back to article Parity's $280m Ethereum wallet freeze was no accident: It was a hack, claims angry upstart

A cryptocurrency collector who was locked out of his $1m Ethereum multi-signature wallet this week by a catastrophic bug in Parity's software has claimed the blunder was not an accident – it was "deliberate and fraudulent." On Tuesday, Parity confessed all of its multi-signature Ethereum wallets – which each require multiple …

  1. razorfishsl

    Yep ,

    I had a dig about the transactions, once you see the trigger transaction you can start to trace the attempts to extract or corrupt the wallets.

    you can see multiple attempts all within a small amount of time.

    the story about it being an accident

    " oh i just created a bad transaction and then deleted it"

    just do not appear to wash.

    1. Anonymous Coward
      Anonymous Coward

      All your e-Tulips

      are belong to us.

    2. The Count
      Thumb Down

      You had a "dig" about the transactions? If some new hipster lingo you're trying to confuse the rest of us who speak English with?

    3. fajensen

      Oh - So all my WoW-gold got ripped by them Evil Horde Scammers frontrunning the auction house!?

      Sure, The Police will want to know All About It. especially the part explaining how these unregulated markets in virtual wealth are their problem to regulate, somehow.

  2. Anonymous Coward
    Anonymous Coward

    Whilst I have sympathy..

    Perhaps I'm looking at this naively and with a lack of understanding, but to me cryptocurrency is nothing more than fools gold.

    1. Proud Father
      FAIL

      Re: Whilst I have sympathy..

      "Perhaps I'm looking at this naively and with a lack of understanding, but to me cryptocurrency is nothing more than fools gold."

      Indeed, IMHO you have to be pretty dumb to keep large amounts of "money" tied up as virtual cash.

      As we have seen in this case, it can just disappear.

      1. Anonymous Coward
        Anonymous Coward

        Re: Whilst I have sympathy..

        Fiat currency is no different, really. If a country ceases to exist, so does its currency, essentially.

        1. Anonymous Coward
          Anonymous Coward

          Re: Whilst I have sympathy..

          A country doesn't have to cease to exist for it's currency to very quickly become worthless.

          Well known examples include Weimar Germany and Zimbabwe.

          1. chrishu

            Re: Whilst I have sympathy..

            "A country doesn't have to cease to exist for it's currency to very quickly become worthless.

            Well known examples include Weimar Germany and Zimbabwe."

            Tell me one country in the last 50 years, that ceased to exist , overnight and that had their currency made worthless ? There is none

            And both weimar germany and zimbabwe didnt have their currency turn worthless overnight, it took years and years. .

            1. RichardB

              Re: Whilst I have sympathy..

              Not exactly what you are looking for but you could take a peek at Yugoslavia over 93/94 and Venezuela 2013 to present...

              1. Anonymous Coward
                Anonymous Coward

                Re: Whilst I have sympathy..

                ...also Poland in the early 90's.

                Hyperinflation has occurred multiple times within the last 50 years. Your money may not become technically worthless, but when it's not enough to pay for food, much less rent, the difference is academic.

            2. scrubber
              Windows

              Re: Whilst I have sympathy..

              "Tell me one country in the last 50 years, that ceased to exist , overnight and that had their currency made worthless ? There is none"

              Apart from the Yugoslavian Dinar. And Soviet Roubles. And Czechoslovak koruna. And that's just in Europe.

              2 minutes on wikipedia would stop you looking like a fool.

              1. MyffyW Silver badge

                Re: Whilst I have sympathy..

                "Tell me one country in the last 50 years, that ceased to exist , overnight and that had their currency made worthless"

                Even with the examples quoted by @scrubber, nation-state Fiat currency is an order of magnitude more stable. Sure it can become worthless quickly, but nowhere near as quickly as someone can fettle with your e-tulips.

                1. wolfetone Silver badge

                  Re: Whilst I have sympathy..

                  "Even with the examples quoted by @scrubber, nation-state Fiat currency is an order of magnitude more stable. Sure it can become worthless quickly, but nowhere near as quickly as someone can fettle with your e-tulips."

