https://www.gizmodo.com.au/2017/11/...ys-391-million-worth-of-ether-cryptocurrency/ Thanks to a string of screw-ups and bugs, an unsuspecting developer recently took possession of an estimated $US300 million ($391 million) worth of the Ethereum cryptocurrency by accident. In an attempt to give back the money, however, the poor guy ended up locking up the funds permanently. In effect, that money is just gone. So, this sucks for everyone. And obviously, hackers started the trouble. Parity, the cryptocurrency wallet service at the crux of this trainwreck, was recently hacked and robbed of $US32 million ($42 million) worth of Ether. In an attempt to patch the vulnerability and prevent hackers from stealing more, Parity accidentally introduced a new bug that affected multi-signature wallets. (These are wallets that, as the name implies, require several people to enter keys before funds get transferred.) Ether is the second largest cryptocurrency - second only to Bitcoin - so this number of wallets amounted to a very large amount of internet money. Then things really got turned upside down. While Parity hasn't explained exactly how, a user called "devops199" mistakenly triggered the bug and took control of all multi-sig wallets. This screenshot of someone with the devops199 handle has been circulating on social media, and if it's the real user, they seem completely perplexed: In the end, devops199 tried to reverse the process that was triggered by the Parity bug, but that simply destroyed all of the funds. More specifically, the bug caused a chain reaction of events that locked all multi-sig wallets in such a way that they can't be unlocked. In a security alert, Parity confessed about the situation, "This means that currently no funds can be moved out of the multi-sig wallets." While some report the amount locked is upwards of $US300 million ($391 million), others estimate that it's as low as $US154 million ($201 million). Regardless, a lot of money. This all reads like a Greek tragedy of cryptocurrency carelessness, down to the pun in the name "Ether". There might be a third act, too. As The Guardian reports, it's possible that Ethereum users could agree on a "hard fork" by "by effectively asking 51 per cent of the currency's users to agree to pretend that it had never happened in the first place". This worked well a couple of years ago when $US150 million ($195 million) of Ether was stolen, though there's no guarantee it would work this time. But that's the crypto life, baby. One minute no money exists, and the next minute, the money's there. Wait another minute, and it's gone again. Why needs government backed currency when volatility is so much fun?
wow! Quick question, if ether or bitcoin is 'lost' and can never be recovered doesn't that dimish the supply of that crypto? Isn't this a 'good' thing once they get their security issues sorted?
its not lost, just locked however not so easy to unlock. ethereum could include a fix in their upcoming constantinople release and everything is back to normal.
Surely everyone (presuming this "BUG" has affected hundreds or thousands of wallets) will all get their money back. If they dont, ETH is finished, who in the right mind will keep ETH if a future unknown BUG could mean you lose all of it, especially considering it seems someone knows how much each wallet contains. Neverthless it would sux if you needed the money now.
This is why you have a development environment, a QA environment and a staging environment before you push changes out to the production environment that is the actual place where the actual users play for keeps. For anyone wondering why it's taken so long to build the system for instant bank-to-bank transfers, not permanently freezing $300 million by making code changes on the fly is one of those stuffy, old-school ways of thinking that some bureaucrat wrote into the system specifications.
Why people would even still be using parity after the last disaster when there is an official ethereum wallet is beyond me...
because nobody else has created a secure multisig wallet? most people in this thread dont understand the issue, let alone the difficulty level to actually code this stuff. agree parity should be better at their code reviews.
good response from web3 foundation on the issue and why they chose the parity multisig wallet https://medium.com/web3foundation/an-update-on-the-web3-foundation-d905128f15a9 hope you all managed to invest in polkadot before it closed.