Wednesday, November 8, 2017

The most expensive programming error ever?

Bitcoin users, beware:
There's a lot of hair-pulling among Ethereum alt-coin hoarders today – after a programming blunder in Parity's wallet software let one person bin $280m of the digital currency belonging to scores of strangers, probably permanently. 
Parity, which was set up by Ethereum core developer Gavin Woods, admitted today that a user calling themselves devops199 had "accidentally" triggered a bug in its multi-signature wallets that hold Ethereum coins. As a result, wallets created after July 20 are now locked down and inaccessible, quite possibly permanently, thus nuking $90m of Woods' own savings. 
Multi-signature wallets mean more than one person has to sign off on a transaction before funds are moved, and are popular with companies and investment groups looking to protect their assets. Unfortunately, Parity's technology is seriously flawed: in July a hacker managed to exploit errors in the multi-signature code to steal about $30m in Ethereum.
Quite frankly, it sounds like their code is a mess.  Given the high visibility of the cryptocurrency market, there is undoubtably huge pressure to ship software on time.  This will not improve code quality.

My prediction: this isn't the last time we'll see something like this.


Unknown said...

"The most expensive programming error ever?"

Actually, the 1996 destruction of the Ariane 5 is estimated to have resulted in a loss of $370 million.

"The greater horizontal acceleration caused a data conversion from a 64-bit floating point number to a 16-bit signed integer value to overflow and cause a hardware exception. Efficiency considerations had omitted range checks for this particular variable, though conversions of other variables in the code were protected. The exception halted the reference platforms, resulting in the destruction of the flight."

LindaG said...

I hope Un is affected by the lockdown, but probably no such luck.

Borepatch said...

Unknown, or perhaps the Mars Lander which crashed due to confusion of metric vs. Imperial units.

Glen Filthie said...

BP - as a computer geek - if you turned your talents to The Forces Of Evil...could you hack a cryptocurrency, or see some other power doing it? (I won't touch it with a ten foot pole; when entire gov'ts start getting cut out of people's wallets - I can see all kinds of ways in which those carpetbaggers will try to retaliate. Some gov'ts have banned it and from what I've heard - others will do the same soon.
I stack modest quantities of coin and bullion and will continue to do so - last I heard Germany was getting back into gold like crazy. Seeing as how - in the last century, they've had 8 fiat currencies fail - they might be on to something...

Borepatch said...

Glen, my talents have always been focused on the defense. It's a surprisingly different skill set for the offense, and I never had any inclination to go there. So no, I don't think I have the skill to hack a cryptocurrency.

That said, others do as we all see. I actually don't think that the mathematics of the cryptocurrency is the weak point. Instead, the implementation in the software and the network protocols are where I'd think that vulnerabilities would be hiding.

Between you and me, I think your strategy of bullion/coins is sound. It seems that the money in Bitcoin et al is driven by speculation, not by any sort of economic fundamentals. Not that there's anything bad per se with speculation as long as it's done with your eyes open. But it's for sure high risk.