Well, it happened again:
A few hours ago, an emergency tweet and message from Parity, one of the main Ethereum clients went out:
IMPORTANT: SECURITY ALERT: https://t.co/h5vc0KwAxS Move funds in multi-sig wallet created in Parity Wallet 1.5 or higher immediately.
— Parity Technologies (@ParityTech) July 19, 2017
It turned out this was already a few hours too late however, as several ICO accounts had already been emptied to the tune of 30 million USD in value.
— Manuel Aráoz (@maraoz) July 19, 2017
At least 30 million USD worth of ETH were moved from accounts that were thought to be secured by multisig, but turned out to not be secure at all. To add insult to injury, the multisig contract was written by Gavin Wood, who is one of the main Ethereum architects, leading some to question what this means for the safety of the project itself.
If the creator of Solidity, Gavin Wood, cannot write a secure multisig wallet in Solidity, pretty much confirms Ethereum is hacker paradise. https://t.co/WAR3eltfWl
— Charlie Lee (@SatoshiLite) July 19, 2017
Just like in the DAO situation last year, a group of white hat hackers took action to ensure all other accounts were emptied pre-emptively, unfortunately leading to more panic from those who just saw the accounts emptied without being aware this was a benign action.
— Lefteris Karapetsas (@LefterisJP) July 19, 2017
Is this the end of Ethereum?
I decided to go for clickbait here, which I admittedly hate, but also to make a point.
The answer for me is a resounding no.
My reasons however may be different from this guy, who apparently thinks 150 million is peanuts and epitomises the callousness that is infesting our industry.
only specific multi sig wallets were vulnerable. 150mill$ worth. that's the extent of what could have been.
— Sebastian Moonjava (@theDAOKING) July 19, 2017
Why I don’t and won’t buy into the death of Ethereum is that it’s not about the money. At least, it never was for me. As an experiment and as an innovation, Ethereum can and should move forward. It’s valuable for its own sake, and it’s an extremely exciting concept.
Of course, it should and cannot be the only project to work on smart contracts and ways to expand the potential of blockchain technology. Bitcoin itself is working on these concepts, as are other projects, like Aeternity. Ironically, Aeternity was one of the projects that had half of its ICO funds disappear in this last heist.
What *will* kill Ethereum (and any other project for that matter)
There is one sure fire way to kill our projects and that is just sheer unadulterated arrogance.
Likewise, allowing people to deploy code in charge of hundreds of millions of dollars in value without being almost absolutely sure they are safe is also a good way to kill projects.
Parity's flawed wallet contract is ~450 lines of code. Unfortunately, appears not to have gotten much peer review. https://t.co/61MK9KzVyy
— Jameson Lopp (@lopp) July 19, 2017
At this moment, hundreds of millions of dollars have been invested via Ethereums ERC20 tokens. It seems by pretty much inexperienced teams as this has taken them by surprise. Instead of looking at the contract codes intended to keep their millions safe, they just seem to have *assumed* it was all hunky dory.
Let’s be clear: this is on their heads as much as on Parity’s head. We’re dealing with alpha grade code here, at best, however much marketing we throw at it. It was and still is completely irresponsible, callous and arrogant to think we have this covered. Until we do, we should not even conceive of exposing so many people to this kind of risk, especially when most projects seem to relish not explaining how things work or have no real wish to educate their users.
Until people do, we will continue to see projects die in a completely unnecessary manner. Diligence, care, responsibility, what have you more: in the end, these will keep our projects afloat. Everything else is just a quick grab for a glorious, adrenaline-filled short term gain.
I believe in earning bitcoin.
If you think my work has value, leave a donation using this button.
Sign up for my newsletter:
Latest posts by Bas Wisselink (see all)
- (Nederlands) In antwoord op: Cut and Paste Nieuws - December 19, 2017
- The DotCom Myth, and why it is wrong - December 19, 2017
- (Nederlands) In antwoord op: Patrick Lemmens en Jeroen van Oerle - December 19, 2017