On the 3rd of February this year, a London-based smart contract coding company, called Parity Technologies, issued an alert concerning a bug and security breach in their Ethereum nodes. According to their announcement, these nodes could be exploited and brought offline with a risk to the whole network. Parity reacted accordingly and released a new update that has removed this loophole and are advising all users to update their nodes as soon as they can to evade a possible breach.
Parity Security Issues
On November 8th, 2017, during the time when Parity was subject to controversy for security reasons, a user by the name of “Develops199” from the popular platform Github, accidentally managed to exploit the Parity software. The vulnerability was in the Parity multi-sig wallets and as a result, he froze about 513,774 ETH over dozens of wallets.
There were also other incidents that occurred before the deeds of “Develops199”. Back in June 2018, there was another security issue that plagued the Parity network and later in July, a malicious party stole 150,000 ETH from the service’s wallets. Returning the frozen funds to the affected users still remains unsolved and a headache.
Who’s Affected?
Parity decided to raise a security alert as soon as they were aware of the rising security risks and loopholes. Here are their statements over twitter:
“We were notified that a special RPC request can be sent to a public Parity Ethereum node (pre-2.29 or 2.3.2) & that node will crash. Updates that will fix this will be out in 1-2 hours. Watch @ParityTech for updates; stand by to update your node ASAP.”
“While the vulnerability only directly affects Parity Ethereum nodes that serve JSONRPC as a public service (e.g., Infura, MEW, MyCrypto, etc), we recommend everyone to update their nodes immediately.”
The ones who are directly affected by the security breach of the Parity network are mainly the nodes that serve JSONRPC as a public service. Some examples are Infura, MyEtherWallet, MyCrypto and other networks that have publicly accessible pieces of infrastructure. Nodes that fall out of this category are not directly affected by the issue. Make sure to update your nodes software as soon as possible to evade future risks.