CryptoCoinsInfoClub.com

What Is Multisig Wallet Ethereum

The $280m Ethereums Paritybug.

The $280m Ethereums Paritybug.

Hacker, Microsoft MVP, Founder of @ComaeIo Co-Founder of @CloudVolumes (now @VMWare) A critical security vulnerability in Parity multi-sig wallet got triggered on 6th November paralyzing wallets created after the 20thJuly. As you may have read, Parity issued a security advisory today to inform its users and developers about a bug that got accidentally triggered which resulted in freezing more than $280M worth of ETH, including $90M belonging to Paritys Founder & Ethereum former core developer: Gavin Woods. As Dan Guido points out, this new vulnerable contract has been deployed more than 100+ days ago on July 20th, one day after the original multi-sig vulnerability had been exploited and fixed. A user named devops199 claimed he triggered the bug accidentally and reported it t hrough a GitHub ticket . The newly deployed contract, 0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4, contains a vulnerability where its owner was uninitialized. Although, the contract is a library it was possible for devops199 to turn it into a regular multi-sig wallet since for Ethereum there is no real distinction between accounts, libraries, and contracts. The event occurred in two transactions, a first one to take over the library and a second one to kill the library which was used by all multi-sig wallets created after the 20th of July. In the above transaction, the user initialized the owner to himself ( 0xae7168deb525862f4fee37d987a971b385b96952 ) of the Parity library using the initWallet() function which is the function that was originally exploited on July 19th. Assigning an owner to the library directly enabled the user to convert the library into a regular multi-sig wallet. // throw unless the contract is not yet initialized. modifier only_uninitialized { if (m_numOwners > 0) throw; _; } / Continue reading >>

Ambisafe An Answer To Multi-sig Wallet Security And More

Ambisafe An Answer To Multi-sig Wallet Security And More

The multi-sig approach is a favorite tool for ICOs as it allows multiple users, who are usually the co-founders, to be able to process transactions with the raised amount just like a joint account in fiat banks. No one can withdraw funds on their own and this is what ensures the security of funds and binds the co-founders together. Since most ICOs nowadays have their platform based on the Ethereum blockchain, with the money raised in the form of Ether, multi-sig Ether wallets are becoming very popular. In wake of bugs in other Ether multi-sig wallets, Ambisafe has announced that its multi-sig wallets have remained unaffected despite consistent reports of other wallets being infringed upon. Problems started in July 2017 when some ICOs, who used Paritys popular multi-sig wallet, began to report a bug that had resulted in more than 600,000 ETH being stuck in limbo. TechCrunch reported this news and since then user confidence on Ethereum multi-sig wallets has dwindled. Even though there have been no reports of this money being stolen away from these accounts, they are still struggling to access it. This was not the first issue with Paritys multi-sig wallets. Previously in July, more than 150,000 ETH had been stolen from their wallets and Ambisafe was one of the companies that offered their help in preventing these attacks. At the same time, Ambisafe has maintained that none of its own wallets have come under this cyber attack or lay victim of a bug in the platform either. So far, Ambisafe remains one of the safest multi-sig Ether wallets available in the market. So, if you are using Ambisafe as your ICOs official wallet, there are majorly reduced chances of any ERC-20 token being stolen or stuck in limbo in the future. The credit for this robust nature of the wallet goes t Continue reading >>

