Parity Multisig
HackedInfrastructure · born 2015 · ✝ 2017
A wallet library anyone could become owner of, then kill.
Parity Multisig was a widely used Ethereum multi-signature wallet whose shared library contract was left uninitialized. In 2017 attackers exploited the flaw to seize and ultimately freeze roughly $150M worth of ETH across hundreds of wallets.
- Peak
- ~$150M frozen
- Cause
- Hacked
- Year of death
- 2017
☠️ Cause of death
An uninitialized library contract let an attacker claim ownership and trigger its self-destruct, bricking every dependent multisig wallet and permanently locking the funds.
📓 Lessons left behind
- —Uninitialized contracts are an open door for ownership takeover.
- —Shared library code becomes a single point of catastrophic failure.
- —selfdestruct in a dependency can brick everything built on it.
🌱 The idea that survived
Initialization guards
Hardened smart-contract patterns now mandate constructors and initializer locks on upgradeable and library code.
#wallet#multisig#smart-contract#ethereum