An attacker is draining TheDAO of millions of ether as I write, according to a discussion on Reddit. According to one estimate by Sherlockcoin the entire DAO account is gonna be empty within 35.5 hours.
The attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.
The leaked ether is in a child DAO here – even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for the child DAO). This is an issue that affects the DAO specifically – Ethereum itself is perfectly safe. The bug is in the DAO’s code. If you hold DAO tokens you are likely about to lose all the value of those.
Stephan Tual founder of Ethereum startup Slock.it which cut TheDAO code ironically told CoinDesk recently:
“You don’t want a bad story about Ethereum. If [The DAO] were to crash, people would compare it to Mt Gox.”
According to Peter Vessenes, former CEO of CoinLab, Inc and Co-Founder / Chairman Emeritus of the Bitcoin Foundation.:
I wrote up this vulnerability last week: you CAN READ MORE ABOUT IT AT MY BLOG. In simple words, it’s like the bank teller doesn’t change your balance until she has given you all the money you requested. “Can I withdraw $500? Wait, before that, can I withdraw $500?”
“And so on. The smart contracts as designed only check you have $500 at the beginning, once, and allow themselves to be interrupted.”
Ethereum founder Vitalik Buterin has proposed a voluntary modification to Ethereum’s code that would make it impossible to spend the stolen coins. However, some members of the community have argued against recovering the money — using similar arguments made against the 2008 bank bailouts.
According a recent article in Blockchain News three members of Hacking Distributed – Dino Mark, Vlad Zamfir and Emin Gün Sirer found different problems with TheDAO on the day it was released in the first draft of a research paper that analyzed The DAO and its voting mechanism.
This paper identifies problems with The DAO’s mechanism design that incentivise investors to behave strategically – that is, at odds with truthful voting on their preferences and then outline potential attacks against The DAO made possible by these behaviors.
The DAO is a digital decentralized autonomous organization and a form of investor-directed venture capital fund. It’s objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises and it been instantiated on the Ethereum blockchain, and has no conventional management structure or board of directors.
The DAO was crowdfunded via a token sale in May 2016. It set the record for the largest crowdfunding campaign in history and raised over $150 million from from more than 11,000 investors.
Emin Gün Sirer, Hacker and professor at Cornell wrote in a recent article at Hackijng, Distributed called Caution: The DAO Can Turn Into a Naturally-Arising Ponzi:
If you don’t know how The DAO works: it’s a crowd-funded investment fund. You buy into The DAO with ether (a cryptocurrency), and get “DAO tokens” in return. DAO tokens are essentially shares in a computer-controlled fund. The DAO then invests your ether into worthy projects, selected by crowd voting. As these projects pay off dividends, you are supposed to make money as the crowd picks winners with its infinite wisdom, or lose money if the crowd ended up investing in turkeys.
You can take out your money at any time by selling your DAO tokens at the equivalent of a regular commodity market. Alternatively, you can convert your DAO tokens to ether through a process known as “splitting.” The split process takes a minimum of 48 days, and provides a fixed rate payoff: 1 DAO token leads to 1 ether, guaranteed.
To summarize, there are three distinct points here:
1. The specific idea of investing in The DAO’s own tokens is a particularly risky choice, especially when marketed as a risk free investment or as an arbitrage opportunity, because the ether backing it is time encumbered.
2. The DAO may be disposed towards risky investments where the complexity of the underlying financial instruments hide the Ponzi nature of the processes involved.
3. The only legitimate, sure-fire way to create value is by picking investments that create something that someone wants. Everything else that involves complex derivatives and so forth is not-that. Keep it clean, and stick to what we know to be good.
The value of the Ethereum currency, called ether (ETH), has fallen about 25 per cent since the attack.
