Accidental Ethereum Wallet Freeze Was Actually Deliberate – One of the Victims Claims
News of over $300 million in ETH going frozen thanks to a flaw took the industry by a storm earlier this week. A user named Devops199 had claimed responsibility for triggering a critical security vulnerability in a Parity multi-sig wallet paralyzing all wallets that were created after July 20th. While Devops199 had said that they had triggered this bug accidentally, at least one company has suggested that it was no accident.
Yet another ETH drama - what exactly happened
The problem stems from another bug that was discovered in July and during its fix a new flaw was left in the code. "Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July," Parity wrote in its advisory. "However that code still contained another issue - it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function."
Around 584 wallets have been affected, however, their total amount is unknown. Private researchers have put the affected amount in ETH anywhere from $150 million to over $300 million, but Parity has called this figure speculative. It is expected that most of the affected wallets belong to companies as multi signature wallets are predominantly used in the corporate world as they add extra security of only confirming transactions after multiple verifications.
After the news broke, Devops199 came forward suggesting that they accidentally triggered the bug. Following the reports, the user was even worried on GitHub if there would be any involvement of law enforcement.
— sven laepple (@laepple) November 7, 2017
Devops199's involvement - deliberate or an accident?
In an email to Wccftech, Cappasity - a platform for 3D/AR/VR content production and exchange - says that Devops199's actions may not be accidental. The company's wallet was one of the affected as it was frozen due to the multi-sig vulnerability. "Our internal investigation has demonstrated that the actions on the part of devops199 were deliberate," the company writes, mentioning the number of calls executed by the user.
On Nov-06–2017, at 04:02:51 PM +UTC, they tried to call execute (address _to, uint256 _value, bytes _data) of ARToken’s smart contract: Etherscan.io
The same user (Nov-06–2017 04:01:46 PM + UTC) called execute(..) of Polkadot’s smart contract, its frozen funds account for more than $90 million in total.
The day before: the functions changeOwner (address _from, address _to) and kill (address _to) were called.
"When you are tracking all their transactions, you realize that they were deliberate," the statement says. "Therefore, we tend to think that it was not an accident."
We suppose that this was a deliberate hacking.
It is too early to suggest if these actions were indeed deliberate since Parity is yet to comment on this development. However, Cappasity added that contacting law enforcement agencies will be the right next step "if the situation is not successfully resolved in the nearest future". Devops199's account has since been deleted.
- We have contacted Parity and will update this space when we receive any response on this. If you think your wallet might have been affected, confirm it here.