The Parity Wallet hack was an attack performed on 19 Jul 2017, on the 2 Ethereum smart contracts deployed by Parity Techologies.


The first Parity smart contract is the contract for the wallet itself, and the second Parity smart contract is a library of functions used by the first contract.


According to the OpenZeppelin blog, the attacker sent a transaction making himself the owner of the wallet, and sent a second transaction to transfer some of the funds out of the wallet.

The success of this hack is because the wallet contract forwards all unmatched calls to the library, and that one of the public functions, initWallet, used to set the owner of the wallet, did not check that it
was already called, before allowing anyone else to call it. As such, the attacker called initWallet, and made himself the owner of the wallet.

Subsequently, an unknown person (it could also be the attacker) accidentally destroyed the library on 6 Nov 2017, making it impossible for any funds to be withdrawn out of the wallet, and forever remain trapped in there, until a solution has been devised.

As part of my curiosity afterwards, I wrote a Javascript app (which was placed on Github) to retrieve all the Parity affected accounts.