Back to blog

Parity Technologies Multi-Sig Wallet Issue Update

This week, as has been widely reported, a vulnerability in the Parity Wallet library contract of the standard multi-sig contract was found by an anonymous user. This user managed to gain access to the smart contract, effectively making themselves the owner of the contract. Subsequently, the user made the unfortunate move to “suicide” the smart contract underlying the multi-sig wallet which in turn blocked funds of of 587 wallets with a total amount of 513,774.16 Ether. While the funds remain in the affected wallets, the wallets themselves are inaccessible.

Jutta Steiner, Founder of Parity Technologies says, “We deeply regret the impact this situation is causing among our users and within the community. We do ask that people get in touch with us if they have any uncertainties and to not believe the speculation circulating the media. We are endeavouring to find a solution as soon as possible and we would like to thank everyone for the support we’ve experienced so far.”

Regarding the affected wallets, we are reaching out to the owners on an individual basis and welcome users to get in touch. If you are still unsure about the state of your wallet, please visit this website and if you have any questions remaining or would like to get in touch you can email us at community@parity.io.

We have spent the last few days rigorously examining the events. While it is too early to decide on a fixed solution, EIP156 has been discussed for a significant time and has drawn support from various directions in the community. The team is working on a broadly accepted solution that will unblock the funds.

This is a learning opportunity (albeit a painful one) for our company, for our collaborators and the community that stands with us. There have been discussions within Parity and across the open source community for a while now on how to build better and more secure systems. Moving forward we will further improve our process related to the development of mission critical code and work together with the community to make core infrastructure more secure.

We continue to analyse the events and will issue a detailed postmortem in the next few days.

Read more

  • A Postmortem on the Parity Multi-Sig Library Self-Destruct

    On Monday November 6th 2017 02:33:47 PM UTC, a vulnerability in the “library” smart contract code, deployed as a shared component of all Parity multi-sig wallets deployed after July 20th 2017, was found by an anonymous user. The user decided to exploit this vulnerability and made himself the “owner” of the library contract. Subsequently, the user destructed this component.

  • Security Alert

    Severity: Critical

    Product affected: Parity Wallet (multi-sig wallets)

    Summary: A vulnerability in the Parity Wallet library contract of the standard multi-sig contract has been found.

    Affected users: Users with assets in a multi-sig wallet created in Parity Wallet that was deployed after 20th July.

  • Announcing Parity 1.8

    Winter may be coming but the moment you’ve all been waiting for has finally arrived: Parity Tech is excited to announce the release of the BIGGER and BETTER 1.8.0. This release will see light client improvements: Proof-of-Authority chain compatibility, even with dynamic authority sets, and also feature compatibility with the Whisper v6 wire protocol.

Back to blog