                  How? Look at what happened with the UK Brexit referendum, overnight the Sterling lost 30/40p against the dollar. If investors are spooked by anything, they sell their currency which in turn brings the prices down. It's quite different to the "gold standard" set out after WW2, as currencies were backed by a physical asset. But no currency has been backed by gold since the 1970's and has been backed by nothing more than pure faith since then. Quite a lot like the cryptocurrencies today.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: Whilst I have sympathy..

                    Tulip investment and other speculative futures contracts based on commodities or other promises associated tenuously with tangible property interests offer the same illusion of underlying value. Cryptocurrency offers no such illusion. It's value is underpinned essentially by faith and this is more transparent than just about any other type of asset including such things as mortgage-backed securities.

                    If you can't eat your money, it might as well be cryptocurrency.

        2. fajensen

          Re: Whilst I have sympathy..

          Fiat currency is no different, really.

          Except if someone nicks my wallet full of Fiat, I can go to the police about it and someone might go to the slammer if the police finds my wallet on the thief. I can also expect that the 50 quid Fiat in my wallet will still be there when I reach the pub and also that it will buy me plenty of beer.

          With cryptocurrencies, you are entirely on your own and nobody cares about your self-made problems.

          1. Anonymous Coward
            Anonymous Coward

            Re: Whilst I have sympathy..

            "Except if someone nicks my wallet full of Fiat, I can go to the police about it and someone might go to the slammer if the police finds my wallet on the thief."

            Except, of course, the thief would've been savvy enough to fence it off. Once that degree of separation has taken place, is it no different? Pretty sure the cops would turn around and say they have bigger fish to fry.

            1. Scroticus Canis
              Big Brother

              Re: Whilst I have sympathy..

              Pretty sure the cops would turn around and say they have bigger fish to fry "What are you talking about? Have you been drinking or taking any psychoactive substances?".

          2. Anonymous Coward
            Anonymous Coward

            Re: Whilst I have sympathy..

            If someone nicks your wallet, nobody cares about that either.

          3. Gordan

            Re: Whilst I have sympathy..

            "I can also expect that the 50 quid Fiat in my wallet will still be there when I reach the pub and also that it will buy me plenty of beer."

            Not in Yugoslavia, Zimbabwe, Weimar Germany or other examples quoted above, at appropriate times. They were adding an extra digit to price tags of groceries in stores several times per day.

            1. fajensen

              Re: Whilst I have sympathy..

              If I wanted to experience the no doubt rich experience of daly life in Yugoslavia, Zimbabwe, Weimar Germany and so on, I would move there.

              I live "here" and I don't buy crypto currencies because I don't need all that extra excitement so much that I want to deliberately seek it out.

    2. Anonymous Coward
      Coat

      Re: Whilst I have sympathy..

      Actually, fools gold has more use than a long numerical chain on a hdd/ssd does. Depending on the utility of said chain of numbers.

      (PS, mine is the one with a disk containing loooooong digit that decrypts into Star Wars on bluray. ;) )

    3. Flywheel Silver badge

      Re: Whilst I have sympathy..

      Maybe I'm bucking the trend here, but my small amount of fiat currency I originally converted to Bitcoin is paying for my monthly VPN bill, based on increase in value alone. I'm happy with that and actually can't afford to buy Bitcoin any more.

      1. Anonymous Coward
        Anonymous Coward

        Re: Whilst I have sympathy..

        I put about 1% of my net assets into various cryptocurrencies about a year ago. They are distributed across various exchanges and private wallets. The diversity has buffered volatility. The custodial distribution has buffered other risks. For example, when there was a period when I could not withdraw ZEC from Poloniex, I was still able to convert to other crypto for withdrawal, and it only comprised 10% of my crypto portfolio at the time so I would not have been too disturbed if it was completely lost. When XBT dropped in value this past week, the appreciation of my BCH holdings more than compensated. All told, having made no further fiat contributions, the portfolio now comprises closer to 4% of my net assets. Is it time to rebalance, cut and run, or let it ride?

        Fool's gold? Maybe. I'm feeling bullish.

    4. Desgrippes

      Re: Whilst I have sympathy..

      Yup, you most certainly are education is key. Streaming money is an inescapable reality , I'm astounded by level of ignorance (not by you personally) in the comments of a technical publication.

