ICO News: Polkadot ICO Exposes Blockchain Vulnerability

on Nov 8, 2017

Polkadot, a network that connects public blockchains, was celebrating a happy hour on Nov. 6, according to the startup’s Twitter page. Two days later and there’s not too much happy going on after a developer inadvertently exploited an issue to code in what are known as multi-sig digital wallets tied to the Polkadot ICO. As much as USD 150 million worth of ETH could be at stake, most of which was tied up in the PolkaDot ICO, and upcoming ICOs that are unfolding today could also be at risk. The company has since issued a security alert that’s critical in nature, and the status of the Polkadot ICO remains unclear. 

Upcoming ICO Built on Trust 

Some users on social media questioned how the startup could develop a multi-blockchain to connect side chains to the Ethereum network when a digital wallet proved to be insecure. Polkadot’s whole mantra revolves around trust, and this incident has got to cut to the core of the mission.

Perhaps most concerning is that the Polkadot ICO was not just any other token sale. Gavin Wood, founder of Parity Technologies, which is building out the Polkadot protocol, is one of the original founders of Ethereum, the blockchain network on which most upcoming ICOs are designed. He is a blockchain pioneer, and for the breach to occur on a project he is leading suggests that no upcoming ICO is immune. Wood is also no stranger to being hacked, as a separate breach over the summer resulted in a reported USD 30 million ETH being taken

Apparently the fix for the code connected to the previous vulnerability from the summer contained another vulnerability tied to the Parity multi-sig wallet that was inadvertantly accessed by a developer. Upon realizing what he had done, the developer then proceeded to delete the subsequent wallet that was created and in doing so appears to have frozen some of the accounts associated with the Polkadot ICO. As a result, funds are blocked from being deposited or withdrawn from the accounts.

It’s an ongoing situation that the company will continue to update on its blog