An attacker is draining TheDAO of millions of ether as I write, according to a discussion on Reddit. According to one estimate by Sherlockcoin the entire DAO account is gonna be empty within 35.5 hours.
The attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.
The leaked ether is in a child DAO here – even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for the child DAO). This is an issue that affects the DAO specifically – Ethereum itself is perfectly safe. The bug is in the DAO’s code. If you hold DAO tokens you are likely about to lose all the value of those.
Stephan Tual founder of Ethereum startup Slock.it which cut TheDAO code ironically told CoinDesk recently:
“You don’t want a bad story about Ethereum. If [The DAO] were to crash, people would compare it to Mt Gox.”
According to Peter Vessenes, former CEO of CoinLab, Inc and Co-Founder / Chairman Emeritus of the Bitcoin Foundation.:
I wrote up this vulnerability last week: you CAN READ MORE ABOUT IT AT MY BLOG. In simple words, it’s like the bank teller doesn’t change your balance until she has given you all the money you requested. “Can I withdraw $500? Wait, before that, can I withdraw $500?”
“And so on. The smart contracts as designed only check you have $500 at the beginning, once, and allow themselves to be interrupted.”
Ethereum founder Vitalik Buterin has proposed a voluntary modification to Ethereum’s code that would make it impossible to spend the stolen coins. However, some members of the community have argued against recovering the money — using similar arguments made against the 2008 bank bailouts.
According a recent article in Blockchain News three members of Hacking Distributed – Dino Mark, Vlad Zamfir and Emin Gün Sirer found different problems with TheDAO on the day it was released in the first draft of a research paper that analyzed The DAO and its voting mechanism.
This paper identifies problems with The DAO’s mechanism design that incentivise investors to behave strategically – that is, at odds with truthful voting on their preferences and then outline potential attacks against The DAO made possible by these behaviors.
The DAO is a digital decentralized autonomous organization and a form of investor-directed venture capital fund. It’s objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises and it been instantiated on the Ethereum blockchain, and has no conventional management structure or board of directors.
The DAO was crowdfunded via a token sale in May 2016. It set the record for the largest crowdfunding campaign in history and raised over $150 million from from more than 11,000 investors.
Emin Gün Sirer, Hacker and professor at Cornell wrote in a recent article at Hackijng, Distributed called Caution: The DAO Can Turn Into a Naturally-Arising Ponzi:
If you don’t know how The DAO works: it’s a crowd-funded investment fund. You buy into The DAO with ether (a cryptocurrency), and get “DAO tokens” in return. DAO tokens are essentially shares in a computer-controlled fund. The DAO then invests your ether into worthy projects, selected by crowd voting. As these projects pay off dividends, you are supposed to make money as the crowd picks winners with its infinite wisdom, or lose money if the crowd ended up investing in turkeys.
You can take out your money at any time by selling your DAO tokens at the equivalent of a regular commodity market. Alternatively, you can convert your DAO tokens to ether through a process known as “splitting.” The split process takes a minimum of 48 days, and provides a fixed rate payoff: 1 DAO token leads to 1 ether, guaranteed.
To summarize, there are three distinct points here:
1. The specific idea of investing in The DAO’s own tokens is a particularly risky choice, especially when marketed as a risk free investment or as an arbitrage opportunity, because the ether backing it is time encumbered.
2. The DAO may be disposed towards risky investments where the complexity of the underlying financial instruments hide the Ponzi nature of the processes involved.
3. The only legitimate, sure-fire way to create value is by picking investments that create something that someone wants. Everything else that involves complex derivatives and so forth is not-that. Keep it clean, and stick to what we know to be good.
The value of the Ethereum currency, called ether (ETH), has fallen about 25 per cent since the attack.
