An attacker is draining TheDAO of millions of ether as I write, according to a discussion on Reddit. According to one estimate by Sherlockcoin the entire DAO account is gonna be empty within 35.5 hours.
The attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.
The leaked ether is in a child DAO here – even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for the child DAO). This is an issue that affects the DAO specifically – Ethereum itself is perfectly safe. The bug is in the DAO’s code. If you hold DAO tokens you are likely about to lose all the value of those.
Stephan Tual founder of Ethereum startup Slock.it which cut TheDAO code ironically told CoinDesk recently:
“You don’t want a bad story about Ethereum. If [The DAO] were to crash, people would compare it to Mt Gox.”
According to Peter Vessenes, former CEO of CoinLab, Inc and Co-Founder / Chairman Emeritus of the Bitcoin Foundation.:
I wrote up this vulnerability last week: you CAN READ MORE ABOUT IT AT MY BLOG. In simple words, it’s like the bank teller doesn’t change your balance until she has given you all the money you requested. “Can I withdraw $500? Wait, before that, can I withdraw $500?”
“And so on. The smart contracts as designed only check you have $500 at the beginning, once, and allow themselves to be interrupted.”
Ethereum founder Vitalik Buterin has proposed a voluntary modification to Ethereum’s code that would make it impossible to spend the stolen coins. However, some members of the community have argued against recovering the money — using similar arguments made against the 2008 bank bailouts.
According a recent article in Blockchain News three members of Hacking Distributed – Dino Mark, Vlad Zamfir and Emin Gün Sirer found different problems with TheDAO on the day it was released in the first draft of a research paper that analyzed The DAO and its voting mechanism.
This paper identifies problems with The DAO’s mechanism design that incentivise investors to behave strategically – that is, at odds with truthful voting on their preferences and then outline potential attacks against The DAO made possible by these behaviors.
The DAO is a digital decentralized autonomous organization and a form of investor-directed venture capital fund. It’s objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises and it been instantiated on the Ethereum blockchain, and has no conventional management structure or board of directors.
The DAO was crowdfunded via a token sale in May 2016. It set the record for the largest crowdfunding campaign in history and raised over $150 million from from more than 11,000 investors.
Emin Gün Sirer, Hacker and professor at Cornell wrote in a recent article at Hackijng, Distributed called Caution: The DAO Can Turn Into a Naturally-Arising Ponzi:
If you don’t know how The DAO works: it’s a crowd-funded investment fund. You buy into The DAO with ether (a cryptocurrency), and get “DAO tokens” in return. DAO tokens are essentially shares in a computer-controlled fund. The DAO then invests your ether into worthy projects, selected by crowd voting. As these projects pay off dividends, you are supposed to make money as the crowd picks winners with its infinite wisdom, or lose money if the crowd ended up investing in turkeys.
You can take out your money at any time by selling your DAO tokens at the equivalent of a regular commodity market. Alternatively, you can convert your DAO tokens to ether through a process known as “splitting.” The split process takes a minimum of 48 days, and provides a fixed rate payoff: 1 DAO token leads to 1 ether, guaranteed.
To summarize, there are three distinct points here:
1. The specific idea of investing in The DAO’s own tokens is a particularly risky choice, especially when marketed as a risk free investment or as an arbitrage opportunity, because the ether backing it is time encumbered.
2. The DAO may be disposed towards risky investments where the complexity of the underlying financial instruments hide the Ponzi nature of the processes involved.
3. The only legitimate, sure-fire way to create value is by picking investments that create something that someone wants. Everything else that involves complex derivatives and so forth is not-that. Keep it clean, and stick to what we know to be good.
The value of the Ethereum currency, called ether (ETH), has fallen about 25 per cent since the attack.
