Burning money
Naked Security Naked Security

$300m… deleted! How a tiny bug flushed away a fortune

The bug allowed a user to flush away hundreds of millions of dollars of other people's money

A month or so ago we wrote about the ways you can lose in the cryptocurrency game – through the volatility of its value and through vulnerable exchanges (websites that store your cryptocash) getting hacked.

Turns out there’s another way – the digital equivalent of a bank freeze, which in this case was a “wallet” freeze. As reported in multiple outlets Tuesday, something in the range of $150m to $300m of ether, the digital token of the Ethereum blockchain – second to Bitcoin as the most popular cryptocurrency – is now frozen.

The cash is holed up in cryptocurrency multi-sig wallets (wallets requiring more than one owner to “sign” a transaction before it can proceed) created after 20 July using a library provided by Parity Technologies Ltd.

Reportedly the frozen cash includes $90m belonging to Gavin Woods, Parity founder and former core developer of Ethereum.

Parity issued a Critical security alert Tuesday warning of a vulnerability in the Parity Wallet library contract. The code to create multi-sig wallets had been updated on the 20 July to fix a bug that had been exploited the previous day, a vulnerability which resulted in $32m in ether being looted from multi-sig wallets by hackers.

But, the new code contained another bug.

(I)t was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function.

It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.

In layman’s terms what happened was the digital equivalent of accidentally walking off with a sack full of wallets containing millions of dollars and then throwing it in the garbage disposal by mistake.

The he or she (I’ll use “he”) who inadvertently stuffed the money into the garbage, who apparently goes by the Twitter handle @devops199, said he triggered the bug accidentally and reported it through a GitHub ticket.

Under the heading “anyone can kill your contract”, he wrote:

Hello, first of all i’m not the owner of that contract … I made myself the owner of “0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4” contract and killed it and now when i query the dependent contracts “isowner()” they all return TRUE because the delegate call made to a died contract.

I believe some one might exploit.

Later, in a series of tweets, he wrote, among other things, “Will I get arrested for this?” and “I’m eth newbie .. just learning.”

How believable is that?

Well, based on the Twitter account with that handle, he appears to be a brand-brand-new newbie to that platform. His home page says he joined in November 2017. The profile says, “Parity Account (see what I did there? Parody).”As of mid-day Wednesday, he had posted only 39 tweets and was following only 17 others, while having gained 1,411 followers since the account opened.

Of course users, newbie or otherwise, can only make mistakes if software allows them to. Matt Suiche, writing on the Comae Technologies blog, noted a number of software development issues that created the environment for this mistake to occur:

Even though the vulnerable smart-contract was open source and deployed months ago, this bug managed to escape code review done by the Parity team.

Since by design smart-contracts themselves can’t be patched easily, this make dependancies on third party libraries very lethal if a mistake happens.

The fact that libraries are global is also arguable, this would be shocking if it was how our daily use Operating Systems would work.

No matter what the cause, the important thing for users (depositors?), obviously, is whether they can get their money back. And according to most of the online discussion, a “hard fork” may be the only way to do it. A hard fork splits a single cryptocurrency in two, with both the old and new versions remaining valid. In a soft fork, only one blockchain – and therefore one coin – remains valid.

Such a move is controversial. It requires 51% of the entire Ethereum community – not just users of the wallet in question – to agree to create a new blockchain in which a hack, or in this case the freeze, never happened.

That has already been done once, in June 2016, after an Ethereum app called the DAO (Decentralized Autonomous Organization) was hacked and the attacker siphoned off an estimated $50m.

Ethereum inventor Vitalik Buterin tweeted that a hard fork shouldn’t be used in this case. He said the DAO hard fork was justified because the Ethereum ecosystem was, “less mature then (and there was) more at stake then as % of all ETH.” And:

[most impt]. Today’s attacker can just move funds, so HF is impossible.”

But Jordan Pearson, writing in Motherboard, said a Parity spokesman told him that, “At the moment we are looking into every scenario, a hard fork is one of the options.

And Martin Holst Swende, head of security for the Ethereum Foundation, told CoinDesk that the only way to free up the funds is a hard fork.

There’s unfortunately no way to recreate the code without a hard fork. Any solution which makes the locked funds accessible requires a hard fork.

The current crisis has apparently not affected the value of the currency. While it dropped from about $305 to $290 after the news broke, at mid-afternoon on Wednesday it was back up at $312.

Meanwhile, the warning about cryptocurrency risks that Naked Security’s Paul Ducklin issued more than two years ago seems relevant for yet another reason. Such currency, “… generally speaking, (is) not covered by any of the laws relating to currency trading, brokerage, banking and so on,” he wrote.

In other words, if the company to which you entrusted your precious [cryptocoins] suddenly tells you, “So sorry, they seem to have vanished,” then, well, that’s that: you’re out of luck.

Leave a Reply

Your email address will not be published. Required fields are marked *