Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 004Smart Contract Bug

Parity Multisig: Hack and Freeze

Two incidents four months apart: a public initWallet flaw drained $30M, then a user 'accidentally' suicided the library, freezing $150M+ across 151 multi-sigs.

Date
Victim
Parity
Chain(s)
Ethereum
Status
Funds Stolen

In 2017 the Parity multi-sig wallet library — used as the underlying contract for many of Ethereum's largest treasuries — suffered two distinct catastrophic incidents four months apart. The combined impact: roughly $30M stolen and a further $150M+ permanently frozen with no on-chain path to recovery.

What happened

July 19, 2017 — The drain (~$30M)

The Parity multi-sig was a thin proxy that called into a shared library contract via delegatecall. The library exposed an initWallet function that, when called on a wallet, set the wallet's owners. The function was callable by anyone, on any wallet, even after the wallet had been initialised.

An attacker walked through Ethereum, calling initWallet on Parity wallets they did not own — overwriting their owners with their own address — and then withdrew the balances. Roughly 150,000 ETH (~$30M) was drained from three large wallets, including those of the Edgeless Casino, Swarm City and æternity ICOs. A white-hat group front-ran the attacker on several other wallets and rescued an estimated $200M.

Parity deployed a patched library contract.

November 6, 2017 — The freeze (~$150M+)

The patched library still contained a subtle issue: initWallet could still be called on the library contract itself, turning the library into a multi-sig wallet owned by the caller. A user — devops199 on GitHub — did exactly that, accidentally claiming ownership of the library contract, then called the library's kill function (a selfdestruct) to "undo" their mistake.

Selfdestruct removed the library's bytecode permanently. Every Parity multi-sig in existence depended on delegatecall-ing into that library to function. With the library gone, all those wallets became bricks — they could receive ETH and tokens, but nothing inside them could ever be withdrawn.

Roughly 513,743 ETH ($150M at the time, several billion at peak prices) was frozen across 151 wallets, including the Polkadot ICO treasury (the same Parity team).

Aftermath

  • Parity proposed EIP-999 to recover the frozen funds via a state-modifying hard fork. The community rejected it; Ethereum chose immutability over restitution this time, despite having done the opposite for The DAO eighteen months earlier.
  • The funds remain frozen on Ethereum mainnet to this day — a permanent monument to the delegatecall library pattern.

Why it matters

Parity established two lasting practices: never expose initialisation functions that can be re-invoked, and don't put critical implementation in a shared, killable library. The modern equivalent — UUPS upgradeable proxies — explicitly forbids selfdestruct in the implementation contract for exactly the reason Parity demonstrated.

The asymmetric outcome — DAO recovered, Parity not — also showed how community consensus on emergency interventions is fundamentally arbitrary, and depends on who is asking, how big the loss is, and how political the moment.

Sources & on-chain evidence

  1. [01]openzeppelin.comhttps://www.openzeppelin.com/news/on-the-parity-wallet-multisig-hack-405a8c12e8f7
  2. [02]techcrunch.comhttps://techcrunch.com/2017/11/07/a-major-vulnerability-has-frozen-hundreds-of-millions-of-dollars-of-ethereum/
  3. [03]theregister.comhttps://www.theregister.com/2017/11/10/parity_280m_ethereum_wallet_lockdown_hack/

Related filings