Ethereum Wallet Company Knew About Critical Flaw That Let a User Lock Up Millions

After someone going by “Devops199” managed to permanently lock up millions of dollars worth of other people’s Ethereum funds last week, the company that created the vulnerable code published a postmortem on the incident on Wednesday. It doesn’t look good.

According to Parity’s breakdown of the fiasco, the digital wallet company knew about the critical flaw since August and did not address it for months, until it was too late.

This much we already knew: Parity suffered a massive hack due to a critical vulnerability in mid-July, prompting it to push out new code on July 20th. Devops199 was poking around this code for multi-signature Ethereum wallets. They discovered a wallet that didn’t have an owner, and all Devops199 had to do to become its owner was call a function called “initWallet.” So, they did. Now, what Devops199 did next is a point of some consternation: After becoming the wallet’s owner, they called the “kill” function of the wallet, destroying it.

Read More: How Coders Hacked Back to ‘Rescue’ $208 Million in Ethereum

That wallet was actually a code library for Parity multi-signature wallets, making them instantly useless and permanently freezing the funds inside. Multi-signature wallets are designed to have more than one owner, and so they’re popular with companies. After Devops199 killed the code library, the estimated amount of lost ether (Ethereum’s digital currency) was just under $300 million USD. Today’s Parity postmortem pegs that number at closer to $150 million, which is still nothing to sniff at.

According to Parity’s postmortem, a user on GitHub—where Parity’s code is hosted for all to see—named “3esmit” alerted the company to the code flaw in August. “BTW, when you deploy WalletLibrary, the init function will be open in that contract,” 3esmit wrote at the time. “I recommend you calling initWallet on WalletLibrary right after its deploy, just to ensure no one will use it."

Parity spokespeople were not immediately available to comment. According to the company’s post, there was “no formal audit” of the code, but it went through a process of internal and community review.

Parity wrote that 3esmit’s recommendation “at the time was considered a convenience enhancement,” and, “interpreting the recommendation as enhancement, the changed code was to be deployed in a regular update at a future point in time.”

That update didn’t come in time to stop Devops199 from stumbling across the flaw in November—months after the Parity team was alerted—and instantly blowing up millions of dollars worth of other people’s digital money.

Commenters on the Ethereum subreddit expressed bewilderment at how Parity could have allowed this to happen. “I know it is easy to be smart in hindsight, but these are huge design errors, I can't comprehend how could this pass reviews in the architecture phase,” wrote user “1up8912” in a comment. “Tl;dr, we fucked up, you’re fucked,” wrote another commenter.

Parity wrote that it could have avoided this month’s disaster by removing the kill function from the wallet, or simply doing what 3esmet recommended back in August, “either automatically through the code change and re-deployment or manually on the contract deployed in July,” the company wrote.

“We recognise that the issue has, among other things, caused distress and anxiety about the future of projects and funds in our community and we are working hard to explore all feasible solutions,” the Parity post states.

At the moment, there is still no fix to free the locked funds. Parity stated that the company is working on several code proposals that could, the company claims, unlock the funds or deal with the problem of locked funds generally in Ethereum. One of the proposed solutions must be implemented with a network split called a hard fork, which is sure to be an intensely controversial plan.

That’s because it happened before. After an Ethereum project called the DAO lost more than $50 million to a hacker in 2016, the funds were recovered via a hard fork network split, a move that spurred part of the Ethereum community to rebel and work on their own version of Ethereum, now called Ethereum Classic.

Whether any of the locked funds will be returned is anybody’s guess, but one thing is for sure: Parity’s standing in the Ethereum community is at stake.

Get six of our favorite Motherboard stories every day by signing up for our newsletter .