Verify a decision

{"actor":"system:backfill","investigation_id":"58e0557e-7948-47ad-82cb-c7a089154f08","kind":"publish","page_slug":"parity-multisig","published_at":"2026-05-25T18:20:05.393Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Parity Multisig","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.parity.io/blog/the-multi-sig-hack-a-postmortem/","type":"other","url":""},{"credibility":3,"name":"https://www.openzeppelin.com/news/on-the-parity-wallet-multisig-hack-405a8c12e8f7","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/parity-multisig-wallet-hacked-or-how-come","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.openzeppelin.com/news/on-the-parity-wallet-multisig-hack-405a8c12e8f7","type":"other","url":""},{"credibility":3,"name":"https://medium.com/parity-hack-trace/parity-hack-and-153-037-stolen-eth-2a7704f59f3b","type":"other","url":""},{"credibility":3,"name":"https://www.securityweek.com/hacker-steals-30-million-ethereum-parity-wallets/","type":"other","url":""},{"credibility":3,"name":"https://bitcoinmagazine.com/business/white-hats-step-save-funds-vulnerable-ether-wallets","type":"other","url":""},{"credibility":3,"name":"https://github.com/bokkypoobah/ParityMultisigRecoveryReconciliation","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/paritytech/a-postmortem-on-the-parity-multi-sig-library-self-destruct-63daca3a4cf7","type":"other","url":""},{"credibility":3,"name":"https://www.vice.com/en/article/parity-multi-signature-wallet-vulnerability-300-million-hard-fork/","type":"other","url":""},{"credibility":3,"name":"https://news.sophos.com/en-us/2017/11/17/bug-that-deleted-300m-could-have-been-fixed-months-ago/","type":"other","url":""},{"credibility":3,"name":"https://securityaffairs.com/65413/hacking/ethereum-parity-wallet-hack.html","type":"other","url":""},{"credibility":3,"name":"https://www.vice.com/en/article/ethereum-wallet-parity-knew-about-critical-flaw-that-let-user-devops199-lock-up-millions/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/eip-999-why-a-vote-to-release-parity-locked-funds-evoked-so-much-controversy","type":"other","url":""},{"credibility":3,"name":"https://bitcoinmagazine.com/business/evolving-debate-over-eip-999-can-or-should-trapped-ether-be-freed","type":"other","url":""},{"credibility":3,"name":"https://bitcoinist.com/ethereum-community-votes-330-million-parity-refund-request/","type":"other","url":""},{"credibility":3,"name":"https://bravenewcoin.com/insights/parity-tech-has-no-intention-of-splitting-ethereum-over-513000-stranded-eth","type":"other","url":""},{"credibility":3,"name":"https://www.ccn.com/330-million-eip-999-stokes-debate-over-eth-frozen-by-paritys-contract-bug/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.openzeppelin.com/news/on-the-parity-wallet-multisig-hack-405a8c12e8f7","type":"other","url":""},{"credibility":3,"name":"https://medium.com/hackernoon/what-caused-the-latest-100-million-ethereum-bug-and-a-detection-tool-for-similar-bugs-7b80f8ab7279","type":"other","url":""},{"credibility":3,"name":"https://medium.com/solidified/parity-hack-how-it-happened-and-its-aftermath-9bffb2105c0","type":"other","url":""},{"credibility":3,"name":"https://medium.com/paritytech/a-postmortem-on-the-parity-multi-sig-library-self-destruct-63daca3a4cf7","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://crypto.news/parity-wallet-hacker-begins-laundering-150k-in-ethereum-after-7-years-of-inactivity/","type":"other","url":""},{"credibility":3,"name":"https://u.today/parity-wallet-hacker-moves-9-million-in-ethereum-leaving-246-million-in-limbo","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/heres-how-the-parity-ethereum-hacker-is-cashing-out-his-funds/","type":"other","url":""},{"credibility":3,"name":"https://dailycoin.com/parity-wallet-hacker-launders-9m-after-seven-years-hiatus/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.proskauer.com/blog/when-smart-contracts-are-outsmarted-the-parity-wallet-freeze-and-software-liability-in-the-internet-of-value","type":"other","url":""},{"credibility":3,"name":"https://natlawreview.com/article/when-smart-contracts-are-outsmarted-parity-wallet-freeze-and-software-liability","type":"other","url":""}]}],"sources_used":[],"summary":"Parity Multisig was a multi-signature wallet implementation developed by Parity Technologies, founded by Ethereum co-founder Gavin Wood. The software suffered two catastrophic security failures in 2017: a July hack in which 153,037 ETH (approximately $30–32 million at the time) was stolen from three Ethereum project wallets via an unguarded initialization function, and a November incident in which GitHub user devops199 accidentally triggered a self-destruct on the shared library contract, permanently freezing 513,774 ETH (approximately $150–280 million at the time) across 587 wallets. The frozen funds have never been recovered, and the July 2017 attacker resumed laundering stolen ETH through the exchange eXch in May 2024 after seven years of inactivity.","timeline":[{"date":"2017-07-19","event":"Attacker exploits unguarded initWallet() function in Parity Multisig WalletLibrary, stealing 153,037 ETH (~$30-32M) from Aeternity, Swarm City, and Edgeless","source":""},{"date":"2017-07-19","event":"White Hat Group uses the same exploit to drain and rescue approximately 377,000 ETH from other vulnerable Parity wallets before additional theft occurs","source":""},{"date":"2017-07-20","event":"Parity Technologies deploys replacement WalletLibrary contract without initializing it, inadvertently leaving a new critical vulnerability","source":""},{"date":"2017-08-01","event":"GitHub issue filed recommending auto-initialization of the library contract; Parity classifies it as a convenience enhancement and does not implement the fix","source":""},{"date":"2017-11-06","event":"GitHub user devops199 calls initWallet() on the uninitialized library contract, becomes its owner, then calls kill(), permanently destroying it and freezing 513,774 ETH across 587 wallets","source":""},{"date":"2017-11-08","event":"Parity Technologies publicly announces the library self-destruct incident and begins postmortem analysis","source":""},{"date":"2017-11-15","event":"Parity publishes postmortem on the library self-destruct incident, acknowledging the prior known-but-unaddressed vulnerability","source":""},{"date":"2018-04-01","event":"Parity submits EIP-999 to the Ethereum community, proposing a protocol-level state change to restore the destroyed library contract and unfreeze 513,774 ETH (now worth ~$280-330M)","source":""},{"date":"2018-04-30","event":"Community coin-vote on EIP-999 concludes with approximately 55% voting against; proposal is rejected and frozen funds remain inaccessible","source":""},{"date":"2024-05-13","event":"July 2017 Parity hacker resumes on-chain activity after seven years of inactivity, transferring ~3,050 ETH (~$9M) to exchange eXch using multiple intermediate addresses","source":""}]},"v":1}