The next big hack

There it is. The second big hack after the DAO disaster (fun fact: the last hardfork was exactly 1 year ago today).

What happened?

Yesterday evening several twitter account tweeted about a security alert. The code of the multisig wallet contract provided by Parity contained a simple but fundamental flaw. An update in March introduced the possibility to easily take over ownership of this of contract and hence be able to transfer all of its funds. Unfortunately the contract had been deployed several times. Obviously without a proper review. Even by companies that are involved in Ethereum Blockchain development. Swarm City for example lost more than 153,000 Ether.

White hats to the rescue.

What happened next is typical for the ethereum community. The white hat group entered the stage again. They immediately started using the same exploit, the real hacker was using. They were able to “secure” the remaining Ether from vulnerable contracts in order to give it back to the rightful owner. But everything that was lost to the real hacker is gone.

So will there be another fork?

No not this time. The reason is simple: There is not chance for a clean fork as there was back in the DAO days. The hacker was able to move the funds right away. During the DAO hack there was a window of 27 days to prepare for the hardfork. This time the damage was imminent.

Isn´t that bad for Ethereum?

Yes and no. It shows its weakness. I was expecting a bad crash after I first saw the security alerts and the messages saying that a lof of funds were lost already. But I guess the dimensions have changed since last year. 30.000.000 USD don´t seem to be to big of a deal anymore. Of course people started blaming developers and soliditiy, the programming language. And they are right. It is unspeakable that such a bug is actually commited to such a mission critical functionality of the partiy wallet without proper review. Even worse is the fact that the contract had been deployed so many times without taking a look at the source code. Trustless world? Not so much eh? People are now pointing out the problems of solidity . Those problems will be fixed. There will be tools to avoid such mistakes. It will take time. And we will see more of those incidents. What doesn´t kill us makes us stronger.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.