An attacker is draining TheDAO of millions of ether as I write, according to a discussion on Reddit. According to one estimate by Sherlockcoin the entire DAO account is gonna be empty within 35.5 hours.
The attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.
The leaked ether is in a child DAO here – even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for the child DAO). This is an issue that affects the DAO specifically – Ethereum itself is perfectly safe. The bug is in the DAO’s code. If you hold DAO tokens you are likely about to lose all the value of those.
Stephan Tual founder of Ethereum startup Slock.it which cut TheDAO code ironically told CoinDesk recently:
“You don’t want a bad story about Ethereum. If [The DAO] were to crash, people would compare it to Mt Gox.”
According to Peter Vessenes, former CEO of CoinLab, Inc and Co-Founder / Chairman Emeritus of the Bitcoin Foundation.:
I wrote up this vulnerability last week: you CAN READ MORE ABOUT IT AT MY BLOG. In simple words, it’s like the bank teller doesn’t change your balance until she has given you all the money you requested. “Can I withdraw $500? Wait, before that, can I withdraw $500?”
“And so on. The smart contracts as designed only check you have $500 at the beginning, once, and allow themselves to be interrupted.”
Ethereum founder Vitalik Buterin has proposed a voluntary modification to Ethereum’s code that would make it impossible to spend the stolen coins. However, some members of the community have argued against recovering the money — using similar arguments made against the 2008 bank bailouts.
According a recent article in Blockchain News three members of Hacking Distributed – Dino Mark, Vlad Zamfir and Emin Gün Sirer found different problems with TheDAO on the day it was released in the first draft of a research paper that analyzed The DAO and its voting mechanism.
This paper identifies problems with The DAO’s mechanism design that incentivise investors to behave strategically – that is, at odds with truthful voting on their preferences and then outline potential attacks against The DAO made possible by these behaviors.
The DAO is a digital decentralized autonomous organization and a form of investor-directed venture capital fund. It’s objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises and it been instantiated on the Ethereum blockchain, and has no conventional management structure or board of directors.
The DAO was crowdfunded via a token sale in May 2016. It set the record for the largest crowdfunding campaign in history and raised over $150 million from from more than 11,000 investors.
Emin Gün Sirer, Hacker and professor at Cornell wrote in a recent article at Hackijng, Distributed called Caution: The DAO Can Turn Into a Naturally-Arising Ponzi:
If you don’t know how The DAO works: it’s a crowd-funded investment fund. You buy into The DAO with ether (a cryptocurrency), and get “DAO tokens” in return. DAO tokens are essentially shares in a computer-controlled fund. The DAO then invests your ether into worthy projects, selected by crowd voting. As these projects pay off dividends, you are supposed to make money as the crowd picks winners with its infinite wisdom, or lose money if the crowd ended up investing in turkeys.
You can take out your money at any time by selling your DAO tokens at the equivalent of a regular commodity market. Alternatively, you can convert your DAO tokens to ether through a process known as “splitting.” The split process takes a minimum of 48 days, and provides a fixed rate payoff: 1 DAO token leads to 1 ether, guaranteed.
To summarize, there are three distinct points here:
1. The specific idea of investing in The DAO’s own tokens is a particularly risky choice, especially when marketed as a risk free investment or as an arbitrage opportunity, because the ether backing it is time encumbered.
2. The DAO may be disposed towards risky investments where the complexity of the underlying financial instruments hide the Ponzi nature of the processes involved.
3. The only legitimate, sure-fire way to create value is by picking investments that create something that someone wants. Everything else that involves complex derivatives and so forth is not-that. Keep it clean, and stick to what we know to be good.
The value of the Ethereum currency, called ether (ETH), has fallen about 25 per cent since the attack.
