Third-Party Risk With Parity Wallet Failure

Earlier this week, popular Ethereum wallet Parity was either hacked or unintentionally damaged, leading to the loss of approximately $300M in Ether.  (While the actions that led to the loss are clear, the responsible party’s intent has not been firmly established.)

This article provides a good summary: https://www.theguardian.com/technology/2017/nov/08/cryptocurrency-300m-dollars-stolen-bug-ether

Essentially, a bug in the Parity multi-signature wallets allowed a coder to take ownership of the entire multi-signature wallet structure at its root.  When the coder the deleted that code – ostensibly in an effort to undo his actions in taking ownership and return the wallets to their true owners – he actually deleted the code that allowed the multi-signature wallets to operate at all.

Core Ethereum developers have reviewed the issue and concluded that only a hard fork will fix the problem.  But Ethereum’s DAO hard fork led to the permanent creation of the ETH / ETC split.  And the Parity wallets at issue compose a much smaller part of the Ethereum market cap than DAO did.  A hard fork seems unlikely.

One of the biggest advantages of cryptocurrency is its ability to be held by anyone and accessed anywhere at anytime.  Parity, a widely Ethereum wallet, has just lost its users hundreds of millions of dollars.  Individuals holding cryptocurrency should seriously consider moving their assets to hardware wallets like Trezor or Ledger.  Companies holding cryptocurrency should seriously consider developing their own, in-house, thoroughly audited solution.  (Thanks to QE partner and former SEC Chief of Staff Michael Liftik for pointing out this important aspect of the article.)

Author: Michael O'Connor

Michael O'Connor is a Visiting Assistant Professor of Law at Penn State. He teaches in the areas of cyber law, including data security & privacy, cybercrime, and emerging technologies. His scholarship focuses on cryptocurrency and blockchain technology, including securities regulation, money laundering, and other topics. He joined Penn State Law from private practice at the law firm Quinn Emanuel Urquhart & Sullivan LLP, where he was resident in the Washington, D.C., office. Before that, he clerked for the Hon. D. Brooks Smith on the U.S. Court of Appeals for the Third Circuit and worked for another major international law firm. While in private practice, Michael advised clients on legal planning for data breaches, their obligations for safe handling of personally identifiable information, and the legal implications from emerging technologies like Bitcoin, Ethereum, and the blockchain. He applied his technical training to patent cases involving semiconductor design, systems programming, and mobile device architecture. He also worked on multiple cases at the intersection of patent and antitrust law. Michael represented clients in cases before federal courts throughout the country, as well as before the International Trade Commission.​