An attacker is draining TheDAO of millions of ether as I write, according to a discussion on Reddit. According to one estimate by Sherlockcoin the entire DAO account is gonna be empty within 35.5 hours.
The attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.
The leaked ether is in a child DAO here – even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for the child DAO). This is an issue that affects the DAO specifically – Ethereum itself is perfectly safe. The bug is in the DAO’s code. If you hold DAO tokens you are likely about to lose all the value of those.
Stephan Tual founder of Ethereum startup Slock.it which cut TheDAO code ironically told CoinDesk recently:
“You don’t want a bad story about Ethereum. If [The DAO] were to crash, people would compare it to Mt Gox.”
According to Peter Vessenes, former CEO of CoinLab, Inc and Co-Founder / Chairman Emeritus of the Bitcoin Foundation.:
I wrote up this vulnerability last week: you CAN READ MORE ABOUT IT AT MY BLOG. In simple words, it’s like the bank teller doesn’t change your balance until she has given you all the money you requested. “Can I withdraw $500? Wait, before that, can I withdraw $500?”
“And so on. The smart contracts as designed only check you have $500 at the beginning, once, and allow themselves to be interrupted.”
Ethereum founder Vitalik Buterin has proposed a voluntary modification to Ethereum’s code that would make it impossible to spend the stolen coins. However, some members of the community have argued against recovering the money — using similar arguments made against the 2008 bank bailouts.
According a recent article in Blockchain News three members of Hacking Distributed – Dino Mark, Vlad Zamfir and Emin Gün Sirer found different problems with TheDAO on the day it was released in the first draft of a research paper that analyzed The DAO and its voting mechanism.
This paper identifies problems with The DAO’s mechanism design that incentivise investors to behave strategically – that is, at odds with truthful voting on their preferences and then outline potential attacks against The DAO made possible by these behaviors.
The DAO is a digital decentralized autonomous organization and a form of investor-directed venture capital fund. It’s objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises and it been instantiated on the Ethereum blockchain, and has no conventional management structure or board of directors.
The DAO was crowdfunded via a token sale in May 2016. It set the record for the largest crowdfunding campaign in history and raised over $150 million from from more than 11,000 investors.
Emin Gün Sirer, Hacker and professor at Cornell wrote in a recent article at Hackijng, Distributed called Caution: The DAO Can Turn Into a Naturally-Arising Ponzi:
If you don’t know how The DAO works: it’s a crowd-funded investment fund. You buy into The DAO with ether (a cryptocurrency), and get “DAO tokens” in return. DAO tokens are essentially shares in a computer-controlled fund. The DAO then invests your ether into worthy projects, selected by crowd voting. As these projects pay off dividends, you are supposed to make money as the crowd picks winners with its infinite wisdom, or lose money if the crowd ended up investing in turkeys.
You can take out your money at any time by selling your DAO tokens at the equivalent of a regular commodity market. Alternatively, you can convert your DAO tokens to ether through a process known as “splitting.” The split process takes a minimum of 48 days, and provides a fixed rate payoff: 1 DAO token leads to 1 ether, guaranteed.
To summarize, there are three distinct points here:
1. The specific idea of investing in The DAO’s own tokens is a particularly risky choice, especially when marketed as a risk free investment or as an arbitrage opportunity, because the ether backing it is time encumbered.
2. The DAO may be disposed towards risky investments where the complexity of the underlying financial instruments hide the Ponzi nature of the processes involved.
3. The only legitimate, sure-fire way to create value is by picking investments that create something that someone wants. Everything else that involves complex derivatives and so forth is not-that. Keep it clean, and stick to what we know to be good.
The value of the Ethereum currency, called ether (ETH), has fallen about 25 per cent since the attack.
