Who hacked The DAO in 2016 and redirected 3.6 million ETH? Laura Shin, journalist and former Forbes editor, identified the hacker by tracing the complexities of transactions and using forensic tools to crack privacy. However, he denied everything.
Ethereum, the second largest cryptocurrency network, is worth $360 billion. Founder Vitalik Buterin now has more than 3 million followers on Twitter. All of the most popular crypto trends in recent years have their roots in Ethereum, such as ICOs, decentralized finance (DeFi), non-fungible tokens (NFTs) and autonomous organizations, decentralized (DAO). Ethereum has also spawned many blockchain copycats, often dubbed the “Ethereum killers.”
Ethereum is also the subject of a major mystery: who pulled off the biggest Ether heist ever by attacking The DAO?
The Decentralized Venture Fund raised $139 million worth of ETH at the time of its public token sale, which ended in 2016, making it the most successful crowdfunding effort of all time. A few weeks later, a hacker extracted 31% of the ETH in The DAO, which was 3.64 million ETH, or about 5% of the ETH stash at the time, from the main DAO and moved it to the DarkDAO.
Laura Shin’s exclusive investigation was compiled and edited into a book, The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze, which seems to indicate that Toby Hoenisch, the programmer of The 36-year-A former employee who is Austrian and currently lives in Singapore was involved in this hack.
Hoenisch is by far best known as the co-founder and CEO of TenX, which raised $80 million to build a crypto debit card in its 2017 ICO. But this attempt failed. The market cap of TenX tokens is currently just $11 million, a sharp drop from ATH’s previous $535 million.
After being sent a document with detailed evidence pointing to Hoenisch as a hacker, he replied in an email that the conclusion was indeed wrong. In that email, Hoenisch suggested that he would provide evidence to refute Laura Shin’s argument, but Hoenisch has not responded to any further emails to date.
A detailed look at how much damage this hack has done, with ETH trading around $3,000, 3.64 million ETH now worth $11 billion. The famous and controversial DAO theft prompted Ethereum to perform a hard fork where the Ethereum network split in two to recover the stolen funds, so DarkDAO does not hold ETH but Ethereum Classic (ETC) is much less valuable. Backers of the fork were hoping ETC would die, but it’s currently trading around $30. That means DarkDAO wallets currently hold over $100 million in ETC.
Last year, while Laura was writing her book, a powerful and mysterious forensics tool from cryptocurrency query company Chainalysis discovered an anomalous signal. In fact, the story of The DAO and its six-year quest to find the hacker reveals many different aspects of the crypto world, including the development of transaction tracking technology since the earliest days of the market’s development.
Today, as blockchain technology has gone mainstream and new applications are emerging, one of cryptocurrency’s earliest applications, the anonymity shield, is beginning to recede due to pressure, regulation, and the fact that transactions on public blockchains are traceable.
Co-founders Toby Hoenisch and Paul Kittiwongsunthorn in Thailand in 2018 during the TenX strategy session
Since Hoenisch will not contact Laura, she can only speculate about Hoenisch’s motives.
He soon identified technical vulnerabilities in the DAO, but Hoenisch’s warnings were not taken seriously by the DAO makers.
At the beginning of 2016, the Ethereum network was not even a year old and there was only one application that people were interested in. That is the DAO, a decentralized venture fund built with smart contracts that gives token holders the right to vote on proposals submitted for funding. It was created by the Slock.it company. Instead of seeking traditional venture capital, the company decided to set up a DAO and then proceed with crowdfunding, hoping their project would receive funding from The DAO. The Slock.it development team believes the DAO can attract $5 million.
However, when it opened for public sale on April 30, it raised $9 million in just the first two days, with many participants exchanging 1 Ether for 100 DAO tokens. Some people on the development team were surprised at how much money was poured into the project, but it was too late to cut back on sales.
When the fundraiser ended a month later, 15,000 to 20,000 people had donated. The DAO held 15% of all Ether at the time, and the price of this cryptocurrency was steadily increasing. At the same time, many security and structural concerns have been raised with The DAO as withdrawals are too difficult.
Users need to be quite tech savvy and take a long time to withdraw funds. You must first create a “Child DAO” or “Split DAO”. In addition, the withdrawer must obtain consent from any other person who has transferred the funds to this “subordinate DAO”.