    5. Desgrippes

      Re: Whilst I have sympathy..

      https://www.ted.com/talks/don_tapscott_how_the_blockchain_is_changing_money_and_business

  3. mark l 2 Silver badge

    Why if you have made $1 million in crypto currencies would you leave it in the trust of a 3rd party like Parity?

    I would be reluctant to leave $1000 in with a third party such as this. Heck I am annoyed if I loose a tenner never mind a million.

    1. Voland's right hand Silver badge

      Why if you have made $1 million

      My exact thought. There are banks for that.

      1. Anonymous Coward
        Anonymous Coward

        My exact thought. There are banks for that.

        Ah, but they were hoping to make $2m, and then $4m, and so on. Plus, as already commented elsewhere, there's no chance that the market could tolerate the sale of that digital currency.

        1. Desgrippes

          LOL - you are not up to date with ETH trading volumes.

      2. Anonymous Coward
        Anonymous Coward

        Show me the bank that has turned...

        anybody's 1000 into one million.

        If you don't have a stomach for risk, that's fine. Yeah, we know what banks are for.

    2. DavCrav

      "Why if you have made $1 million in crypto currencies would you leave it in the trust of a 3rd party like Parity?"

      Because it's not really worth $1m. The same way as if I invented a secret gold-making procedure, and made a million tonnes of gold, if wouldn't be worth quadrillions. It's worth $1m because the trading volumes are low. Try to sell those Ethereum and you'll find the market is nowhere deep enough to handle it and you will get almost nothing back.

      1. This post has been deleted by its author

      2. Mark 65

        Try to sell those Ethereum and you'll find the market is nowhere deep enough to handle it and you will get almost nothing back.

        Interesting. Is there anywhere you can observe liquidity and market depth on any of these "currencies"?

        1. Anonymous Coward
          Anonymous Coward

          You can observe the order books

          and trading volumes on multiple exchanges.

    3. Creslin

      Its the many investors money, not the companies

      Investors place coins into multi-sig to then have a control over when funds are taken from the wallet by the project.

      If the company had full control over the 1 million there would be nothing stopping the company just taking the money and disappearing.

      The function of multi-sig --- when working -- is you can hold your investment money escrow and release on progress of a project. Typically this may be 80% of signatures are required to release funds to progress.

    4. Anonymous Coward
      Anonymous Coward

      "Why if you have made $1 million in crypto currencies would you leave it in the trust of a 3rd party like Parity?"

      So you don't have to pay taxes...?

    5. fedoraman

      Cold Wallet

      Its crazy. Put it in a cold wallet, one that YOU control, and isn't connected to the internet. If you're going to do crypto currencies, at least do them properly.

  4. Lorribot

    Anything financial based on the coding skills of humans is likely to end in tears.

    Anything that involve loss in the US is likely to end in a court.

    Any recompense for a misdemeanor for anything complicated in the technology sector will take around 10 years to sort out as the law catches up with things and works out who owns what and how dissed who.

    The South Sea Bubble for the 21st century any one?

    1. Anonymous Coward
      Anonymous Coward

      from a legal perspective.....

      It'll be tough to take this to court in the US.

      Bitcoins and all their derivitives are not recognised legally as financial instruments and therefore have no value that the court could legally recognise.

      You may well think this is bollocks, but you'd still lose in court.

      https://en.wikipedia.org/wiki/Financial_instrument

      1. Charles 9 Silver badge

        Re: from a legal perspective.....

        Then how does Coinbase operate? It's US-based, legal, and all above-board. The US doesn't recognize Bitcoin as a currency, but there's nothing to stop trading it as something like a commodity.

        1. Anonymous Coward
          Anonymous Coward

          Re: from a legal perspective.....

          That's licencing for the exchange.

          That doesn't recognise the Bitcoins as a Financial Instrument, it's a very subtle but incredibly important legal difference.

          1. Charles 9 Silver badge

            Re: from a legal perspective.....

            Why would it need to be recognized as a financial instrument? What's so important about this distinction, and is anything that is not pegged to the home currency allowed to be such?

    2. Anonymous Coward
      Anonymous Coward

      "Anything financial based on the coding skills of humans is likely to end in tears"

      You've just summed up pretty much every stock exchange going these days.