Parity Technologies Multi-sig Wallet Issue Update

Parity Technologies Multi-sig Wallet Issue Update

Parity Technologies Multi-Sig Wallet Issue Update This week, as has been widely reported, a vulnerability in the Parity Wallet library contract of the standard multi-sig contract was found by an anonymous user. This user managed to gain access to the smart contract, effectively making themselves the owner of the contract. Subsequently, the user made the unfortunate move to suicide the smart contract underlying the multi-sig wallet which in turn blocked funds of of 587 wallets with a total amount of 513,774.16 Ether. While the funds remain in the affected wallets, the wallets themselves are inaccessible. Jutta Steiner, Founder of Parity Technologies says, We deeply regret the impact this situation is causing among our users and within the community. We do ask that people get in touch with us if they have any uncertainties and to not believe the speculation circulating the media. We are endeavouring to find a solution as soon as possible and we would like to thank everyone for the support weve experienced so far. Regarding the affected wallets, we are reaching out to the owners on an individual basis and welcome users to get in touch. If you are still unsure about the state of your wallet, please visit this website and if you have any questions remaining or would like to get in touch you can email us at [email protected] . We have spent the last few days rigorously examining the events. While it is too early to decide on a fixed solution, EIP156 has been discussed for a significant time and has drawn support from various directions in the community. The team is working on a broadly accepted solution that will unblock the funds. This is a learning opportunity (albeit a painful one) for our company, for our collaborators and the community that stands with us. There have Continue reading >>

I Accidentally Killed It: Parity Wallet Bug Locks $150 Million In Ether

I Accidentally Killed It: Parity Wallet Bug Locks $150 Million In Ether

I Accidentally Killed It: Parity Wallet Bug Locks $150 Million in Ether Join our community of 10 000 traders on Hacked.com for just $39 per month. The Ethereum ecosystem encountered another black swan event this week with the activation of a bug in the multi-signature wallet software released by Parity Technologies. The bug resulted in multi-sig wallet users permanently losing access to an estimated $150 million in funds. Leading some people to compare the significance of the event to the infamous collapse of bitcoin exchange Mt. Gox. With those words and a link to an ethereum contract address on Etherscan, Github user devops199 revealed that he or she had inadvertently exploited a bug in the Parity Wallet library contract. Apparently, the user had turned the library contract into an ordinary multi-sig wallet and had become the owner of that wallet. Recognizing what had happened, the user attempted to delete the code that had transferred the wallet ownership. However, because the wallet contained library contract code and all Parity multi-sig wallets rely on that code for their internal logic the deletion of the code permanently froze the approximately $150 million in funds stored in Parity multi-sig wallets. Developers are currently exploring potential solutions to recover access to the funds, but early reports indicate that the funds would only be recoverable through a hard fork to the Ethereum platform. One of the biggest cybersecurity challenges with smart contracts is that theyre made up of code, just like any other application. This is prone to human error, said Leigh-Anne Galloway, cyber resilience lead at Positive.com, which protects ICOs from cyberattack. Its also quite hard to make changes to the contract once it goes live, which is why weve seen that the fun Continue reading >>

Create A Multi-signature Ethereum Wallet Usingparity

Create A Multi-signature Ethereum Wallet Usingparity

Create a Multi-Signature Ethereum wallet usingParity Set up and use Parity to create and manage multi-signature Ethereum wallets, edit the wallets settings and view pending and pasttransactions I recently set up a multi-sig Ethereum wallet and I couldnt find clear instructions. Here they are, I hope these instructions are useful for someone looking to getstarted. Youll need a way to interact with the Ethereum blockchain in order to deploy a wallet. There are several apps that you can use. Ive used Parity because I found it simple andquick. Wallets are a type of contract and there are two types of wallet, the Multi-Sig wallet and the Watch wallet. An Ethereum account is required to communicate with a contract so if you want a multi-sig wallet with 3 signatories (for example) then you will need to have set up at least 1 of those 3 Ethereum accounts before creating thewallet. Integrated directly into your Web browser, Parity is the fastest and most secure way of interacting with the Ethereumnetwork. You can do a bunch of stuff with Parity including mining Ether, manage accounts, interact with different dapps, send/receive from different accounts, and set up contracts. On the accounts tab, you can quickly set up Multi-Signature wallets. If you use the Chrome plugin you will also get handy notifications when transactions are confirmed or contractsdeployed. For MacOS you can download and install Parity by visiting the Parity site and downloading the installer , or from the terminal using curl orHomebrew. brew tap paritytech/paritytech brew install parity --stable If you used the installer, then you open Parity opening the app and then using the logo in themenubar. If you used Brew, then start Parity with the followingcommand and then go to the following address in yourbrowse Continue reading >>

