An attacker is draining TheDAO of millions of ether as I write, according to a discussion on Reddit. According to one estimate by Sherlockcoin the entire DAO account is gonna be empty within 35.5 hours.
The attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.
The leaked ether is in a child DAO here – even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for the child DAO). This is an issue that affects the DAO specifically – Ethereum itself is perfectly safe. The bug is in the DAO’s code. If you hold DAO tokens you are likely about to lose all the value of those.
Stephan Tual founder of Ethereum startup Slock.it which cut TheDAO code ironically told CoinDesk recently:
“You don’t want a bad story about Ethereum. If [The DAO] were to crash, people would compare it to Mt Gox.”
According to Peter Vessenes, former CEO of CoinLab, Inc and Co-Founder / Chairman Emeritus of the Bitcoin Foundation.:
I wrote up this vulnerability last week: you CAN READ MORE ABOUT IT AT MY BLOG. In simple words, it’s like the bank teller doesn’t change your balance until she has given you all the money you requested. “Can I withdraw $500? Wait, before that, can I withdraw $500?”
“And so on. The smart contracts as designed only check you have $500 at the beginning, once, and allow themselves to be interrupted.”
Ethereum founder Vitalik Buterin has proposed a voluntary modification to Ethereum’s code that would make it impossible to spend the stolen coins. However, some members of the community have argued against recovering the money — using similar arguments made against the 2008 bank bailouts.
According a recent article in Blockchain News three members of Hacking Distributed – Dino Mark, Vlad Zamfir and Emin Gün Sirer found different problems with TheDAO on the day it was released in the first draft of a research paper that analyzed The DAO and its voting mechanism.
This paper identifies problems with The DAO’s mechanism design that incentivise investors to behave strategically – that is, at odds with truthful voting on their preferences and then outline potential attacks against The DAO made possible by these behaviors.
The DAO is a digital decentralized autonomous organization and a form of investor-directed venture capital fund. It’s objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises and it been instantiated on the Ethereum blockchain, and has no conventional management structure or board of directors.
The DAO was crowdfunded via a token sale in May 2016. It set the record for the largest crowdfunding campaign in history and raised over $150 million from from more than 11,000 investors.
Emin Gün Sirer, Hacker and professor at Cornell wrote in a recent article at Hackijng, Distributed called Caution: The DAO Can Turn Into a Naturally-Arising Ponzi:
If you don’t know how The DAO works: it’s a crowd-funded investment fund. You buy into The DAO with ether (a cryptocurrency), and get “DAO tokens” in return. DAO tokens are essentially shares in a computer-controlled fund. The DAO then invests your ether into worthy projects, selected by crowd voting. As these projects pay off dividends, you are supposed to make money as the crowd picks winners with its infinite wisdom, or lose money if the crowd ended up investing in turkeys.
You can take out your money at any time by selling your DAO tokens at the equivalent of a regular commodity market. Alternatively, you can convert your DAO tokens to ether through a process known as “splitting.” The split process takes a minimum of 48 days, and provides a fixed rate payoff: 1 DAO token leads to 1 ether, guaranteed.
To summarize, there are three distinct points here:
1. The specific idea of investing in The DAO’s own tokens is a particularly risky choice, especially when marketed as a risk free investment or as an arbitrage opportunity, because the ether backing it is time encumbered.
2. The DAO may be disposed towards risky investments where the complexity of the underlying financial instruments hide the Ponzi nature of the processes involved.
3. The only legitimate, sure-fire way to create value is by picking investments that create something that someone wants. Everything else that involves complex derivatives and so forth is not-that. Keep it clean, and stick to what we know to be good.
The value of the Ethereum currency, called ether (ETH), has fallen about 25 per cent since the attack.
