In a new development suggesting Parity’ recent flaw that locked up over 900,000 ether was more nefarious than previously thought, affected token startup Cappasity thinks they have proof the “bug” was actually a hack.
Cappasity Thinks Foul Play’s Been Discovered
The Ethereum community was rocked on Tuesday, November 7, after GitHub user devops199 deleted the library responsible for supporting approximately $300 million dollars’ worth of ether in Ethereum wallet provider Parity’s multi-signature wallets.
The space was flabbergasted by the curious nature of the incident, as devops199 immediately posted on the Parity GitHub after the library’s deletion to declare he’d mistakenly killed the library in question.
In comments immediately after the lock-up, devops199 suggested he had little experience with Ethereum and that his deletion was the result of incompetence.
But according to Cappasity – a token start-up that’s lost access to 3,264 ether in the ongoing Parity nightmare – devops199 is only feigning incompetence.
The 3D Virtual Reality upstart firm points to recent investigative developments in the case that suggest devops199 was considerably more competent than he was letting on.
For example, Cappasity notes devops199’s previously undisclosed attempts to commandeer ownership over the Polkadot and ARtokens (ART) smart contracts.
'By studying devops199's attempts to extract and change ownership of #ARToken’s and @polkadotnetwork ’s smart contracts, it appears the user was maliciously poking around, eventually triggering the catastrophic bug in Parity's software' @cappasity https://t.co/0QAEAxygYh
— Cappasity Inc. (@cappasity) November 11, 2017
These kinds of maneuverings belie an advanced, or at least novice, understanding of smart contracts.
In a statement on Cappasity’s findings, company CEO Kosta Popov even went so far as to say that law enforcement officials may soon need to be involved:
When you are tracking [devops199’s] transactions, you realize that they were deliberate […] Therefore, we tend to think that it was not an accident. We suppose that this was a deliberate hacking. We believe that if the situation is not successfully resolved in the nearest future, contacting law enforcement agencies may be the right next step.
Fix and Timeline for the Parity Flaw Uncertain
For now, the unusual nature of the ongoing Parity “bug” has everyone in the community wondering what’s next. It remains to be seen what fix can be implemented to return the affected users’ 900,000 ether.
Some in the community have wondered if a hard fork of Ethereum will be necessary to make these users whole, but in an email exchange with the author of this article, Ethereum Foundation’s External Relations lead John Frazer made it clear the Foundation hasn’t “taken this position in any form.”
Indeed, echoing this sentiment, Ethereum Foundation Security lead Martin Swende expressed during recent comments to the press that the fix should be “spearheaded by the affected parties.”
This means its Parity’s time to shine – the way they handle this crisis in the coming days and weeks will likely determine if the users stick with the wallet service or potentially abandon it in droves.
We are running the crowdsale in regular mode. The incident in no way affects our commitment to release ARtokens.
— Cappasity Inc. (@cappasity) November 9, 2017
What’s clear is that this black swan event means the Parity team surely has a long, difficult road ahead of them.
Where do you stand? Do you think Parity’s going to be able to return these 900,000 ether to their rightful owners? Let us know what you think in the comments below!
Image courtesy of Quartz