An attacker is draining TheDAO of millions of ether as I write, according to a discussion on Reddit. According to one estimate by Sherlockcoin the entire DAO account is gonna be empty within 35.5 hours.
The attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.
The leaked ether is in a child DAO here – even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for the child DAO). This is an issue that affects the DAO specifically – Ethereum itself is perfectly safe. The bug is in the DAO’s code. If you hold DAO tokens you are likely about to lose all the value of those.
Stephan Tual founder of Ethereum startup Slock.it which cut TheDAO code ironically told CoinDesk recently:
“You don’t want a bad story about Ethereum. If [The DAO] were to crash, people would compare it to Mt Gox.”
According to Peter Vessenes, former CEO of CoinLab, Inc and Co-Founder / Chairman Emeritus of the Bitcoin Foundation.:
I wrote up this vulnerability last week: you CAN READ MORE ABOUT IT AT MY BLOG. In simple words, it’s like the bank teller doesn’t change your balance until she has given you all the money you requested. “Can I withdraw $500? Wait, before that, can I withdraw $500?”
“And so on. The smart contracts as designed only check you have $500 at the beginning, once, and allow themselves to be interrupted.”
Ethereum founder Vitalik Buterin has proposed a voluntary modification to Ethereum’s code that would make it impossible to spend the stolen coins. However, some members of the community have argued against recovering the money — using similar arguments made against the 2008 bank bailouts.
According a recent article in Blockchain News three members of Hacking Distributed – Dino Mark, Vlad Zamfir and Emin Gün Sirer found different problems with TheDAO on the day it was released in the first draft of a research paper that analyzed The DAO and its voting mechanism.
This paper identifies problems with The DAO’s mechanism design that incentivise investors to behave strategically – that is, at odds with truthful voting on their preferences and then outline potential attacks against The DAO made possible by these behaviors.
The DAO is a digital decentralized autonomous organization and a form of investor-directed venture capital fund. It’s objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises and it been instantiated on the Ethereum blockchain, and has no conventional management structure or board of directors.
The DAO was crowdfunded via a token sale in May 2016. It set the record for the largest crowdfunding campaign in history and raised over $150 million from from more than 11,000 investors.
Emin Gün Sirer, Hacker and professor at Cornell wrote in a recent article at Hackijng, Distributed called Caution: The DAO Can Turn Into a Naturally-Arising Ponzi:
If you don’t know how The DAO works: it’s a crowd-funded investment fund. You buy into The DAO with ether (a cryptocurrency), and get “DAO tokens” in return. DAO tokens are essentially shares in a computer-controlled fund. The DAO then invests your ether into worthy projects, selected by crowd voting. As these projects pay off dividends, you are supposed to make money as the crowd picks winners with its infinite wisdom, or lose money if the crowd ended up investing in turkeys.
You can take out your money at any time by selling your DAO tokens at the equivalent of a regular commodity market. Alternatively, you can convert your DAO tokens to ether through a process known as “splitting.” The split process takes a minimum of 48 days, and provides a fixed rate payoff: 1 DAO token leads to 1 ether, guaranteed.
To summarize, there are three distinct points here:
1. The specific idea of investing in The DAO’s own tokens is a particularly risky choice, especially when marketed as a risk free investment or as an arbitrage opportunity, because the ether backing it is time encumbered.
2. The DAO may be disposed towards risky investments where the complexity of the underlying financial instruments hide the Ponzi nature of the processes involved.
3. The only legitimate, sure-fire way to create value is by picking investments that create something that someone wants. Everything else that involves complex derivatives and so forth is not-that. Keep it clean, and stick to what we know to be good.
The value of the Ethereum currency, called ether (ETH), has fallen about 25 per cent since the attack.
