Wednesday, November 8, 2017

The most expensive programming error ever?

Bitcoin users, beware:
There's a lot of hair-pulling among Ethereum alt-coin hoarders today – after a programming blunder in Parity's wallet software let one person bin $280m of the digital currency belonging to scores of strangers, probably permanently. 
Parity, which was set up by Ethereum core developer Gavin Woods, admitted today that a user calling themselves devops199 had "accidentally" triggered a bug in its multi-signature wallets that hold Ethereum coins. As a result, wallets created after July 20 are now locked down and inaccessible, quite possibly permanently, thus nuking $90m of Woods' own savings. 
Multi-signature wallets mean more than one person has to sign off on a transaction before funds are moved, and are popular with companies and investment groups looking to protect their assets. Unfortunately, Parity's technology is seriously flawed: in July a hacker managed to exploit errors in the multi-signature code to steal about $30m in Ethereum.
Quite frankly, it sounds like their code is a mess.  Given the high visibility of the cryptocurrency market, there is undoubtably huge pressure to ship software on time.  This will not improve code quality.

My prediction: this isn't the last time we'll see something like this.

5 comments:

  1. I hope Un is affected by the lockdown, but probably no such luck.

    ReplyDelete
  2. Unknown, or perhaps the Mars Lander which crashed due to confusion of metric vs. Imperial units.

    ReplyDelete
  3. BP - as a computer geek - if you turned your talents to The Forces Of Evil...could you hack a cryptocurrency, or see some other power doing it? (I won't touch it with a ten foot pole; when entire gov'ts start getting cut out of people's wallets - I can see all kinds of ways in which those carpetbaggers will try to retaliate. Some gov'ts have banned it and from what I've heard - others will do the same soon.
    I stack modest quantities of coin and bullion and will continue to do so - last I heard Germany was getting back into gold like crazy. Seeing as how - in the last century, they've had 8 fiat currencies fail - they might be on to something...

    ReplyDelete
  4. Glen, my talents have always been focused on the defense. It's a surprisingly different skill set for the offense, and I never had any inclination to go there. So no, I don't think I have the skill to hack a cryptocurrency.

    That said, others do as we all see. I actually don't think that the mathematics of the cryptocurrency is the weak point. Instead, the implementation in the software and the network protocols are where I'd think that vulnerabilities would be hiding.

    Between you and me, I think your strategy of bullion/coins is sound. It seems that the money in Bitcoin et al is driven by speculation, not by any sort of economic fundamentals. Not that there's anything bad per se with speculation as long as it's done with your eyes open. But it's for sure high risk.

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.