Chapter 2: Working With Contractwallets

Chapter 2: Working With Contractwallets

From Chapter 1 we know that Ethereum has two types of accounts: One type, which we have been referring to simply as an Account, we already are quite familiar with having created them and stored ether in them. The other type of account is the Contract Account. While an Account has a password-protected private key and an address, a Contract Account has no private key but has an address, code, and storage. Contract Wallets (or contract-based wallets) are built with Contract Accounts, utilizing the ability of Contract Accounts to hold and run code with associated persistent storage. Of course, Contract Accounts can be used to do a lot more than just create Contract Wallets. Utilizing Contract Accounts, developers are hard at work creating all kinds of fascinating Decentralized Applications (DApps) right now. How Are Contract Wallets Different From Accounts? Accounts can be used as bare stores for ether, though they can also be used to do things other than just hold ether. When they are used to hold ether, Accounts can be thought of simply as private key/address pairs. The sole function of a Contract Wallet is to manage ether, that is, receive, store and spend ether.Unlike Accounts, Contract Wallets are controlled by code, which means that it is possible to customize their behavior. And, you wont have to do any coding yourself; the Contract Wallets come with a user interface that makes it easy to simply select the type of security/convenience enhancing customization you require. Contract Wallets are controlled by code but ultimately that code also has a master, and that master is an Account with its password-protected private key. So Accounts serve two roles; as bare stores of ether in their own right, and as owners (or controllers) of feature-rich Contract Wallets. Exactly Continue reading >>

Parity Multisig Wallet Hacked, Or How Come?

Parity Multisig Wallet Hacked, Or How Come?

Parity Multisig Wallet Hacked, or How Come? A vulnerability found in the Parity multi-sig wallet contract, lets dive into what happened there. Multisignature wallets are smart-contracts designed to manage crypto assets by the consent of multiple wallet owners. This type of wallets usually allows to set daily withdrawal limits, vote for withdrawals, vote for ownership changes, etc. With the big surge in crypto prices this year, many people are now holding significant amounts of crypto assets. It is worth taking security more seriously and putting your assets, or at least most of them, into a multisig wallet is a good step toward that. That enhances security for a process that moves lots of funds quite quickly. If you own a multisig wallet, you need multiple signatures to move funds out of the wallet. In fact, these signatures mean multiple private keys. This alternative to holding value in simple user accounts appeared in 2012. Multisig wallets are especially favored by cryptocurrency startups and other groups, as they are a safeguard against hacker attacks aimed at the asset holders. This is because they allow some of the owners' accounts to be compromised while retaining full control of the money. Of course, it also helps against sneaky employees who might want to run off with the money. For this reason, multisig wallets are also a popular way of storing cryptocurrency raised in ICO. Several years ago Gavin Wood , Ethereum cofounder and CTO established EthCore, a non-profit organization that develops software for Ethereum infrastructure, which later changed its name to Parity Technologies . One of its products is Parity , an Ethereum client that provides a web interface for the underlying Ethereum node software. It allows the user to access the basic Ether and token w Continue reading >>

