An attacker is draining TheDAO of millions of ether as I write, according to a discussion on Reddit. According to one estimate by Sherlockcoin the entire DAO account is gonna be empty within 35.5 hours.
The attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.
The leaked ether is in a child DAO here – even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for the child DAO). This is an issue that affects the DAO specifically – Ethereum itself is perfectly safe. The bug is in the DAO’s code. If you hold DAO tokens you are likely about to lose all the value of those.
Stephan Tual founder of Ethereum startup Slock.it which cut TheDAO code ironically told CoinDesk recently:
“You don’t want a bad story about Ethereum. If [The DAO] were to crash, people would compare it to Mt Gox.”
According to Peter Vessenes, former CEO of CoinLab, Inc and Co-Founder / Chairman Emeritus of the Bitcoin Foundation.:
I wrote up this vulnerability last week: you CAN READ MORE ABOUT IT AT MY BLOG. In simple words, it’s like the bank teller doesn’t change your balance until she has given you all the money you requested. “Can I withdraw $500? Wait, before that, can I withdraw $500?”
“And so on. The smart contracts as designed only check you have $500 at the beginning, once, and allow themselves to be interrupted.”
Ethereum founder Vitalik Buterin has proposed a voluntary modification to Ethereum’s code that would make it impossible to spend the stolen coins. However, some members of the community have argued against recovering the money — using similar arguments made against the 2008 bank bailouts.
According a recent article in Blockchain News three members of Hacking Distributed – Dino Mark, Vlad Zamfir and Emin Gün Sirer found different problems with TheDAO on the day it was released in the first draft of a research paper that analyzed The DAO and its voting mechanism.
This paper identifies problems with The DAO’s mechanism design that incentivise investors to behave strategically – that is, at odds with truthful voting on their preferences and then outline potential attacks against The DAO made possible by these behaviors.
The DAO is a digital decentralized autonomous organization and a form of investor-directed venture capital fund. It’s objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises and it been instantiated on the Ethereum blockchain, and has no conventional management structure or board of directors.
The DAO was crowdfunded via a token sale in May 2016. It set the record for the largest crowdfunding campaign in history and raised over $150 million from from more than 11,000 investors.
Emin Gün Sirer, Hacker and professor at Cornell wrote in a recent article at Hackijng, Distributed called Caution: The DAO Can Turn Into a Naturally-Arising Ponzi:
If you don’t know how The DAO works: it’s a crowd-funded investment fund. You buy into The DAO with ether (a cryptocurrency), and get “DAO tokens” in return. DAO tokens are essentially shares in a computer-controlled fund. The DAO then invests your ether into worthy projects, selected by crowd voting. As these projects pay off dividends, you are supposed to make money as the crowd picks winners with its infinite wisdom, or lose money if the crowd ended up investing in turkeys.
You can take out your money at any time by selling your DAO tokens at the equivalent of a regular commodity market. Alternatively, you can convert your DAO tokens to ether through a process known as “splitting.” The split process takes a minimum of 48 days, and provides a fixed rate payoff: 1 DAO token leads to 1 ether, guaranteed.
To summarize, there are three distinct points here:
1. The specific idea of investing in The DAO’s own tokens is a particularly risky choice, especially when marketed as a risk free investment or as an arbitrage opportunity, because the ether backing it is time encumbered.
2. The DAO may be disposed towards risky investments where the complexity of the underlying financial instruments hide the Ponzi nature of the processes involved.
3. The only legitimate, sure-fire way to create value is by picking investments that create something that someone wants. Everything else that involves complex derivatives and so forth is not-that. Keep it clean, and stick to what we know to be good.
The value of the Ethereum currency, called ether (ETH), has fallen about 25 per cent since the attack.
- Huobi Charity Joins Rally with Blockchain Community in Global Fight Against COVID-19 - April 2, 2020
- Binance Officially Absorbs CoinMarketCap in $400 million deal - April 2, 2020
- RealT Tokenises and Sells USD One Million in Real Estate On Ethereum - March 30, 2020
- IOTA Teams Up with Eclipse Foundation to Work on Decentralised Marketplace and Identity Solutions to Help Fight Pandemic - March 30, 2020
- University of Malta Students Develop and Use Blockchain Voting Application - March 30, 2020
- Japan’s Nomura Securities and BOOSTRY Issue First Blockchain Digital Bond Offering - March 30, 2020
- Opera Rolls out Update and Expansion of its Cryptocurrency-Friendly Browser Blockchain Architecture - March 30, 2020
- Hong Kong Bank Partners with Aegis to Focus On Asset Digitalization Using Blockchain Technology - March 30, 2020
- European Union Looking to Blockchain Technology for Defense? - March 30, 2020
- Tech against Corona (COVID-19) – Dutch Enterprise Blockchain Company TYMLEZ Helps Dutch Government - March 29, 2020
- Microsoft Patents Human Activity Mining for Cryptocurrency Systems – Data Generated Based on Body Activity can be Proof-of-Work - March 27, 2020
- Binance Kicks Off $5 Million Coronavirus Relief Campaign and Donates USD $1 Million - March 27, 2020
- Medici Ventures Keiretsu Companies GrainChain and Symbiont Working Together to Expand Global Operations - March 27, 2020
- Blockchain-Fueled Entertainment Platform Ficto Launches Premium Interactive Streaming Network - March 27, 2020
- SettleMint – Belgian blockchain startup raises USD $2.09 Million for Expansion - March 27, 2020
- Exclusive Interview: Bitcoin and Cryptocurrency Leader Michael Terpin Sees Light in The Covid-19 Tunnel - March 26, 2020
- Blockchain Real Estate Project Smartlands Raising Funds on Equity Crowdfunding Platform Seedrs - March 26, 2020
- Cryptocurrency Exchange OKEx Greenlights DEA Trade Token Deapcoin For Its Jobtribe and PlayMining Games - March 26, 2020
- Microasset – The International Blockchain Monetary Reserve Announces $3.48 M In Reserve Funding, New Listing on BiKi Exchange - March 25, 2020
- Social Login – KyberSwap Integrates Torus to Offer Quick and Easy Ethereum Wallet Management - March 25, 2020