A month after a critical code vulnerability let a random person lock up roughly $150 million worth of other people’s digital money, the company responsible for the flaw finally has a suggestion for how to get that money back.
Unfortunately, not everybody’s going to like it.
In a blog post on Monday, Parity Technologies announced that the only way to “rescue” the funds—which are currently locked away in nonfunctional digital wallets—is with a protocol change to the Ethereum network itself. The only way to do this, the company states, is with a maneuver known as a hard fork that essentially creates a new version of Ethereum with a new set of rules that allow the funds to be recovered.
“If the funds are provably locked and it can be reasonably assumed this was not in the intention of the user, we believe that a change to the Ethereum rule set to unblock such funds would be desirable by the community as a whole,” Parity co-founder Jutta Steiner wrote Motherboard in an emailed statement.
A hard fork to rescue funds has been accomplished before—in 2016, after a hacker allegedly stole roughly $50 million from an Ethereum project. The move provoked an uproar from people who believe that a blockchain’s sole virtue is that it can never be edited, and creating a new version that essentially changes the blockchain’s history betrays the technology’s core values. Lingering resentment could make another emergency hard fork rescue a non-starter, but Steiner told me that Parity simply wants the fixes to be included in the next scheduled hard fork upgrade to the Etherum network.
“It is correct that the funds cannot be released given the current protocol rule set, so we are communicating the options to the community as a whole and we are hoping for a constructive discussion about the different options,” Steiner wrote.
The most interesting part of Parity’s response is that the company seems to partially blame the incident on the fact that Ethereum is highly experimental technology and mistakes happen. “Since Ethereum went live two and a half years ago, users and developers have often struggled with the usability and building on this new ‘Frontier’ of development,” Parity’s blog post states. (For the uninitiated, Frontier was the name of the first version of Ethereum, released back in 2015.)
Now, there are a few simple rules to an apology, and one of them is to never start by listing other people’s shortcomings. That is exactly what Parity has done here and it’s bound to rub people the wrong way, especially since the company knew about a key part of the critical flaw that let a user lock up $150 million in funds for months before it happened. And yet, the company has a point: This is highly experimental code that simply did not exist even a few years ago, and we’re trusting it to secure millions and millions of dollars.
Ethereum developer Vlad Zamfir put it this way on Twitter earlier in 2017: “Ethereum isn't safe or scalable. It is immature experimental tech. Don't rely on it for mission critical apps unless absolutely necessary!”
Still, pegging a completely preventable screw-up to “Ethereum is hard” is bound to attract some criticism. On this point, Parity is hoping the community can come together to see past their resentment and come up with a solution. “We must remember the Ethereum Network is still very new in the grand scheme of things and it is important for us as a community to work together to make it better and safe for people to use,” Steiner wrote.
Get six of our favorite Motherboard stories every day by signing up for our newsletter .