- LAToken Tokenized Apple Shares to Sell Them for Cryptocurrencies - August 17, 2017
- Sensay, Groundbreaking AI and Chatbot Company Launches Token Sale - August 17, 2017
- ICOBox Token Presale Attracts $8.3 Million - August 17, 2017
- Indorse, the Decentralized Professional Social Network, Receives Additional Backing From Coinsilium After $5.5 million Pre-Sale - August 16, 2017
- Decentraland Partners With imToken, Connext, and Bitcoin Suisse - August 16, 2017
- Ethereum-based Car Towing Aggregator CarTaxi Plans ICO - August 16, 2017
- Ukraine Government to Allow Foreign Investors to Purchase Real Estate Online with Propy - August 16, 2017
- Cofound.it to Launch Weekly Crowdsales through September - August 15, 2017
- Blockstream Satellite: Broadcasting Bitcoin from Space - August 15, 2017
- Dr. Christian Seberino – Houston Texas Blockchain Course Kicks Off Friday August 18, 2017 - August 14, 2017
- Skycoin – Skywire Miner: Hardware for the Next Internet - August 12, 2017
- NSD and Waves kickstart development of Crypto Assets platform - August 12, 2017
- ICONOMI Introduces Columbus Capital As Its First Asset Management Partner - August 12, 2017
- Siberians to Launch ICO for Decentralized Betting eSports Platform - August 12, 2017
- Decentralized News Network Releases Alpha Update - August 12, 2017
- Gibraltar’s Fintech Sector Moves Forward – Awards Xapo E-money license - August 11, 2017
- AMBROSUS Partners with TREK THERAPEUTICS to Develop a Blockchain-powered Method to Track Quality in Pharmaceutical Manufacturing - August 11, 2017
- Outlier Ventures Becomes First VC To Hire ‘Head of Crypto-Economics’ With Appointment of Eden Dhaliwal - August 11, 2017
- Rivetz Raises $5.5 Million in RvT Token Pre-Sale; Public Token Crowdsale Begins Today, Capped at 200,000 ETH - August 10, 2017
- Leading Japanese VCs, Nippon Technology Venture Partners, FISCO Capitals, and ABBALab Inc all to invest in COMSA ICO tokens and XEM - August 10, 2017
- Binded Launches One Click U.S. Copyright Registrations - August 10, 2017
- Illinois Opens Blockchain Development Partnership with Hashed Health - August 9, 2017
- Jaxx and Cofound.it Partner to Give Best New Cryptocurrencies Immediate Liquidity - August 9, 2017
- GoldMint Project Plans to Provide 100 per cent Gold-Backed Stable Assets - August 9, 2017
- Launching a Blockchain Solution to Make Aviation Safer – Aeron.aero - August 9, 2017
- Blackmoon Financial Group Launches Blockchain-Based Platform for Tokenized Investment Funds - August 9, 2017
- SONM Launches Updated Platform With Discovery Algorithm - August 9, 2017
- AirFox Announces ICO to Make Mobile Data More Accessible and Affordable - August 8, 2017
- Golden Fleece Project To Expand Massive Altcoin Mining Ecosystem With Token Sale - August 8, 2017
- Notorious Lobbyist Jack Abramoff to Coach Bitcoin Activists in New Washington, DC-based Reality Docu-series from Blockchain Entertainment and Ignition Creative - August 8, 2017
- ATMChain’s Project In China With 7,000 Intelligent Media Screens ‘Goes Blockchain’ Through DECENT - August 8, 2017
- NEM.io Foundation Partners with Blockchain Global to Expand International Reach - August 8, 2017
- CFTE working with MAS to help ASEAN finance professionals acquire the skills of Finance 2.0 - August 8, 2017
- Rivetz International Partners with LAToken to Boost Marketplace Security on Mobile Devices - August 8, 2017
- investFeed Finishes Successful Token Generation Event - August 8, 2017
- Zen Protocol Unveils Testnet To Decentralize Finance - August 8, 2017
- Blockchain Startup JAAK Announce Official Pilot With Viacom UK - August 7, 2017
- RefToken Releases Blockchain Affiliate Platform Prototype – Announces Token Generation Event - August 5, 2017
- Dash Employs Elite Cybersecurity Service Bugcrowd to ‘Hack’ Its Blockchain - August 5, 2017
- 144,000 Free Spins up for grabs montly in BitStarz’s new Slot Battles! - August 5, 2017
- Stox Token Sale Raises $33 Million in 34 Hours – The Seventh Biggest of 2017 - August 4, 2017
- Swap Announces AIR Token Launch and AIRSWAP, a Decentralized, Peer-to-Peer Trading Platform - August 4, 2017
- investFeed Showcases First Version of Cryptocurrency-Based Social Investment Platform - August 3, 2017
- WePower Launches Blockchain-Powered Green Energy Platform and Token Sale - August 3, 2017
- DECENT Network introduces ATMChain - August 3, 2017
- Neufund Launches ICO Transparency Monitor to Judge ICOs Based on Smart Contract Design - August 3, 2017
- Bitfinex announces Ethfinex – a new community discussion and exchange platform for Ethereum crowdsales and tokens. - August 3, 2017
- Dutch Foundation Wants to Disrupt Charities Using Blockchain Technology - August 3, 2017
- Everex Officially Partners With Myanmar-based MicroMoney - August 3, 2017
- Tech Bureau Japan Launches Cryptocurrency Fundraising Medium, “COMSA” - August 3, 2017