As you have probably heard, an exploit was found that effects Ethereum Parity wallets. As of now, over $150 million in Eth is inaccessible and may be that way forever. In the article below I want to give a non-technical explanation of what happened for those who want an explanation in plain English, as well as a look at what seems to be a growing security issue for Ethereum.
For a simple explanation of what happened today, imagine Parity is a company that builds traditional safes, but safes that require 5 different keys all used at the same time to open it (the number 5 is just arbitrary in this example). So as long as all five keys are present, you can open the safe and get the contents. Now, imagine if someone took one of the five keys and melted it down or otherwise destroyed it. The content of the safe would be inaccessible. With this latest exploit, someone did just that. But instead of melting a physical key, they deleted the file that holds one of the “keys”. Without that key, it is impossible to get to the contents of ANY of those parity wallets.
But once again, I want to point out, the above explanation is EXTREMELY simplified and not a perfect analogy, but without getting very technical, it does a reasonably good job of conveying what happened.
So how can this be fixed? The most obvious would be a hard fork similar to what happened during the DAO hack. But that has several consequences. First of all, it damages the credibility of Ethereum. It makes it look like an insecure platform that simply forks every time it gets hacked or a security flaw is found. Second, it removes what is referred to as “moral hazard” which means, if developers feel that they can fork every time an exploit is found, they will become lazy with their coding since they can always bail themselves out with a hard fork.
Since we are less than 24 hours into this latest exploit, the full results are not known. But one has to start to question the speed at which Ethereum is adding new code on top of the original as well as adding features and capabilities. Is it too fast and being done without the proper testing and security? With two significant exploits happening in just over a year where people have lost a combined $200 million or more, I think it’s a valid question to start asking.