The Parity Wallet, a popular Ethereum and ERC20 wallet from Parity Technologies, has yet another vulnerability with its multi-sig contact.
Parity announced the following on Twitter:
UPDATE: A user exploited an issue and thus removed the library code, as it seems unaware of the consequences.
— Parity Technologies (@ParityTech) November 7, 2017
This froze funds in all Parity multi-sig wallets deployed after 20 July. We are analysing the situation and release further details shortly.
— Parity Technologies (@ParityTech) November 7, 2017
The tweets and their security alert posted to their blog imply that all owners of Parity multi-sig wallets are currently unable to move their funds. There is no suggestion of if and when a fix will be made available.
This is not the first time Parity has had issues with its multi-sig wallet. On 19th July 2017, a malicious user successfully exploited the multi-sig contract that was in place at the time and stole $32 million worth of Ether, mainly from ICO multi-sig wallets.
The news will leave users hesitant to use Parity in the future, being the second serious vulnerability exploited during the last few months.