A Major Vulnerability Has Frozen Hundreds Of Millions Of Dollars Of Ethereum

A Major Vulnerability Has Frozen Hundreds Of Millions Of Dollars Of Ethereum

A major vulnerability has frozen hundreds of millions of dollars of Ethereum Google to add restaurant wait times to Google Search and Maps, followed by grocerystores Today is not a good news day for Ethereum. A vulnerability found within a popular wallet has frozen potentially hundreds of millions of dollars of the crypto currency in a second setback in recent months. Parity Technologies, the company behind widely used wallet service Parity, today disclosed an issue that could enable the contents of a wallet to be wiped. The issue affects multi-sig wallets a technology that uses the consent of multiple parties for additional security on transactions that were deployed after July 20. In other words, ICOs that were held since then may be impacted. Its a kicker because it is the second time in just a few months that a major Parity bug has been unearthed with potentially costlyrepercussions for Ethereum, which is the worlds second highest-valued crypto currency with a total market cap of over $27 billion.Back in July, a vulnerability in Parity led to 150,000 ETH (then worth around $30 million) being stolen. That bug was fixed July 19 hence the significance of the July 20 date but one positive element of that first scare is that many in the Ethereum community, and particularly those who have held ICOs, backed away from the technology in favor of alternatives. Even those who did use Parity may not have opted for the multi-sig wallet. But still it is a major security issue with wider implications.Parity explained that it found the problem when one users wallet was wiped: Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July. However that Continue reading >>

Security Flaw Freezes More Than $150 Million Worth Of Ethereum

Security Flaw Freezes More Than $150 Million Worth Of Ethereum

A bug in Parity , a popular wallet for the cryptocurrency and decentralized application platform Ethereum, may have resulted in more than $150 million worth of ether being permanently frozen. The bug affects Parity multi-sig (multi signature) wallets, which require more than one owner to "sign" a transaction before it can go through. An unknown attacker (or a careless developer) has exploited it to effectively destroy a piece of Parity's code, effectively rendering all multi-sig wallets that were created after July 20 completely unusable. SEE ALSO: Move over, Bitcoin: Ethereum is the next big thing in cryptocurrency The July 20 date is significant; this is the date when Parity's code was updated to fix a bug that enabled a hacker to steal more than $32 million worth of ether from multi-sig wallets. Unfortunately, the new code contained another bug, which enabled an attacker to turn Parity's library contract effectively Parity's code into a multi-sig wallet and destroy it. "It would seem that issue was triggered accidentally 6th Nov 2017 (...) and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library," wrote Parity in a blog post explaining the incident. This means that anyone who held Ethereum in a multi-sig wallet created after July 20 can't do anything with it it's impossible to transfer or spend it. It's unclear how many wallets are affected, but unofficial estimates say the number is at least 500,000 ether, which was roughly worth $154 million at the time the hack was discovered. Update: 500k ether locked which is $154m. Thanks @alexanderlhicks @Haaroony also independent confirmation by banteg on parity's Continue reading >>

Erc: Standard Api For Multisig Wallet Smart Contracts #763

Erc: Standard Api For Multisig Wallet Smart Contracts #763

Revoke approval from suggested transaction with given ID. Reverts if approval was not revoked from transaction, e.g. when _id is not a valid ID of pending suggested transaction, caller is not authorized to revoke approvals or called has not approved this transaction yet. 3.4. execute(uint256,address,uint256,bytes,uint256) function execute (uint256 _id, address _to, uint256 _value, bytes _data, uint256 _salt)returns (bool success) Execute suggested transaction with given ID and details. Returns true if transaction was executed successfully, false if execution failed. Reverts if transaction was not executed, e.g. when _id is not a valid ID of pending suggested transaction, transaction didn't collect enough approvals yet, transaction details do not match hash passed to suggest method or caller is not authorized to execute transactions. 3.5. reveal(uint256, address, uint256, bytes) function reveal(uint256 _id, address _to, uint256 _value, bytes _data) Reveal details of suggested transaction with given ID by logging Revelation event. Reverts if transaction details were not revealed, e.g. when _id is not a valid ID of pending suggested transaction, transaction details (assuming zero salt) do not match hash passed to suggest method or caller it not authorized to reveal transaction details. Note, that details of transactions whose hash was calculated with non-zero salt cannot be revealed. function getHash (uint256 _id) constant returns (bytes32 hash) Get hash of details of suggested transaction with given ID. Reverts if _id is not a valid ID of pending suggested transaction. function isApproved (uint256 _id) constant returns (bool approved) Tells whether suggested transaction with given ID has collected enough approvals to be executed. Reverts if _id is not a valid ID of pendi Continue reading >>

