Two days after an unknown person with the GitHub handle devops199 killed the library contract associated with certain Parity wallets, freezing over 500,000 Ether, Martin Swende, the Ethereum Foundation’s head of security, told ETHNews that “I see it as an objective fact that these funds cannot be unlocked unless there is an hardfork involved.”
He also observed that the challenges of implementing such an overhaul “are more of a political than technical nature,” alluding to the resistance that such a move might face from the broader Ethereum community. This opposition would presumably be partially fueled by fears that a fork might cast doubt on the Ethereum blockchain’s legitimacy, potentially leading users to abandon the platform and causing the value of Ether to fall.
One possible solution, which could only be implemented by means of a hard fork, is an Ethereum Improvement Proposal referred to as EIP156. First introduced on GitHub by Ethereum co-founder Vitalik Buterin on October 14, 2016, these edits to Ethereum’s code would aim to allow “for users with ether or other assets in common classes of ‘stuck’ accounts to withdraw their assets.” In his original post on the subject, Buterin notes that “there may be a risk that this proposal will be viewed controversially as it is in some sense a ‘rescue’ rather than a ‘technical improvement’, even though it is arguably much less intrusive than previous such proposals.”
In a comment on this EIP156 thread, posted on November 8, 2017, Swende offered several suggestions for how the scheme might be amended, qualifying his statements with the disclaimer that, “I'm just exploring the technical possibilities here, not championing any particular path forward.” In comments to ETHNews, Swende said, “I hope the discussion [around how to proceed] can be carried forward without the foundation acting as a central authority.” In remarks elsewhere, he explained that the search for a solution is not time-sensitive, “so the governance process can in my opinion move along without rushing anything.”
For his part, Buterin took to Twitter on November 8 to distance himself from any conversations about how to address the Parity bug:
In the meantime, Parity announced that it had set up a website where concerned users could find out whether their holdings are among those frozen. According to the site, the vulnerability affected 584 wallets belonging to 573 users. The alert also contained an email address that impacted customers can write to and offered the assurance that “We continue to investigate the situation and are exploring all possible implications and solutions.”