An accidental coding mistake has led to an estimated $280m worth of the cryptocurrency ethereum being frozen.
An unidentified user accidentally locked up recently-created digital wallets within Parity — a popular digital wallet provider — by deleting the code library required to use those wallets, according to a security alert posted to Parity Technology's blog.
The freeze impacts all ‘multi-sig’ wallets created on Parity after July 20. That’s when Parity fixed a previous bug that allowed $32m in ethereum to be stolen.
Multi-sig wallets — multiple signature — are popular with cryptocurrency start-ups because they require more than one person to agree before any currency gets moved around. It's a safeguard against fraudsters who might otherwise run off with the cryptocurrencies.
According to the security alert from Parity, the user accidentally triggered a function that allowed him or her to become the sole ‘owner’ of all the post-July 20 multi-signature wallets.
No access to accounts
“Subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library,” the alert said.
Essentially, once the user realised what happened, they tried to delete the wallet contract, which froze them and made them unusable — and now the real owners have no way to access the accounts.
Although it is difficult to quantify the exact amount of cryptocurrency frozen, researchers specialising in this area estimate that around $280m worth of ethereum is now inaccessible, including $90m raised by Parity's founder Gavin Woods.
Risk v reward
Despite offering potentially stellar returns (Bitcoin valuation rises are a case in point) cryptocurrencies are incredibly risky. Valuations can fluctuate wildly but from a security perspective they are always susceptible to hacking.
When the now defunct, Mt Gox exchange was hacked, in 2014 around 850,000 bitcoins went missing. At the time, the loss was valued at around $450m.
And in 2016, Bitcoin currency plunged in value by 20% after Bitfinex, an exchange based in Hong Kong, was hacked and funds stolen.
While cryptocurrency is unaffected by Central Bank decisions or monetary policy strategies of governments, it is not immune to threats from other quarters.