- Founder and CEO of eToro, Yoni Assia, Joins Bancor Protocol Advisory Board - May 25, 2017
- Blockchain Startup Exscudo Rolls Out EON Source Code On GitHub - May 24, 2017
- Blockchain Startup Binded Raises $950k in Seed Round to Democratize Copyright - May 24, 2017
- Waves launches Gatway for the Euro - May 23, 2017
- Netki & Bitt Production Release Underway with Caribbean Financial Institution - May 23, 2017
- Kibo Lotto Launched in Ethereum Test Network - May 23, 2017
- Deloitte’s Blockchain Team Unveils Prototypes, Research and Alliances at Consensus 2017 - May 23, 2017
- Swiss e-government startup Procivis releases integrated e-identity platform - May 23, 2017
- Blockchain Wallet Jaxx Announces Massive Expansion - May 22, 2017
- ShapeShift Launches First Trustless Asset Portfolio Platform - May 22, 2017
- Status.im and Bancor Protocol Cut Deal to Issue Tokens From Smartphones - May 22, 2017
- Future\Perfect Lab Launches Blockchain, IoT, Artificial Intelligence and Security Convergence Project - May 21, 2017
- Storj Labs Claims Number Two ICO Spot With $20 Million Raised in Less than Six Hours - May 19, 2017
- Starta ICO Announces Crowdsale for Eastern European VC Vehicle on Waves Platform - May 19, 2017
- SingularDTV Announces New 11 Application Ecosystem - May 19, 2017
- Storj Labs Launches Token Sale - May 19, 2017
- CORION Announces Full-Service Blockchain Platform to Build and Manage Any Business - May 19, 2017
- Luxembourg Blockchain Group Incorporates Infrachain a.s.b.l. - May 18, 2017
- Fintech Investment Group Launches With AI Forex Trading Platform And Compcoin Digital Tokens Ahead Of Initial Coin Offering - May 18, 2017
- IBM and Chile’s Santiago Exchange to Deliver World’s First Securities Lending Blockchain Solution - May 18, 2017
- Supercomputer Organized by Network Mining (SONM) announces ICO - May 18, 2017
- Digital Assess Wants to Use Blockchain Technology to Replace Paper Qualifications - May 18, 2017
- Aragon Smashes ICO Record Pulling in $25 million in 15 Minutes - May 18, 2017
- Bloq Launches BloqLabs to Bring Open Source Blockchain Technologies to Enterprise - May 17, 2017
- Wagerr (WGR) — Sports Betting on the Blockchain - May 17, 2017
- Avalon Life Puts Land Ownership on Blockchain, Launches GREEN EARTH ZERO Service with NEM Technology - May 17, 2017
- Swiss EY Team Joins Polybius Cryptobank as Advisors, ICO to Follow - May 17, 2017
- IOTA Announces $2 Million IOTA Ecosystem Fund - May 17, 2017
- Crypviser Blockchain-Based Encrypted Communication Platform Announces the ICO of CVCoin Tokens - May 17, 2017
- Blockchain App Puts An End To Medical Records Being Held To Ransom - May 17, 2017
- Report on Blockchain Start-up Marketing Maturity Shows Challenges and Opportunities Ahead - May 17, 2017
- BlockEx Partners With Winston & Strawn to Leverage Blockchain for Bond Issuance - May 17, 2017
- US Brokerage Petitions SEC to Get Moving on ICOs - May 17, 2017
- Silicon Valley’s Boost VC to Invest in ICOs - May 16, 2017
- Aragon Partners with Leading Digital Asset Exchange ShapeShift Ahead of Highly Anticipated Token Sale - May 16, 2017
- LuxTrust and Cambridge Blockchain Announce Privacy-Protecting Identity Platform - May 15, 2017
- Sphre Partners with Airbitz to Power Secure Blockchain-Based Identity Management - May 15, 2017
- Furtherfield Gallery – Blockchain Art Exhibition London - May 12, 2017
- P2pfisy: An Innovative, Cross-sectoral Perspective On The Ongoing Disintermediation Of Financial Systems. - May 12, 2017
- How Exscudo Helps You To Store Cryptocurrencies - May 12, 2017
- Blockchain-Fueled Waves Platform Integrated in Microsoft Azure - May 12, 2017
- Nick Gogerty Joins the Lykke Team as Chief Strategist - May 12, 2017
- Countr POS Partners with Coinify to bring Blockchain Payments to its Merchants - May 12, 2017
- Wall Street Fintech PR Agency, Wachsman PR, Chooses Dublin as European HQ - May 12, 2017
- London Crypofinancing Conference – The Future of Startup Finance – Initial Coin Offerings, Token Sales, Cryptocurrencies and Blockchain - May 12, 2017
- AST to Deliver Blockchain-based Proxy Voting Solution - May 10, 2017
- Cofound.it Launches Token Sale for Startup Platform - May 10, 2017
- Global Graphchain Project FERMAT Expands, Partners with Cicada - May 9, 2017
- Gideon Greenspan – Where Flexible Thinking is Preferable to Dogmatism – The Blockchain Immutability Myth - May 9, 2017
- Mathematician and Israeli Bitcoin Association Chairman Meni Rosenfeld Joins Bancor Advisory Board - May 7, 2017