Since the Parity wallet bug was , we have encountered a lot of conflicting information regarding the size and scope of the issue. first reported on Tuesday Some sources have reported worth of ether had been lost, while others have quoted a lower number of . As for the number of wallets affected, a that’s been making the rounds shows a total of . However, shows the impact to be much larger with affected. as much as $300m $150m Google Docs spreadsheet 151 wallets Parity’s own website 584 wallets Even more importantly, . And if you’re not sure why that matters, consider the chart below. we’ve seen little to no information at all regarding the organizations who own these wallets Many of these wallets belong to companies that raised the money via an ICO. If that money is gone, it’s not just a problem for the company. It’s a problem for everyone who owns its tokens. Based on the data we’ve collected, here is our assessment of the situation. We examine the magnitude of the impact and the list of companies/ICOs affected. What happened? On November 6th (last Monday), an Ethereum developer “accidentally” triggered a bug, wiping out a that Parity’s multi-sig wallets depend on. With the code deleted, the ether sitting inside those wallets is for all intents and purposes unreachable. library of code Discussion of the issue on Github The developer is not affiliated with Parity and his has since been deleted. Github account For a full explanation of how the breach happened, here is . a great explainer by Comaelo’s Matt Suiche What is the impact? We count with a combined balance of , valued at based on an ETH price of $304. 598 affected wallets 514k ETH $156 million The script we used to reach these figures is . Essentially, these are its steps: posted here Loop through every smart contract deployed on Ethereum since July 20. This is the date that the code library in question was created, so any smart contracts that rely on it would necessarily have been deployed after this date. Identify the affected wallets by looking for the string “863df6bfa4469f3ead0be8f9f2aae51c91a907b4” somewhere in the body of the smart contract initialization code. This string is the and it is hard-coded into their wallets. address of Parity’s code library “863df6bfa4469f3ead0be8f9f2aae51c91a907b4” Affected wallets are identifiable by the presence of the string in their initialization code (image from Etherscan ) To determine how much ether was lost, loop through each of the affected wallets and grab its current balance using the . JSON RPC API You can find the . code for this script and the full list of affected addresses here As stated above, we count 598 affected wallets. But the damage is not nearly as widespread as that number would imply. 496 of the wallets are empty (balance of < 1 ether). And of the remainder, the loss is heavily concentrated in a few large wallets. Most notably, 60% of the entire loss ($93m of the $156m total) comes from a single wallet belonging to the , an organization closely affiliated with Parity itself. The funds had just been raised a few weeks ago in the ICO for the Foundation’s new multichain project . Web3 Foundation Polkadot More below on which ICOs are affected. Why is there such a large discrepancy in the loss numbers being reported? In contrast to our loss estimate of $156m, many sources have a much higher figure, in the ballpark of . These reports all appear to trace back to a single tweet from Patrick McCorry, a blockchain researcher at University College London, in which he estimates a total loss of $278m. reported $300m Shortly after sending out the tweet, McCorry found an error in the calculation and posted a , revising the figure down to $154m. That amount was also independently verified on . Yet, the inflated number has continued surfacing in the news, as recently as . correction Parity’s own Gitter chat earlier today Which ICOs are affected? The graphic below displays every affected wallet with a balance of at least 33 ETH (about $10,000). Our data shows 16 of these wallets to be associated with an ICO fundraising. ICOs impacted by the wallet freeze (graphic and data by: ) Elementus Note: Ownership of these wallets has not been verified with the companies. The associations are our own estimations based on the data we’ve collected. In summary… are impacted, but only 60 of those wallets have a balance greater than $10,000 (those shown in the graphic above). 598 wallets The total loss is , not $300 million, as many news stories are reporting. 514k ETH / $156 million The biggest loser in all of this is itself. They own the $93 million wallet, which represents . Parity 60% of the entire loss At least of the affected wallets are associated with companies that have raised money via an ICO. 16 In these 16 cases, it is not only the companies who are affected. Their token holders are affected as well. Originally published at elementus.io on November 10, 2017.
