Nobody is Sure How To Deal with $300 Million in Frozen Ethereum Funds
Here’s a thought-experiment: Let’s say you have something important to protect. You’re a staunch defender of your valuables, so you secure them in the most impregnable safe available, and you program that safe with the most complex code that you can muster. Within the confines of that safe, your valuables are secure, and you can rest easy.
Until, disastrously, you forget the code.
This is essentially the scenario for a group holding Ethereum, a popular cryptocurrency that stands as the most obvious competitor to Bitcoin.
Last week, a single user made a series of accidental errors that have permanently locked around $300 million worth of Ethereum in a crypto-wallet developed by Parity, an Ethereum wallet provider.
What actually happened
The short story goes like this. A bug in Parity’s system allowed users to convert multi-signature wallets into individual wallets that can be controlled by a single user. Multi-signature wallets are a widely popular security measure taken by cryptocurrency holders, perhaps akin to purchasing the most advanced safe.
These wallets are often used by ICOs, which tend to bring in a lot of money, or by companies where several different people have a vested stake in the funds. Multi-signature wallets prevent one person from making financial decisions that can impact the entire group, and they keep all of the digital assets safe yet accessible should something happen to one of the members of the group.
Unfortunately, Parity’s flaw allowed a single user to make changes to the whole account. A user, known as devops199, accidentally exposed the bug when he converted several multi-signature crypto-wallets into individual wallets that could be manipulated without the consent of other account users. In a misguided attempt at correcting the mistake, devops199 accidentally restricted its own access to the funds and effectively suicided the account.
This relatively simple process eliminates access to a particular wallet, and it ensures that no one, including the account holder, can access the account. It’s akin to deleting an account, and it’s impossible to reverse.
The Gift and the Curse of Immutability
Of course, one of the pillars of cryptocurrency philosophy is the immutability of digital transactions. Cryptocurrency transactions are permanent, and they cannot be unwound or reversed. Typically, this is a reliable security feature that helps proliferate the validity and usability of crypto transactions. However, in this case, it’s proving to be a profound liability; it means that there are no easy solutions for recovering the $300 million of Ethereum locked in these users’ wallets.
At this time, Ethereum is considering a hard fork to recover the funds. While hard forks are not totally uncommon for cryptocurrencies, they are typically employed as methods for improving or maturing the currency. For example, when Ethereum released its Byzantium hard fork last month, it improved Ethereum’s blockchain’s capacity for its rapidly expanding network. In this case, the hard fork would simply create a parallel Ethereum ecosystem in which this error never occurred.
To Fork or Not to Fork
Although a hard fork is technologically feasible, it has philosophical implications that extend far beyond this specific episode. Most obviously, it raises questions of fairness and equal treatment. For example, how much money would have to be compromised to institute a hard fork?
Three hundred million dollars is certainly a lot of money; will other users who experience a similar scenario but with fewer funds be treated differently? It’s hard to imagine rapidly growing platforms like Ethereum instituting a hard fork every time someone inadvertently makes a mistake like this.
Ultimately, these are good discussions to have. While cryptocurrencies are rapidly increasing in value and usability, many of the tangible, usability questions have been left unanswered or unexplored. As norms are established, the ecosystem can continue to mature and develop
Moreover, this particular incident is an encouraging reminder that cryptocurrencies and the systems’ platforms that protect them are actually working as they should. The loss of $300 million is the result of human error, not technical malfeasance. Crypto-skeptics worry about the underlying technology, but this episode reminds us that we humans continue to be our own worst enemy.