- Pulsar Venture Capital Holds ICO to Raise Money Using Blockchain - October 19, 2017
- Dash Expands Reach In Asia Through Cooperation With Rising Fintech Company QUOINE - October 19, 2017
- Hacken and Neuromation Partnership Launched to Stomp out Blockchain Cybercrime - October 19, 2017
- Playkey Brings in $1 Million in Pre-Sale Campaign and Welcomes Dillon Seo as VR Advisor - October 19, 2017
- SolarCoin Founders Introduce New Blockchain-Based Network for Global, Decentralized Energy Trading - October 19, 2017
- Kazakhstan’s Lendex.io plans ICO in early 2018 - October 19, 2017
- Swissborg – The Blockchain Era of Swiss Private Banking – Announced ICO - October 19, 2017
- Bank4YOU Group’s launches ICO end of October – Investors Call to Action - October 19, 2017
- Live Pre-sale of Trive: Fights Fake News Using Cryptocurrency and Crowdsourced Research - October 19, 2017
- A New Ozone Layer? Arcona Plans for Augmented Reality Layer to Cover Earth Surface in new AR project - October 19, 2017
- Cofound.it Introduces Seed Program for Early Blockchain Startups - October 19, 2017
- LOOMIA Announces Collaboration With Storj Labs, Introduces Smart Fabrics and Consumer Data to Blockchain Technology - October 19, 2017
- DECENT Launches Beta Release of DECENT GO, The First Decentralized Marketplace for Digital Content - October 19, 2017
- Orebits Corporation, Inc. Announces Orebits Pool, LLC and Orebits.AU Eco-System - October 19, 2017
- Pareto – the Peer to Peer Financial Content Marketplace Announces Token Sale - October 19, 2017
- Appsolutely Launches the LoyalPlatform, LoyalCoin and LoyalWallet; Using Blockchain to Usher in the New “Loyalty Economy” - October 19, 2017
- Eidoo Raises $27.9m In Successful ICO To Bridge The Cryptocurrency Gap And Open The World Of Digital Currencies To The Masses - October 19, 2017
- Malta-based RoboAdvisorCoin (RAC) Launches Token Sale for Robo-Advisor Dedicated to Cryptocurrencies and Digital Assets - October 19, 2017
- BLOCKv Announces the Availability of VEE Tokens Through Its Upcoming Token Generation Event – Open to Public on October 19, 2017 - October 19, 2017
- The Fundchain initiative starts again this year with new Research & Development roadmap for the investment fund industry - October 19, 2017
- Digital Cryptocurrency Vault DigiPulse Reaches $1 million in Token Sale - October 19, 2017
- Tickets Cloud Kicks off crypto.tickets ICO - October 19, 2017
- Ex-JP Morgan Vice President Dr Joseph Chen-Yu Wang Joins Ambrosus as Project Manager - October 19, 2017
- Russian Wood for Cryptocurrency – Timber! - October 19, 2017
- Proof Suite Announces Token Sale for Blockchain Platform Designed to Tokenize and Insure Real World Assets - October 19, 2017
- DataWallet Announces Blockchain-Based, Consumer-to-Business Data Exchange - October 19, 2017
- IEEE Releases Findings from First Detailed Study of Blockchain Adoption in the Pharmaceutical Enterprise - October 19, 2017
- Horizon State Launches Token Sale to Modernize Global Voting and Collaborative Decision Making - October 19, 2017
- Metaps Plans to Launch Time Marketplace ‘Timebank’ Token Sale on COMSA - October 19, 2017
- Lykke Vanuatu brings Binary.com tokens to Lykke Vanuatu Exchange - October 19, 2017
- After raising $15M in a pre-sale, BitClave is ramping up for its Nov 8 crowdsale, and its plans to redefine the search experience - October 19, 2017
- Kazakhstan Is About To Launch The First Cryptocurrency, Directly Backed By Fiat Money - October 19, 2017
- Positive.com launches to protect Initial Coin Offerings from cyber attack - October 19, 2017
- Latium Launches LATX Cryptocurrency Token Sale for Participation in AI-Based Tasking Platform - October 18, 2017
- IBM Announces Major Blockchain Solution to Speed Global Payments - October 18, 2017
- Launch of SMSCHAIN, a Blockchain-based SMS Gateway - October 18, 2017
- Streamr Concludes a 30 Million CHF Crowd Contribution Period to Build Decentralized Real-Time Data Economy - October 18, 2017
- Publica Building New eCommerce Platform for the Publishing Ecosystem – Token Sale Coming Soon - October 18, 2017
- BLOCKv Partners with Storj Labs to Provide Decentralized Storage Architecture and New Toolsets to Power Next Generation Digital Objects - October 18, 2017
- Coinme Announces the Start of the UpToken Sale Today With Over $40 Million USD in Pre-Registration Signups - October 18, 2017
- Blockbid Announces Launch Of ICO Backed By Multi-Cryptocurrency Trading Platform - October 18, 2017
- SportyFi – Decentralized Sports Investment Start-up Endorsed by Soccer Superstar Roberto Carlos - October 16, 2017
- Acronis Joins Runa Capital and Parallels In Accelerating Innovation and Supporting Blockchain Initiatives in Malta - October 16, 2017
- Jaxx Allows First Crowdsale Participation with STORM Token - October 16, 2017
- Hyperledger Knits New Project – Hyperledger Quilt - October 16, 2017
- Legolas Exchange Partners With BanQix to Protect Institutional Investors - October 16, 2017
- MARK.SPACE Announces Launch Of Blockchain-powered VR-platform With Upcoming Token Crowdsale - October 16, 2017
- IRTI Partners With Ateon And Settlemint To Develop Blockchain-based Products For Financial Inclusion - October 16, 2017
- Golden Alliance Coin Announces ICO – For Mining Gold - October 16, 2017
- Media Aggregator Esports Gold Announces $5 Million Ethereum Token Sale - October 16, 2017