- Factom Launches Revolutionary Blockchain Suite of Mortgage Products - March 24, 2017
- Qtum Shatters ICO Records Raising $15.6 Million - March 24, 2017
- Blockchain Startup Sphre Announces ICO (Crowdsale) for Digital Identity Platform Called Air - March 22, 2017
- Kestrel sign ups to MTI’s blockchain driven solutions to deliver global growth - March 22, 2017
- The G20 Countries Should Investigate Blockchain Technologies to Build an Inclusive, Transparent, and Accountable Digital Economy for All - March 21, 2017
- Particl, a Distributed Marketplace Rethinking Privacy’s Future – Announced Seed Round - March 21, 2017
- ZrCoin To Do Initial Coin Offering (ICO) to Crowdfunds Commodities Option - March 21, 2017
- Canada’s Scotiabank and AlphaPoint Announce Successful Blockchain Trial - March 21, 2017
- Canada’s SecureKey taps IBM to put identity on the Blockchain - March 21, 2017
- Blockchain Startup Humaniq Launches London Office - March 21, 2017
- QRL Recruits Testers for High Security Quantum-Resistant Blockchain - March 20, 2017
- Blockchain of Things, Inc. Releases Paw Advanced REST Client Integration - March 19, 2017
- ConsenSys Named Official Blockchain City Advisor for the City of Dubai - March 16, 2017
- Bloq Launches BloqLabs to Connect Enterprises with Open Source Blockchain Innovations - March 16, 2017
- Multi-Million Dollar Research Institute Launched to Explore Blockchain Use Cases, Opportunities and Challenges - March 16, 2017
- Chamber of Digital Commerce Forms the Blockchain Intellectual Property Council - March 16, 2017
- Orebits & Symbiont Deploy Blockchain Technology to Digitize Gold Ownership - March 16, 2017
- Blockchain Capital to Raise its Third Fund via a Digital Token Offering in The First Liquidity-enhanced Venture Capital Fund - March 16, 2017
- The Exscudo Channels App Is A New Mobile Wallet And Secure Messenger - March 14, 2017
- Dao.Casino – Decentralising the Gambling Economy - March 14, 2017
- Chain of Points Adds American Internet Entrepreneur Jeff Pulver to Board of Advisors - March 14, 2017
- Nasdaq Releases NYIAX – A Blockchain-Enabled, Cloud-Based Media Trading Platform - March 14, 2017
- Lunyr Announces Crowdsale for the First Decentralized World Knowledge Base on Ethereum - March 14, 2017
- Coinsource, World’s largest bitcoin ATM network, Completes Historic Bulk Installation on US West Coast with 35 ATMs - March 14, 2017
- Bitwala Offers Bitcoin to M-Pesa Services in Kenya, Nigeria, Uganda, and Tanzania - March 12, 2017
- US SEC Regulators Reject Bitcoin ETF, Price Plunges, Recovers - March 11, 2017
- Google’s DeepMind plans Blockchain Health Record Tracking for Hospitals - March 10, 2017
- Coalition Forms to Address Digital Asset Taxation Uncertainty - March 10, 2017
- Livecoin, the Fourth Largest Altcoin Exchange Is Now Available in Eight Languages - March 9, 2017
- Australia Releases Blockchain Standards Roadmap - March 6, 2017
- Hyperledger Fabric Graduates with Honours – It’s Live! - March 4, 2017
- TaaS, the First Fully Transparent Closed End Fund Dedicated to Blockchain Assets, Adds International Banking and Marketing Experts as Advisors - March 2, 2017
- Kraken Acquires Cryptowatch and Launches New Trading Platform - March 1, 2017
- Switzerland’s Crypto Valley Association Founded To Build World’s Leading Blockchain and Cryptographic Ecosystem - March 1, 2017
- Massive Launch by Blockchain Industry for New Enterprise Ethereum Alliance - March 1, 2017
- Monax Joins Hyperledger Project, Brings Ethereum Technology - February 28, 2017
- Chain of Points Adds Internet Pioneer and iPayYou Founder Gene Kavner to Board of Advisors - February 27, 2017
- Chamber of Digital Commerce and Structured Finance Industry Group Partner to bring Blockchain to Securitization - February 27, 2017
- Blockchain Startup Bloq Acquires Blockchain Analytics Pioneer Skry - February 27, 2017
- Edgeless.io Launches its ICO to become the first fully transparent Casino, Offering 0% Edge - February 27, 2017
- Storj Labs Raises $3 Million in Seed Funding - February 26, 2017
- Northern Trust And IBM Pioneer Use Of Blockchain Technology To Help Transform Private Equity Administration - February 26, 2017
- 0x – An Open Protocol for Decentralized Exchange on the Ethereum Blockchain - February 26, 2017
- Global Blockchain Project FERMAT Announces Significant Alpha Release for the “Internet of People” - February 26, 2017
- Blockchain Startup Peerplays Raises $4m Before ICO Even Kicks Off - February 26, 2017
- Numerai Launches Cryptocurrency and New Hedge Fund Built By Data Scientist Network - February 26, 2017
- Disrupt the VC Industry? Brock Pierce and Blockchain Capital to Launch Own Cryptocurrency and ICO - February 26, 2017
- SoftBank, Sprint and TBCASoft Partner in Blockchain Technology for Telecom Carriers - February 25, 2017
- Lisk Introduces New Blockchain Technology Update - February 25, 2017
- Dash Partners with BlockPay to Enable Point of Sale Purchases at Brick and Mortar Stores - February 25, 2017