A final ditch effort is now being made to recover the $264 million that is locked in Ethereum following a hack at the end of last year.
What Actually Happened
November 2017 saw a major hack of the UK’s Parity’s multi-sig wallet. $264 million was lost in the Ethereum wallet and attempts are still being made to retrieve the money. Although the wallet was purposefully being hacked, the loss of the money was a pure accident. The hacker managed to implement the “self-destruct” function, which then went on to freeze a large amount of money from numerous investors. Parity has since tried several ways on several occasions to get the money back, but they have all included large security risks and working with the whole Ethereum community which has not been favorable.
The Last Chance
After months of research, developers are now working on a more basic way to fix the code to get the money released. In its simplest form, this newest fix involves a restore of the lost wallet without the self-destruct mode included. It is hoped that this will release the funds to the users and finish this last five months of anguish for all concerned.
The work on the new code will also ensure that this never happens again. Developers are using this time to make the wallet more foolproof and sturdier. This will hopefully restore faith in Parity and offer a new founded trust in their wallet.
Those in the know have already suggested that this new bug fix is the best one yet. It is a simple workaround and the cost to get back the amount frozen is very low in comparison to the amount that has disappeared. The new code fix can also be targeted directly at the Parity software clients instead of hitting the whole Ethereum community. This is much better for all as one developer suggests. Fewer users are affected which means there is less impact on the Ethereum circle.
This whole incident has however opened up a large debate amongst developers and software providers on whether recoveries should actually happen in the first place. There is a definite divide between those believing that the users need to be protected and good security should already be in place when software is released and those that appreciate that hacks and code breaks do happen so there should be the flexibility to recover if it is necessary. Those with worries are concerned that recoveries could well open up the door for corruption and bribery in the future.
The debate is nowhere near to a resolution and it remains to be seen whether the fix outlined above will indeed be implemented. No matter what though, this does send a very strong message from the company and quite possibly the industry as a whole that fund recovery is a serious matter and developers certainly will not give up on missing funds and will fight to the end. This is one of the positives to come out of the November incident.