- Blockchain App Humaniq’s HMQ Token to be Traded on Six Exchanges - April 24, 2017
- Five days left until Blockchain Startup Exscudo ICO - April 21, 2017
- Apptrade to Reward Crowdsale Participants with Three Percent Bonus - April 21, 2017
- Blockchain Technology Startup Humaniq Raises $3.8M and Signs Contract With Deloitte - April 21, 2017
- Monolith Studio Announces Crowdsale for TokenCard, the First Debit Card Powered by Smart Contracts - April 20, 2017
- Blockchain Co. SingularDTV Recruits Hollywood VP - April 18, 2017
- Factom Closes Extended Series A Round of $8 Million Following Harmony Product Launch - April 18, 2017
- Interview with Back to Earth founder Clay Space - April 18, 2017
- Ethereum Movie Initial Coin Offering Sell Out - April 18, 2017
- Insurtech Startup Etherisc Wins “Blockchain Oscar” for Innovative Insurance Platform - April 14, 2017
- India’s Blockchain Community Launches Digital Asset and Blockchain Foundation - April 14, 2017
- UK EPSRC Supports Seven Blockchain Projects with £3.6 Million - April 14, 2017
- Dutch National Blockchain Coalition Presents Action Agenda - April 14, 2017
- Broadridge, J.P. Morgan, Northern Trust and Banco Santander Successfully Complete Pilot of for Blockchain Voting - April 14, 2017
- Blockgeeks Labs to Hold Blockchain Hackathon in Toronto - April 14, 2017
- Exscudo network EON coins are available for pre-order - April 13, 2017
- One of Big Four accounting firms is now legal adviser of Exscudo - April 12, 2017
- Dash Cryptocurrency Signs on with Kraken - April 12, 2017
- Blockchain Capital Closes ICO – $10 Million in Six Hours Raised in Record Time - April 11, 2017
- Ethereum meets Hyperledger – Burrow Ethereum Smart Contract Machine to Join Hyperledger - April 11, 2017
- Porsche Announces First Blockchain Contest - April 10, 2017
- Fidelity Labs Joins IC3 Blockchain Group - April 10, 2017
- Global Graphchain Project FERMAT Announces Distributed Governance Model Featuring Contribution Contracts - April 10, 2017
- Coinsilium and Oraclize sign MoU to form Strategic Alliance - April 10, 2017
- Industry Thought Leaders Invest With Blockchain Capital in its Ground-Breaking ICO - April 8, 2017
- Novus To Launch Innovative Blockchain Advanced File Index System - April 5, 2017
- Lykke Announces OEM Services – Lykke Accelerator - April 5, 2017
- BitHub.Africa Announces ICO Campaign to Foster Region’s Cryptocurrency Ecosystem - April 5, 2017
- SibCoin: Siberia Down, China to Go - April 4, 2017
- Groundbreaking Blockchain Research to Feature at International Financial Cryptography Conference - April 4, 2017
- Exscudo, The Nextgen Financial System, Announces ICO - April 4, 2017
- A Film by Manuel Stagars – The Blockchain And Us Video Documentary – Released in Full - April 4, 2017
- Genpact Harnesses Blockchain Technology to Transform F&A Operations to Improve Cash Flow and Enhance Customer Experience - April 4, 2017
- Blockchain Startup TaaS Partners With Exchange Platforms - April 4, 2017
- Synereo announces Qrator – The First Attention Economy App - April 4, 2017
- Blockchain Capital Releases Offering Memorandum for Its $10 Million Digital Token Offering - April 4, 2017
- Lykke Announces Availability of Blockchain Startup ChronoBank TIME Token - April 3, 2017
- Blockchain Workspace Launches Blockchain Education Company in Amsterdam, Netherlands - April 3, 2017
- Blockchain Startup SingularDTV Goes Hollywood - April 1, 2017
- Ledger Raises $7m To Accelerate Worldwide Adoption Of Security Solutions For Blockchain And Cryptocurrency Applications - March 31, 2017
- Slock.it secures $2 million seed funding to build Sharing Economy Platform - March 31, 2017
- Open Source Blockchain Project MultiChain Adds Fourteen New Partners and Enters Beta - March 30, 2017
- Tokenization in the Age of Blockchain - March 30, 2017
- European Commission Proposes Blockchain Pilot to Examine Regulatory Issues - March 30, 2017
- BitPesa has Partnered with Bitcoin Company Bitbond to Improve Access to Financing for SMEs in Africa. - March 30, 2017
- Switzerland’s SIX Securities Services Develops Blockchain-Based Bond Issuing Solution - March 30, 2017
- Beijing Officials Demand Chinese Blockchain Standards - March 30, 2017
- Spanish Bank BBVA joins Hyperledger Project - March 30, 2017
- Alibaba to Tackle Counterfeit Food in China With Blockchain - March 30, 2017
- Cosmos Announces Upcoming Token Sale to Build Internet of Blockchains - March 29, 2017