Parity Multisig Wallet Hacked, or How Come?
Background
Multisignature wallets are smart-contracts designed to manage crypto assets by the consent of multiple wallet owners. This type of wallets usually allows to set daily withdrawal limits, vote for withdrawals, vote for ownership changes, etc.
With the big surge in crypto prices this year, many people are now holding significant amounts of crypto assets. It is worth taking security more seriously and putting your assets, or at least most of them, into a multisig wallet is a good step toward that. That enhances security for a process that moves lots of funds quite quickly. If you own a multisig wallet, you need multiple “signatures” to move funds out of the wallet. In fact, these signatures mean multiple private keys.
This alternative to holding value in simple user accounts appeared in 2012. Multisig wallets are especially favored by cryptocurrency startups and other groups, as they are a safeguard against hacker attacks aimed at the asset holders. This is because they allow some of the owners' accounts to be compromised while retaining full control of the money. Of course, it also helps against sneaky employees who might want to run off with the money. For this reason, multisig wallets are also a popular way of storing cryptocurrency raised in ICO.
Several years ago Gavin Wood, Ethereum cofounder and CTO established EthCore, a non-profit organization that develops software for Ethereum infrastructure, which later changed its name to Parity Technologies. One of its products is Parity, an Ethereum client that provides a web interface for the underlying Ethereum node software. It allows the user to access the basic Ether and token wallet functions, and also to interact with smart-contracts deployed on the Ethereum Blockchain. The Parity wallet is designed to integrate seamlessly with all standard tokens as well as manage Ether transfers. It is compatible with Ubuntu, OSX, Docker, and Windows. The vast array of options offered by Parity wallet made it extremely popular in the crypto community.
Attack
Multisigs are distributed to users as smart-contract source code: whenever someone wants to get one, they take the current code from the repository, deploy the contract onto the Ethereum Blockchain, then set the owners, place the funds, etc. Each wallet is a separate instance of the code.
In the case of Parity, some of the essential elements of contract logic, including the withdraw function that allows to take funds out, was placed in a library. A library is an already deployed smart-contract that is used by every Parity Multisig in existence (starting from a particular version). Such code separation can theoretically be a good thing: for instance, shaving off gas costs for users that have to deploy less code. Unfortunately, it also means that, should the library be broken in some way, it will affect every contract depending on it. And no contingencies were included.
On November 6–8, it was discovered that it was possible to initialize the library itself as a wallet, claiming owner rights for it, including the right to kill it altogether. All the deployed dependent contracts would then become useless. After killing the library, the attacker probed several deployed multisigs in order to try and change the owner list and withdraw the funds, retracing the steps of the July exploit. Between that and the GitHub issue claiming incompetence, the question of the attacker’s motives remains unclear.
According to crypto eli5, 151 wallets have been frozen, with their balances being 513,743 ETH or $152 million in total. Parity Technologies announce that 573 wallets have been affected and their total balance is unknown.
General reaction
Disbelief was the first and most common feeling experienced by members of the crypto community. Oh, they wished to unsee this amount of around $154 mln locked due to the allegedly random actions of some newbie! It has not only crushed Parity’s steady recovery after the notorious hack in July, but also made some users consider the limit of security fails and whether Parity has reached it.
The first reaction to the funds being frozen was sheer panic – only six months past the July hack the repetition seemed impossible, although the most reasonable community members at least began to consider cryptocurrency safety as priority. As soon as Parity provided official explanations, the panic gave place to distrust, as affected users found themselves at a loss.
UPDATE: A user exploited an issue and thus removed the library code, as it seems unaware of the consequences.
— Parity Technologies (@ParityTech) November 7, 2017Parity recently claimed that they treat safety and security issues seriously – so, how could such thing happen? One of the major concerns is that the bug had existed for some time before the crash. It affected the wallets created past 20 July 2017, i.e. after a hotfix driven by the hack.
This froze funds in all Parity multi-sig wallets deployed after 20 July. We are analysing the situation and release further details shortly.