- IOHK and University of Edinburgh Establish Blockchain Technology Laboratory - February 24, 2017
- Liberland to Launch Online Startup Contest to Kick Off Smart Nation - February 23, 2017
- Blockchain Intelligence Group Launches QLUE Version Codename Deep Cove - February 23, 2017
- Lykke Crowdfunding – One -year Lykke Forward Offering - February 22, 2017
- Daimler AG Joins Hyperledger Blockchain Consortium as Premier Member - February 21, 2017
- Voatz and Clear Ballot to Explore Blockchain Technology for Remote Voting - February 20, 2017
- New Blockchain Smart Contract Token Developed By GameCredits - February 20, 2017
- Blockchain Could Be a New Operating System for the Planet Says Jeremy Wilson, Vice Chairman of Barclays Corporate Banking - February 20, 2017
- JAAK and the Guardian Initiative Announce MΞTA: A Blockchain Pilot for The Media & Entertainment Industry - February 18, 2017
- The StabL Project – Hadrien Charlanes Plans Stable Tokens and Derivative Products For Ethereum Blockchain - February 17, 2017
- Blockchain Energy Trading Trials Kickoff with Canada’s BTL Group and Austria’s Wien Energie - February 16, 2017
- Smart Dubai Office (SDO) and 1776 Launch Blockchain Challenge - February 16, 2017
- BOScoin, a New Cryptocurrency, Introduces “Trust Contracts” to Overcome the Shortcomings of Ethereum Smart Contracts - February 16, 2017
- European Commission Working on Blockchain – Plans Actively Seeking Pilot Partners - February 16, 2017
- Canadian Blockchain Company SecureKey Awarded U.S. Department of Homeland Security Grant - February 16, 2017
- Microsoft and KPMG Cut Deal and Kickoff Blockchain Nodes in Frankfurt and Singapore - February 16, 2017
- Global Blockchain Project FERMAT Announces Significant Alpha Release for the “Internet of People” - February 16, 2017
- Russian Blockchain Startup Exscudo Aims to Bridge Traditional Finances And The Cryptocurrency Market - February 15, 2017
- Active Year Ahead for Blockchain Solutions in Financial Services, says Corporate Insight - February 14, 2017
- BlockApps and Red Hat Cut Deal to Deliver Hybrid Cloud Solution for Blockchain Applications in the Enterprise - February 14, 2017
- Hyperledger Blockchain Turns One – Director Brian Behlendorf Updates - February 14, 2017
- The State Bank of India Initiates National Blockchain Bank Consortium - February 14, 2017
- The National Bank of Abu Dhabi (NBAD) Introduces Real-Time Cross-Border Blockchain Payments - February 14, 2017
- China Turning Hard to Blockchain – Focus on Fraud Reduction - February 13, 2017
- U.S. Department of Health and Human Services to Kick Off Blockchain in Heathcare Code-A-Thon - February 13, 2017
- Hexayurt Capital presents the Internet of Agreements at the World Government Summit - February 13, 2017
- EquiChain – Blockchain for Emerging Markets Post-Trade - February 13, 2017
- UK Government Approves Tramonex Labs to Issue Currency on Blockchain - February 12, 2017
- US Congress Buckles Down With Blockchain – Launch Congressional Blockchain Caucus - February 11, 2017
- Nick Szabo: Some Private Blockchains Qualify as Bona Fide Blockchains - February 10, 2017
- Bitfury Group and Government of Georgia Expand Blockchain Land Titling Project - February 10, 2017
- Expanse Project Announces Launch of the Expanse Bond System (EBS) - February 10, 2017
- WISeKey to Establish IoT Blockchain Center of Excellence in New York - February 10, 2017
- Blockchain Startup Coinfirm Gets $700k Growth Equity Via VC Funding - February 10, 2017
- Blockchain Health Startup Hashed Health Raises Nearly $2 Million in Initial Funding Round - February 10, 2017
- IBM Kicks Off Blockchain Initiative with Dubai Government - February 10, 2017
- Blockchain Pioneer Medici Ventures Invests in Factom, Inc. - February 7, 2017
- Canadian Blockchain Startup Equibit Raises Quarter Million Dollars in Day One of Initial Coin Offering (ICO) - February 5, 2017
- Blockchain-Fuelled Grantcoin Foundation Distributes Universal Basic Income (UBI) Grants To 1,132 People In 79 Countries - February 5, 2017
- Blockchain Startup Chronobank partners with NEM to create ChronoNEM wallet - February 3, 2017
- dotBlockchain Music Project Announces Partners - February 2, 2017
- Switzerland Promises to Ease Rules for Fintech and Blockchain Startups - February 2, 2017
- Netherlands’ ING Bank Completes 27 Blockchain POCs - February 2, 2017
- South African Blockchain-Based AR Game nears $1 Million in ICO Funding Goal - February 2, 2017
- The Wall Street Blockchain Alliance Announces New Blockchain Assets Working Group - February 2, 2017
- Tel Aviv’s Colu Launches Local Digital Currency for Liverpool – East London Next - February 2, 2017
- South Africa Mulling Over Blockchain Digital Currency - February 2, 2017
- Nine in Ten Governments Investing in Blockchain by 2018 Says IBM Study - February 2, 2017
- NATO Awards Estonian Blockchain Company Guardtime Contract for Next-Generation Cyber Range - February 2, 2017
- Microsoft and Tierion Collaborate on Attestations and Blockchain Proofs - February 2, 2017