
Critical bug in Ethereum multisig wallet. At least $32M worth of ethers stolen - jerguismi
https://twitter.com/maraoz/status/887751004971831296
======
jstanley
This bug is specifically in the Parity multisig wallet.

The bug is that the initWallet function (which includes setting the owner of
the wallet) could be called by anyone, at any time, not just by the creator at
initialisation time. Yes, really.

The attacker is searching for Parity multisig wallets, setting himself as the
owner, and withdrawing all of the money.

~~~
justinjlynn
Wow, this falls into the "fucking what?" category of security bugs. It's like
walking into the Central New York Gold Depository and declaring yourself king
of the world and walking out with everyone's gold with nobody noticing stupid.

~~~
microwavecamera
Best summary I've read so far.