    3. Sorry that handle is already taken. Silver badge
      Facepalm

      contacting law enforcement agencies may be the right next step

      Almost the definition of irony.

  5. G Mac
    WTF?

    Hmm I thought 'smart' contracts meant no laywers

    It was my impression that a smart contract was code that defined what was supposed to happen. Since the code is the contract, it is always the 'law', thus eliminating messy lawyer paper shuffling and court disputes.

    Interesting that those messy things might still be necessary...

    See smart contract as lawyer/court replacement:

    https://blockgeeks.com/guides/smart-contracts/

    1. Doctor Syntax Silver badge

      Re: Hmm I thought 'smart' contracts meant no laywers

      "It was my impression that a smart contract was code that defined what was supposed to happen. Since the code is the contract, it is always the 'law', thus eliminating messy lawyer paper shuffling and court disputes."

      Code can shuffle electrons about. The electrons can represent Bitcoin, dollars, pounds, euros or any other currency and, providing it's bug-free it might well be 'law'. As soon as you want to swap those electrons for something else, such as food, it ceases to have any real effect.

      Yes, you can have the code operate a vending machine but you still require someone to have filled the machine with what it's supposed to contain. As soon as someone didn't you've stepped outside the realm of code into real law to get it resolved.

      In this case we're told it wasn't even bug-free so it wasn't even effective 'law'.

      1. Brewster's Angle Grinder Silver badge

        Just like real law

        "In this case we're told it wasn't even bug-free so it wasn't even effective 'law'."

        The law is frequently ineffectual and often full of bugs. We call the latter loopholes. In this case, the code appears to be looping forever without a break condition.

  6. emmanuel goldstein

    OK, let"s run with this. But then what was devops199's motive, I mean apart from just breaking the wallets?

    1. Anonymous Coward
      Anonymous Coward

      --->"OK, let"s run with this. But then what was devops199's motive, I mean apart from just breaking the wallets?"

      Seriously?

      Trying to find a flaw that would allow you to steal multi millions of dollars would be a pretty good motive.

      The Japanese Bitcoin souk hack a few years back lost over $500m and no-one is quite sure if it vanished or got knicked.

    2. Ben Tasker

      Assuming it *was* deliberate, the aim probably wasn't to freeze the accounts so much as to gain access to them.

      Which in a way, he sort of did - he managed to get his key onto those wallets/contracts as required for authorising a transaction. The next step would have been to find a flaw that allowed that key to authorise transactions without the sign-off of the other (legitimate) keys. At that point you could move the funds out and ride off into the sun.

      Assuming, again, that it was deliberate, the sticking point seems to have been not being able to find a flaw that allows that second step.

      Deleting the "new" wallet was a bad move though. If it had been left active he could at least have freed everyone elses funds back up. On the other hand, the funds are now sat waiting for someone to find a way to gain access to them, legitimately or not. If it was a deliberate act then he's probably looking for a way at the moment.

      The thing is, deliberate or not, its something that should never have been able to happen. If a crypto-currency wants to be considered, well, currency then users need to be able to trust that they're not suddenly going to get hit by something like this.

      Its quite possible that by the time access is recovered (if at all) that the value may have flopped significantly. It's not the first issue Parity have had, and it's not exactly a small deal having your funds frozen indefinitely because of a bug in the code

      1. Lyndon Hills 1

        Frozen funds

        reminds me of paypal.....

    3. Captain DaFt

      OK, let"s run with this. But then what was devops199's motive, I mean apart from just breaking the wallets?

      Pure hypothetical speculation on my part:

      A. Find a bug that lets you silently empty wallets.

      B. 'Accidentally' lock wallets to hide the theft.

      C. Patiently wait for time to pass, and hashes deprecated, then 'mine' coins that just happen to match 'lost' ones. ie: Profit!

  7. Joerg

    It is all a fraud and illegal cryptocurrency...

    It is all a fraud and illegal cryptocurrency... what are they going to do sue one another for stealing illegal money?

    The bankers created this huge worldwide fraud. Cryptocurrencies are just criminal stuff by bankers. They own the corrupted justice system in all major countries and they can get away with it.

    1. JimC

      Re: It is all a fraud and illegal cryptocurrency...