On the morning of June 17, ETH reached an ATH of $21.52, making the cryptocurrency worth $249.6 million on The DAO. That same morning, Griff Green, the community manager and first contributor to Slock.it, received a phone message from a DAO Slack community member stating that something strange was going on and it seemed like it was the money has been deducted.
Green conducted an audit and found that a transaction stream of 258 ETH left the DAO. When the attack stopped a few hours later, 31% of the ETH in The DAO had been sucked into the DarkDAO. As news of the attack spread, Ether’s price plummeted 33% from $21 to $14.
ETH and ETC price chart during DAO attack | Source: Forbes
DAO crowdfunding in 2016 drove the price of ETH to record highs until the June 17th attack sent the price plummeting. After the hard fork on July 20, the legacy blockchain began operating under the name Ethereum Classic (ETC).
Shortly thereafter, the Ethereum community exposed the vulnerability that led to this theft. The DAO smart contract was written so that whenever someone withdraws funds, it makes a deposit before updating that person’s balance. The attacker used a malicious smart contract, made 258 ETH withdrawals at once, and then interfered with contract updates, allowing them to withdraw the same amount of Ether over and over again.
To make it easy to understand, let’s say the attacker has $101 in his bank account, he withdraws $100 from the bank, then blocks the teller from updating the balance to $1, and then asks again: withdraw funds and another get $100. Even worse could happen. Once the vulnerability is made public, the remaining 7.3 million ETH in The DAO will be exposed to a copy attack.
A group of white hat hackers was formed and used the attacker’s method to transfer the remaining funds to a new subordinate DAO. But the attacker still has around 5% of the total outstanding ETH, and even the salvaged Ether is vulnerable due to vulnerabilities in The DAO. Moreover, the deadline for the hacker to get the funds he transferred in DarkDao is approaching July 21st. If the community wants to stop him from withdrawing the funds, they need to send tokens to the hacker’s DarkDAO and the “shared DAOs”. (or child DAOs) it creates. According to the rules of the DAO smart contract, an attacker cannot withdraw funds if someone else in the shared DAO objects.
Finally, after much bickering (on Reddit, in the Slack channel, via email and Skype), Ethereum founder Buterin made the cure public. After it emerged that the majority of the Ethereum community supported the move, Ethereum performed a hard fork. On July 20, the Ethereum blockchain split in half. Any ETH already in the DAO will be moved to the “withdrawal” contract, which gives the original contributors the right to deposit their DAO tokens and get ETH back on the new blockchain. The legacy blockchain, which still attracts some supporters and speculators, will be rebranded as Ethereum Classic.
On Ethereum Classic, what remains is the DAO and the attacker’s loot (in the form of 3.64 million ETC). This summer, the attacker moved their ETC to a new wallet, which remained dormant until late October when they attempted to use the ShapeShift exchange to transfer funds to Bitcoin.
Because ShapeShift did not obtain any user-identifying information at the time, it was not possible to determine the identity of the attacker, although all of its blockchain movements could be traced. Over the next two months, the hacker received 282 bitcoins (worth $232,000 at the time, now over $11 million). And then, perhaps because ShapeShift regularly blocks transactions, he refrained from withdrawing cash, leaving behind 3.4 million ETC worth $3.2 million (currently over $100 million).
Ethereum founder Vitalik Buterin considered supporting hard fork
The story likely ended with an anonymous hacker sitting on a large fortune he couldn’t get out of. As of last July, one of Laura’s sources involved in the DAO rescue said that Brazilian police had launched an investigation into the DAO attack and suspected that Brazilian-born man Alex Van de Sande might be a victim or even a hacker could. Van de Sande decided to do a forensic report by blockchain analysis firm Coinfirm to cleanse himself.
Among the first suspects are a Swiss businessman and partners…
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Bitcoin Spot ETF Outflows hit $541M on November 4, the second-highest single-day outflow in history.…
The hype around PropiChain’s token presale is due to its innovative integration of NFTs and…
UK pension fund Cartwright advised the country's first defined benefit pension fund to allocate 3%…
a16z and Coinbase have pledged substantial funds to crypto PAC Fairshake, aiming to support crypto-friendly…
Bitcoin (BTC), Ethereum (ETH), and Solana (SOL) dominate the crypto market, but experts warn that…
Discover the future as the Dogecoin price aims for a $0.7 comeback and discover why…
This website uses cookies.