Third-Party Risk With Parity Wallet Failure

Earlier this week, popular Ethereum wallet Parity was either hacked or unintentionally damaged, leading to the loss of approximately $300M in Ether.  (While the actions that led to the loss are clear, the responsible party’s intent has not been firmly established.)

This article provides a good summary: https://www.theguardian.com/technology/2017/nov/08/cryptocurrency-300m-dollars-stolen-bug-ether

Essentially, a bug in the Parity multi-signature wallets allowed a coder to take ownership of the entire multi-signature wallet structure at its root.  When the coder the deleted that code – ostensibly in an effort to undo his actions in taking ownership and return the wallets to their true owners – he actually deleted the code that allowed the multi-signature wallets to operate at all.

Core Ethereum developers have reviewed the issue and concluded that only a hard fork will fix the problem.  But Ethereum’s DAO hard fork led to the permanent creation of the ETH / ETC split.  And the Parity wallets at issue compose a much smaller part of the Ethereum market cap than DAO did.  A hard fork seems unlikely.

One of the biggest advantages of cryptocurrency is its ability to be held by anyone and accessed anywhere at anytime.  Parity, a widely Ethereum wallet, has just lost its users hundreds of millions of dollars.  Individuals holding cryptocurrency should seriously consider moving their assets to hardware wallets like Trezor or Ledger.  Companies holding cryptocurrency should seriously consider developing their own, in-house, thoroughly audited solution.  (Thanks to QE partner and former SEC Chief of Staff Michael Liftik for pointing out this important aspect of the article.)

Author: Michael O'Connor

Michael O'Connor is an attorney in Quinn Emanuel's Washington, DC office. Prior to joining the firm, Michael clerked for the Hon. D. Brooks Smith of the U.S. Court of Appeals for the Third Circuit and worked for several years at another major international law firm. He has dual degrees in Computer Science and Biology from Penn State University. Michael's practice includes intellectual property litigation, antitrust litigation, and data security and privacy. Michael advises clients on legal planning for data breaches, their obligations for safe handling of personally identifiable information, and the legal implications from emerging technologies like Bitcoin, Ethereum, and the blockchain. He has applied his technical training to patent cases involving semiconductor design, systems programming, and mobile device architecture. He has worked on multiple cases at the intersection of patent and antitrust law. Michael represents clients in cases before federal courts throughout the country, as well as before the International Trade Commission.