      Rather than a fraud by bankers I thought crypto currencies were more of a money grab by those who kick the things off and generate large quantities of pseudo money which then inflates in value... Certainly seems to me that those who get in the ground floor of a crypto currency end up with a lot of "dosh" for moderate effort.

      1. DainB Bronze badge

        Re: It is all a fraud and illegal cryptocurrency...

        Which is a textbook definition of a Ponzi scheme.

      2. Anonymous Coward
        Anonymous Coward

        Re: It is all a fraud and illegal cryptocurrency...

        > " I thought crypto currencies were more of a money grab by those who kick the things off and generate large quantities of pseudo money which then inflates in value..."

        I always assumed the real purpose of crypto-currencies was to provide a more convenient means of exchange for the criminal part of the web.

    2. Pascal Monett Silver badge

      Re: "The bankers created this huge worldwide fraud"

      Really Joerg ? You're still trying to pass that bullshit ?

      You do realize that this is the Internet, and anyone with a brain can easily check that you're wrong ?

  8. JimmyPage
    Black Helicopters

    ...thus setting back blockchain development by years ...

    which may have been the original idea ?

    Given the current climate, I'm surprised no one has asked "cui bono ?" and suggested the 5-eyes might have had a hand ?

    1. Doctor Syntax Silver badge

      Re: ...thus setting back blockchain development by years ...

      I'm surprised no one has asked "cui bono ?" and suggested the 5-eyes might have had a hand ?

      Someone just has. You.

    2. I ain't Spartacus Gold badge

      Re: ...thus setting back blockchain development by years ...

      Why invent a conspiracy when you already have so much incompetence?

      It's not the blockchain that's been hacked, but the second attack on one company's crappy wallet software.

      The banking industry are all over the idea of blockchains at the moment. But international banking have already got pretty low transaction fees sorted, on a much larger scale than Bitcoin, which is apparently now averaging $6 per transaction - and that's not including the larger fees if you wish to use an exhange to convert Bitcoin to real money.

  9. John Smith 19 Gold badge
    Coat

    Piece of p**s to think up a new crypto currency.

    Very f**king difficult to design one that's secure.

    But keep in mind what's a "real" currency?

    Most of most people's net worth is actually negative.

    Most of (negative or positive) is actually just a set of numbers held in what wethink of as "secure" databases called banks.

    1. chrishu

      Re: Piece of p**s to think up a new crypto currency.

      Not to rub it in, but there is a deposit garantie of a 100000 euro in most european union countries on saving accounts of banks. Maybe money in regular banks are not that bad after all.

      1. patrickstar

        Re: Piece of p**s to think up a new crypto currency.

        Try telling the people who had money in Cyprus during the crisis that getting robbed by Merkel et al. wasn't so bad after all.

        1. Len

          Re: Piece of p**s to think up a new crypto currency.

          The €100,000 applies across the whole EU. As the UK doesn't use the euro the equivalent amount in the UK is set as £85,000 since 1 January.

          As it is an EU wide scheme it applies in Cyprus too. People who had money in Cyprus banks have all their deposits up to €100,000 protected. Only deposits above €100K were used for the banking bail in. It beats asking the taxpayer to stump up for it if you ask me.

          1. Mark 110

            Re: Piece of p**s to think up a new crypto currency.

            The Cyprus problem was not about being able to get your money. It was about being able to get your money out of Cypriot banks right then. Sensible governance to prevent a run on the banks. When there's a danger or a run escalating governments will always do this. You can still get your money . . . you just have to wait til everyone stops panicking.

            1. patrickstar

              Re: Piece of p**s to think up a new crypto currency.

              I doubt the customers had signed an agreement that let the bank hold their money and later confiscate parts of it to pay off their own debts (both things happened, by the way).

              You are not allowed to use funds held for customers to prop up a failing business - end of story. If this wasn't banks but an actual sane line of business, the executives would rightly be in jail and personally liable for the full amount they stole and/or gambled away from their customers.

              I can't believe anyone here is actually defending a bunch of crony capitalists colluding with the governments to make money at everyone else's expense...

      2. Desgrippes

        Re: Piece of p**s to think up a new crypto currency.

        If the shit really hits the fan, good luck with that.

