Ethereum Security Alert - (153k ETH gone)

Severity: Critical

Product affected: Parity Wallet

Summary: A vulnerability in Parity Wallet's variant of the standard multi-sig contract has been found.

Affected users: Any user with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST.

Mitigation steps: Immediately move assets contained in the multi-sig wallet to a secure address.

Github Link:
https://github.com/paritytech/parity/commit/e06a1e8dd9cfd8bf5d87d24b11aee0e8f6ff9aeb

Blockchain Explorer
https://etherscan.io/address/0xb3764761e297d6f121e79c32a65829cd1ddb4d32#internaltx

Explanation
In ethereum the wallet software itself tends to be well engineered (well enough to not have had too many vulnerabilities in the last few years).
However the scripts are turing complete (can do anything) which leads to the following:
There's more things that can go wrong.
More people try to write custom ones.
Hence there's a lot more buggy ethereum scripts than buggy bitcoin scripts. So much so that it more than makes up for the (seemingly) less buggy wallet implementations in terms of funds loss.

Basically it's hard (complicated) to make smart contracts, and when they work they are so complex these early days that people don't have a complete understanding of their implementation's inner workings/security model. Somebody more clever comes along with experience of how the system works and finds a loophole (error in the way the developer designed their smart contract) to exploit.