Abra Adds Ether, Launches New Multi-sig Wallet For Holding Digital Assets

Abra Adds Ether, Launches New Multi-sig Wallet For Holding Digital Assets

The new Bitcoin-based, multi-signature wallet from Abra is being released hot on the heels of their recent funding announcement , supporting ether and 52 fiat currencies. Now, after running our service for the past few months with tens of millions of dollars of funds, were ready for commercial deployment of our multi-signature solution.CEO Bill Barhydt The new update is currently rolling out to current users and is expected to be completed during the first week of December 2017. The Abra wallet is available on Android and iOS. This new release is a full rewrite that adds support for ether as a currency, as well as the 2-of-2 multi-signature model that requires both Abra and the consumer to sign a transaction when the consumer is holding anything but bitcoin. In speaking with Bitcoin Magazine, Barhydt said this is the first phase of the next generation of their product what they call Synthetic Currency. This concept will conceivably allow you to fold any asset class onto your phone and tie it to bitcoin, like real estate, art, precious metals, etc. The first supported asset class is currency. Abras idea is similar in concept to what Venmo or Paypal provide and what banks are now catching up with in that it allows two parties to quickly exchange money but without a central authority. Abra now allows users to deposit any supported currency to a phone through a number of methods, including Automated Clearing House (ACH), wire transfer, bitcoin and American Express. It is also testing cash deposits in certain countries which have yet to be disclosed. Deposited funds are then used to buy bitcoin at a fixed conversion rate, determined at the time of transfer. For example, assuming bitcoin costs $10,000 each and you deposited $10,000 in fiat, you would have 1 BTC. If the price Continue reading >>

Ethereum Multi-signature Wallets.

Ethereum Multi-signature Wallets.

A technology anachronism who codes, teaches, mentors and consumes far too much caffeine. If you have been dealing with crypto currencies for a while, you will have heard about Multi-Sig Wallets being used to safeguard ether or tokens held by an entity often as the result of an ICO. They are used for several reasons, the foremost of these being To stop one person from running off with the loot To reduce key person risk in case one person is incapacitated or loses their keys. So, youve just raised 10,000 Ether in an ICO, youre thinking that it sounds like a good idea. Next you start trying to figure out what one is and how to use it. When I first heard of multi-sig wallets I was puzzled and thought of a group of people sitting around a computer or mobile device waiting for their turn to key in a password. Hey we are the blockchain generation! Its decentralised. Your multi-sig wallet is a smart contract living on the blockchain! Each of the wallets users can be in a different location in different timezones. The weird bit is that they each have to use a normal wallet to talk to the multi-sig wallet. We will go through the basics and then see examples of following these steps using the Parity Wallet. You can use almost any wallet but the Parity wallet is BIG and FRIENDLY which suits me for this tutorial. If you are having trouble and want to see some of the basics on another wallet tell me in the comments. At its core, a multi-signature wallet needs A list of people who are allowed to do things Rules on how many of those people have to agree before it happens A way to agree to a request (and submit it if you are last) A way to re-submit the request if it fails There are a load of nice to have as well, but that is enough to get started. The first two rules have to be decide Continue reading >>

A Simple & Safe Multisig Ethereum Smart Contract For Hardwarewallets

A Simple & Safe Multisig Ethereum Smart Contract For Hardwarewallets

A simple & safe multisig Ethereum smart contract for hardwarewallets tl;dr Unchained Capital has released an open-source Ethereum smart contract implementing 2/3-multisig designed to directly interface with Trezor hardware wallets. If you have a Trezor, you can try this contract right now, for free, via our hosted dApp . Developer? Hacker? Paranoiac? Check out the source code on GitHub and review our bug bounty . In theory, cryptocurrencies can be one of the safest ways to store wealth. By safeguarding a short list of English words, anyone can protect millions of dollars in wealth and rest assured that no hacker or government can take it from them. In practice, its never so easy. This is because holding cryptocurrency safely amounts to protecting the private keys used to secure addresses in blockchains. Some investors are comfortable delegating security to a 3rd parties such as exchanges. For those who prefer to protect their funds themselves, there are various schemes such as air-gapped laptops, purpose-built hardware wallets such as Trezor or Ledger , and even just pen & paper (wallet words and other private key backups). One problem that most of these schemes all share is that they are designed for single-signature addresses and so rely on protecting a single private key. No one is perfect, so what happens when you lose access to that private key? Mark Frauenfelder s wonderful article on losing his Trezors PIN & wallet words vividly illustrates the horrors of finding out you have locked yourself out of your funds because you can no longer access the single private key protecting your addresses. A better solution would use a 2/3-multisig quorum consisting of three separate private keys, held by three separate people, and requiring any two to spend. This provides both Continue reading >>