  10. Anonymous Coward
    Anonymous Coward

    You go to the cops...

    ...then go to jail for wilful tax evasion. Like it isn’t obvious why they had all that money in an Ethereum wallet...

  11. The Nazz

    The Blockchain

    Ok, i'm naive and somewhat clueless on crypto-currencies.

    But, if as appears to be the case, as devops199 transactions occurred at a specific point in time, why can't the Blockchain, at that same precise point in time, be used to recreate the frozen, or stolen, wallets' contents?

    1. The Mole

      Re: The Blockchain

      Because of all the other transactions by other people that have happened in the meantime, you would wipe out all those transactions as well which is going to cause even more confusion. The 'chain' in blockchain is the key word, each transaction is linked to the last so you can't manipulate previous transactions.

    2. Desgrippes

      Re: The Blockchain

      It can be rolled back but the one of blockchains greatest features is immutability and censorship resistance, when you roll back (fork) you lose credibility.

    3. JimmyPage
      Boffin

      Re: The Blockchain

      Rule #1 of (pseudo) financial transacting is you never roll back. Instead you post correcting transactions later in the record.

      I have a sneaking suspicion that the underlying Ethereum blockchain isn't really well designed for this sort of thing.

      Also, in order to post correcting credits you may need access to the multiple keys on each affected wallet. From the sounds of it, this is the problem.

      Personally I don't see this as a failure of the blockchain. As with the previous Ethereum snaful, the blockchain did exactly what it was designed to do. It's the design that's dodgy.

  12. charlieboywoof

    Gold, just saying

  13. anthonyhegedus Silver badge

    What is the end goal of these ridiculous crypto-currencies anyway? So far, from what I've read, and a small amount of experience buy a bit coin once, I've determine that:

    1. It's _fiendishly_ complex to buy, use and sell bitcoins. It's not like just going to a website and buying something. Advice is sparse and conflicting.

    2. It's expensive to convert proper money to bitcoins and vice versa.

    3. The exchange rate varies wildly, thus making it a poor vehicle for... anything.

    4. It keeps going wrong. I'm not talking theft, I mean bugs and controversies, that only the very knowledgeable can even hope to begin to understand.

    5. There seem to be more than one cryptocurrency, only serving to confuse people.

    What the hell is it all for? how will this actually benefit people? Can we actually use these things quickly, conveniently and simply? In a nutshell, I see this as just a geeky experiment for hipsters that has no bearing on the real world. I've not seen anything anywhere to simplify this so that people can use it as conveniently as a debit card or cash.

    I know I'm going to get voted down for this, but surely I have a point!

    1. Anonymous Coward
      Anonymous Coward

      RE:What is the end goal of these ridiculous crypto-currencies anyway?

      What was the point of a phone in your car ?

      What was the point of a computer in your house ?

      What was the point of rock'n'roll ?

      etc.

      Generally, if you can't see the point, it's not meant for you.

      1. anthonyhegedus Silver badge

        Re: RE:What is the end goal of these ridiculous crypto-currencies anyway?

        "What was the point of a phone in your car ?

        What was the point of a computer in your house ?

        What was the point of rock'n'roll ?"

        These are trivial to explain, and envisage even years before their introduction. But I have not been able to identify a compelling use-case for bitcoins. Is the point that the long-term intention is, in fact, to make it trivially simple to use, such that it will supplant cash? Because right now, as it stands, it doesn't appear to be ready.

        1. Claptrap314 Silver badge

          Re: RE:What is the end goal of these ridiculous crypto-currencies anyway?

          I first heard about crypto-currencies on the cypherpunks mailing list in the '90s. They confused the heck out of me then. Now, I think that they might be valuable as recompense for driving the blockchain. The blockchain is a really powerful technology, and once the adults get control of things, will be huge. Think about ecommerce around '95 vs today.

          As for the intended end goal? As I recall from Tim May's .sig line, next after "digital cash" was "revolution". That is, he and others envisioned a future where social structures radically shift power away from central governments.

          We shall see.

  14. Claptrap314 Silver badge
    Unhappy

    The big issue

    Blockchain is the BIG DEAL technology. Coin is a substantial use of the technology, which itself can enable many other things. These major fails of coin are slowing the exploration into blockchain.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022