On Tuesday, a single user permanently locked down dozens of digital wallets containing nearly $300 million dollars worth of ether, the unit of exchange on the Ethereum platform, allegedly by accident.
Now, some in the Ethereum community are considering the possibility of a risky network split, known as a “hard fork,” to fix it.
The affected wallets—known as “multisignature” wallets because they require multiple people to sign off before funds are moved, making them popular with companies—were all created with Parity, a popular program for digital wallets. Parity multisignature wallets experienced a bug in July that allowed a hacker to steal $32 million in funds before the Ethereum community scrambled to band together to hack back and secure the rest of the vulnerable ether.
According to a blog post released by Parity on Tuesday, the code that fixed the July bug contained another vulnerability. That vulnerability allowed a user known as “devops199” on GitHub, a site for developers to collaborate on open source code, to allegedly accidentally trigger a function that turned the contract governing Parity multisignature wallets into a regular wallet address and made him or her the owner. Devops199 then killed this wallet contract, or, as Parity put it, “suicided” it. This made all multisignature wallets tied to that contract instantly useless, their funds locked away with no way to access them.
If the story is true, it seems like Devops199 was jiggling door handles and when one door opened, they tried to close it and the whole house exploded…