 20% of the Ethereum network, and experts estimate anywhere from $100 million to $300 million in ether is locked down.
Technically, the funds have not vanished or been stolen, and Parity said it is looking for a solution.
“Parity Technologies would like to assure everyone that we are analyzing the situation, and we will release an update with further details shortly”, the company said in a statement.
It also warned users not to open new multisignature wallets, or transfer ether “to wallets that have been deployed and are in use already”, until the issue has been resolved.
Ethereum is the second-largest cybercurrency, behind bitcoin, with a market cap of about $28 billion, according to CoinMarketCap. Ethereum prices fell almost 2% Tuesday.