Description
It is possible to send calls to the WalletLibrary contract itself. Specifically, the WalletLibrary contract could be initialised, and become owned. A user did this, by calling initWallet() function on the WalletLibrary contract, becoming an owner of the library contract. The same user, subsequently called the kill() function. Because the user was an owner of the Library contract, the modifier passed and the library contract suicided. As all Wallet contracts in existence refer to this library contract and contain no method to change this reference, all of their functionality, including the ability to withdraw ether is lost along with the WalletLibrary contract. More directly, all ether in all parity multi-sig wallets of this type instantly become lost or permanently unrecoverable.
Vector: BVSS:1.1/B:L/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:H/AI:H
Original source
https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4#code
ok