The Stainless Steel Multisig Ethereumwallet

The Stainless Steel Multisig Ethereumwallet

The Stainless Steel Multisig EthereumWallet Taking care of any significant amount of crypto assets is not for the faint of heart. There are no banks, no intermediaries and no security except the one you create yourself. IMPORTANT: NEVER EVER SHARE, REUSE OR TAKE PICTURE OF PRIVATE KEYS YOU WILL USE. THE PRIVATE KEY USED HERE IS JUST AN EXAMPLE; AND ANYONE READING THIS BLOG POST HAS FULL ACCESS TO ALL ASSETS IN IT. There are many different ways to store the private keys of a crypto account. For anyone with significant funds I would generally recommend to split the funds into several parts, and store these using different kinds of technological and non-tech solutions. There are already many different methods to store the private keys that are used to control crypto funds. This includes multi-sig online wallets (like Gnosis and Parity), paper wallets, hardware devices (Ledger and Trezor), storage on exchanges and others. This will not be a long post about crypto security, or a comparison of methods but a very practical instruction for how to store funds in a way that is pretty secure and complements other methods and that I have not found good instructions for elsewhere - the multisig steel crypto wallet. The most basic form of offline (also know as cold) storage is to create a new crypto wallet (or set of keys), save the private key on a piece of paper and then lock or hide that piece of paper somewhere safe, while all digital traces of the keys are destroyed. If the key generation is done on a clean computer, no one else should in theory be able to access the key. Now the only problem is to store the piece of paper in a safe and persistent way. Now, a problem with paper is that it is easily lost or destroyed and having the entire private key accessible by just reading o Continue reading >>

Toward An Ethereum Multisigstandard

Toward An Ethereum Multisigstandard

Developer/writer/thinker living in the cryptoverse. Co-founder of Grid+ Recent events have brought Ethereum multi-signature wallets (a.k.a. multisigs) into the spotlight. Twice this year, hackers or general troublemakers have exploited vulnerabilities in the Parity multisig smart contract . Critics have been quick to cite these incidents when suggesting Ethereum cant work due to a large attack surface, but the reality is much more nuanced. Grid+ is currently holding a token sale (ending soon) and is stashing its funds in a secure offline setup. When weighing our storage options, we immediately decided against all multisig smart contracts with which we were familiar, specifically those made by: Parity , Ethereum Foundation , ConsenSys , and Gnosis . This is not to say that all these wallets are exploitable (Gnosis wallet, for example, has held $200M for over a year without a breach), but the decision came from general prudence regarding complexity. None of these wallets met our needs, but that is not to say such a wallet cannot exist on Ethereum. As a means of comparison, we can look at Bitcoins P2SH -based multisignature scheme, which has zero reported hacks since its first use in 2012. The difference in security indeed comes from a reduced attack surface, though this is largely by necessity in Bitcoins constrained Script scripting language. In this article I will draw parallels between Bitcoins multisigs and a proposed Ethereum multisig. I hope this will help guide the discussion toward a common, standardized, simple Ethereum multisig contract. Before exploring Ethereum, it is instructive to first understand how Bitcoins pay to script hash (P2SH) scheme works and how it applies to a multisig scheme. The formal P2SH definition can be found in BIP16 and a 2-of-3 multisi Continue reading >>

More in ethereum