Blog

Bugs Freeze $162 Million Cryptocurrency… Forever!

Million cryptocurrency.. Forever

Hackers never give up! They’re like those opportunists who would mercilessly rob you the first chance they get.

Recently, they targeted Ethereum that resulted in a loss of nearly $162 million cryptocurrency after a series of bugs invaded its digital wallet service. An unsuspected developer, who was originally working on fixing the bug, accidentally took possession of the cyber currency and locked up the funds… forever!

In short, all that currency is just gone…POOF!

How it all started

The problem all started when a cryptocurrency wallet service Parity was hacked in July this year, losing $32 million worth of digital money. With the intention of fixing this vulnerability and securing the remaining assets before the hackers pillaged them too, Parity mistakenly ended up introducing a new bug that corrupted multi-signature wallets, inadvertently allowing one user to become the owner of all multi-signature wallets.

Nearly 587 digital wallets have been locked up since November 6 ever since the user accidentally deleted the code library required to access recently-created wallets.

Parity’s audit team established that exactly 513,774.16 ethers were frozen because of the deleted code, the company said Monday. That amount of ether was worth around $162 million. More or less 573 wallet holders have been affected by this cryptocurrency incident.

Initially, some investigators estimated the loss to be approximately $300 million worth of ether, however, on Monday, Parity officially clarified that it is worth $162 million that got frozen. This incident is nothing like the commonly occurring cryptocurrency hacking — this money wasn’t grasped purposely, it was rather destroyed by accident, breaking hearts of millions.

Even though a mistake, how did the user called “devops199” trigger the bug and gain control over all multi-signature wallets? That is still a mystery yet to be solved. The user, although, did make an attempt to reverse the process, but that’s when all the funds got destroyed. To be more specific, the bug caused a domino effect leading to one incident to another until it locked all money never to be unlocked again. Some lost treasure like, eh?

$162 million…that’s a lot of money… of hundreds and thousands of users!

What is cryptocurrency

Cryptocurrency is basically a decentralized payment network using digital currency that was created with the purpose of providing secure transactions online. It uses cryptography, a process that converts legible information into an unbreakable code for safer payments. Ether happens to be the second largest cryptocurrency, following Bitcoin. If the value of one Ether token is approximately $300, according to CoinDesk, how many wallets amounted to that large amount of internet money that was lost permanently? Imagine that!

Parity, including others around Ethereum, however, haven’t yet settled on a solution to the frozen accounts. But they’re anticipating to attempt a so-called “hard fork” in the blockchain incorporated within an upcoming security update dubbed as EIP156.

People have shown immense interest in blockchain-based smart contracts, and also deem it to be secure. But similar to any software application, a smart-contract is as vulnerable as others. Owing to their design, smart-contracts are not easy to patch; the dependencies on third party or open source libraries have proven to be very lethal if even the tiniest mistake occurs.

Despite the fact that the defenseless smart-contract was open source and deployed months ago, this notorious bug was able to escape code review performed by the Parity team themselves. But, do you think if it was executed the right way, would this have happened? It simply points out at one thing…inefficient QA!

All this would not have happened if Parity had not shown negligence in implementing a proper QA strategy. Seeing the various arguments for implementing adequate QA & Testing processes created upon the latest industry standards, none of them is as convincing as the cost associated with fixing bugs. What’s worse, the longer a bug goes undetected, the costlier it is to fix. In this case, $162 million all lost in the blink of an eye.