Last year, The DAO, a decentralized autonomous investment fund, got hacked for $50 million. In July, a hacker was able to steal $31M of Ether by exploting a bug found in Paritys wallets. Today, we have the worst hack yet, only this time, the stakes are even bigger and it is all just one big fuck-up.
Two days ago, a user named devops199 opened an issue on Paritys Github, titled anyone can kill your contract, seemingly wanting to let Parity, a company that provides smart contracts for users of the Ethereum network, know about a vulnerability in their smart contract.
The smart contract that he was referring to, concerns a multi-signature-contract, which is used by a large amount of people as a digital wallet to safely store their Ethereum. Apparently, this wallet had a bug in its code. The bug, or, better said, security vulnerability, allowed Devops199 to make himself one of the owners of the contract. This gave him the permission to do pretty much anything.