An unknown amount of user funds on the ethereum network was frozen due to a code problem with the Parity wallet software.
The security flaw that activated the freeze was found yesterday in the second most popular client of the ethereum by a developer named "devopps199", who reported it for the first time on GitHub.
This vulnerability affects any Parity portfolio deployed after July 20th that uses the company's "multi-signature" feature. Under a multi-signature arrangement, more than one key is needed to initiate and distribute transactions.
Up to now, it is unclear how many of these portfolios have been deployed in this span of time and how much of the ether is currently blocked. According to data from EtherNodes.org, parity makes up about 20% of the network – and there are early indications that up to $ 100 million of ether (if not more) may be inaccessible in this moment.
This vulnerability follows another early year parity problem, where portfolios were hacked and $ 30 million of ether was stolen.
While the company was fixing this bug, another problem was still present in the code that allowed the exploit of today to occur. Speaking to CoinDesk, Devopps said that he was new to smart contracts and was following the logic of the old hack when he stumbled on the current problem.
"It's really simple, imagine that you were heading to a bank safe and that there is a button that says" Lock Forever "… [and] Someone accidentally pushes it, "tweeted the developer.
What's not so simple, though, is how to recover the frozen funds.
Some developers have speculated that a hard fork is the only way to solve the problem. But as ranges are a controversial upgrade mechanism – especially in the context of the ethereum – some in the community already "refuse" to run such an upgrade.
Meanwhile, Parity issued a statement in which it warns users to avoid creating new multi-signature portfolios, announcing:
"We advise users not to deploy other multi-sig wallets until the problem is resolved, and not to send an ether to portfolios that have been deployed and are in Use already. "
"Parity Technologies would like to assure everyone that we are analyzing the situation, and we will publish an update with more details shortly", the statement ends.
CoinDesk will continue to monitor this developing story.
Picture of security lock via Shutterstock
Leader in blockchain information, CoinDesk is an independent media company that strives to achieve the highest journalistic standards and adheres to a strict set of editorial policies. Do you have any breaking news or a tip to send to our journalists? Contact us at news@coindesk.com.