— Parity Technologies (@ParityTech) November 7, 2017A vulnerability in the then-current version of the Parity Multisig wallet was exploited, leading to $30 mln being stolen and another $180 mln rescued by a white hat hacker group, then subsequently returned to the rightful owners. Following the attack, Parity Tech deployed a new version of the wallet that, as it turns out, introduced another vulnerability. This led some users to complain on Parity’s insouciance regarding their funds and botched debugging process prior to the update release. The fact that the exploit was probably initiated by a clumsy newbie (as he himself has claimed), doesn’t give credit to the company either.
Parity answers in the most careful way, avoiding any certainty. Who can blame them for trying to calm the tumult? However, a user seeing phrases like “to the best of our knowledge” believes that developers don’t control the situation at all.
Update: To the best of our knowledge the funds are frozen & can't be moved anywhere. The total ETH circulating social media is speculative.
— Parity Technologies (@ParityTech) November 7, 2017As a result, we see a whipped-up buoyancy among Parity and Ethereum opponents, for example, from Charlie Lee, Litecoin creator.
I was adamantly against the DAO hardfork for this moral hazard reason. Ethereum is no longer unstoppable code as advertised on their website. How much in $/% is enough to do a HF? And who gets to decide? No longer uncensorable payments. https://t.co/i3RyIPqo32
— Charlie Lee (@SatoshiLite) November 8, 2017The attackers split into two almost equal parts: those who blame the developers of the smart-contract and those who believe the whole company to be guilty. Not to mention some voices claiming that the Ethereum architecture (such as immutable smart-contracts) is to blame. They are usually met with the counter-claim that it's rather the coding practices and the maturity of development cycle are at fault.
Consequences
About $154 mln remains stuck in the wallets that were affected. Since smart-contracts in Ethereum are immutable, and no relief measures were included in the code, the only way to reclaim the funds seems to be a hard fork of Ethereum network. Otherwise, the Ether is going to remain in the affected contracts forever. This caused more discord in the Ethereum community. Unofficial twitter polls show approximately 50/50 division of supporters and opponents to the initiative, as the previous fork eventually broke Ethereum into two warring networks.
There are several technical possibilities of how such a hard fork can work, including implementing EIP 156 or putting a fixed version of the library back in place. However, this is a controversial issue, bringing back everything that had been discussed in regards to the DAO Hack and subsequent bailout.
Affected parties
Major players don’t rush in with “take it or leave it” propositions, waiting for more details from Parity. As the funds were actually frozen, not stolen, the developer is not pressed by time limits – though some will consider growing discontent of users to be the harder trial.
However, most companies affected by the exploit have already published statements to comfort clients and assure that, one way or another, the issue will be solved.
The multisig used by the Web3 Foundation to accept contributions for Polkadot, also established by Gavin Wood, was the biggest of those affected, putting the ETH in it beyond access. Luckily, the affected multisig wallet didn’t contain all the funds. Hence, the company claims that their original roadmap has not been affected. They are still in the process of evaluating loss and looking for possible solutions, but seem quite serene and confident about the future.
The Iconomi platform and its storage system also claim to be secure. $35 m were stored using the affected Parity Multisig contract and will remain locked until the situation is resolved. But all users’ digital assets stored on the platform are completely safe, and the functioning of the platform is unaffected. The developers of the platform stay positive. They state that the Ethereum ecosystem has already proven itself able to rapidly respond and adapt to unexpected challenges.
The Cappasity platform also assures the users that the platform and the content stored there are secure, and the functionality of the platform is unaffected. Although the funds raised so far during their crowdsale have been stored in an affected Parity multisig wallet, the company retains confidence. The crowdsale has been resumed in regular mode, having switched promptly to another multisig wallet after the attack. It looks like Cappasity was fully ready for the challenge: the existing partners of the company could compensate for the locked funds, if necessary. The team has also conducted their own research on the attack, arriving at a conclusion that there is a great probability of this being a deliberate hack (the evidence is provided at the end of the company’s first official statement).
In general, we see that leading players were acting wisely, as they didn’t put all their eggs in one basket. This seems to be the best possible strategy, as Blockchain is still a nascent industry, and it has to pass through several ups and downs to elaborate the best and safest strategies.
The article was written by Alex Bokhenek (@CollisAventinus), a Blockchain expert at ModernToken.