- UC Berkeley Opens New Blockchain Lab – Steve Chen Appointed to Co-Lead Newly Formed Berkeley Blockchain Lab - December 10, 2017
- Peter Vessenes Announces Deluge Network To Support a Safe and Direct Way to Contribute Bitcoin Directly to ICOs - December 5, 2017
- EXMO Launches Token Sale with Blockstarter’s ICO Solution - December 5, 2017
- AdHive, A Blockchain-Based Native Advertising Platform, Engages with WINGS DAO Platform - December 5, 2017
- Perkins Coie Adds SEC Attorney in San Francisco with Fintech and Blockchain Experience - December 5, 2017
- Cryptocurrency Monero Announces Breakthrough Online Shopping Initiative Featuring Top Global Artists’ Music and Merchandise - December 5, 2017
- Bitcoin for a ‘bit’ of Caribbean paradise - December 5, 2017
- With the Launch of SunCoin, Solar Bankers Takes On the World’s Energy Giants - December 4, 2017
- Blockchain News Is Merging With Token Report - November 30, 2017
- Mira launches Pre-ICO for Mira – an Easy and Convenient Way to Buy, Store and Send Cryptocurrency - November 23, 2017
- Dash and KuvaCash Partner to Fight Inflation in Zimbabwe with Cryptocurrency - November 22, 2017
- INS Ecosystem Partners with Ambrosus to Overhaul the Grocery Supply Chain - November 22, 2017
- Global Debt Registry Unveils Collateral Pledge Blockchain Proof of Concept - November 22, 2017
- Ripple Appoints Former New York State Superintendent of Financial Services Benjamin Lawsky to Its Board and Ron Will as CFO - November 22, 2017
- Advised by the Co-Founders of YouTube and Twitch, Theta Announces a Blockchain-based Video Delivery Network - November 22, 2017
- Modex adds top advisor from Google ahead of ICO - November 22, 2017
- Decentralized Ad Exchange AdEx Partners with INK to Handle the World’s First Blockchain-based Ad Auction - November 22, 2017
- Zilliqa Lowers Funding Cap Despite Heavy Demand from Investors - November 22, 2017
- Health Startup Etheal Combines Blockchain Technology with Micro-Incentives to Build a Peer-Reviewed Global List of Health Professionals - November 22, 2017
- Bitquence Rebrands as Ethos.io, Charting a Course to Unlock Crypto and the Future of Investment for the Masses - November 22, 2017
- Eidoo Introduces User Friendly ICO Engine – Allowing Crypto Startups To Launch And Manage Their Own ICOs For Fundraising On The Blockchain - November 22, 2017
- Simdaq Launches Social Platform for Democratisation and Development of Cryptocurrency Trading - November 22, 2017
- Gameflip Shatters FLIP Pre-Sale Goals, Sets Sights on December 4, 2017 ICO - November 22, 2017
- Golden Alliance Gold Mining Launches Token Sale - November 22, 2017
- Genaro and Storj Labs Announce Collaboration and Product Integration - November 22, 2017
- Metal (MTL) Now Available on the Chinese Cryptocurrency Exchange - November 22, 2017
- Mark.space & Jaguar Land Rover Announce Cooperation - November 22, 2017
- Exscudo – EON Testnet Was Successfully Updated - November 22, 2017
- Valorem Foundation Launches All-new Cryptocurrency Platform - November 22, 2017
- WAX Partners with Xsolla to Offer Its Platform to More Than 2,000 Video Games - November 22, 2017
- Brave expands Basic Attention Token platform to YouTube - November 22, 2017
- Narrative Launches Blockchain Based Social Network That Puts Revenue In Your Pocket, Not Mark Zuckerberg’s - November 22, 2017
- Gladius Uses Blockchain and Spare Bandwidth to Revolutionize Cyber Security - November 22, 2017
- Indorse Announces Partnership with App Store Cryptocurrency, AppCoins, ahead of MVP Launch - November 22, 2017
- Secutix And The Paléo Festival Nyon Announce The Success Of Their Blockchain Pilot Project - November 22, 2017
- ING launches major addition to blockchain technology: Zero-Knowledge Range Proof solution - November 22, 2017
- Cofound.it Announces Teams Participating in Upcoming Live Crowdsale Event - November 22, 2017
- PUBLIQ goes public: The blockchain and AI company that fights fake news announces the start of its Initial Token Offering - November 22, 2017
- Blockchain for Business SophiaTX Reveals New Details of Platform; Confirms Date for Token Generation Event - November 22, 2017
- BCShop.io Launches Partner Program - November 22, 2017
- World’s First Social Entrepreneurship Platform Moms Avenue Challenges Etsy by Gearing Up With Blockchain - November 21, 2017
- WAX Partners with Xsolla to Offer Its Platform to More Than 2,000 Video Games - November 20, 2017
- Pundi X integrates NEM blockchain to Bring Cryptocurrency Payments Into Retail Stores - November 20, 2017
- Fujitsu Develops Security Technology to Safely Connect Blockchains - November 20, 2017
- Jibrel Network Announces a Highly Successful Pre-sale Round - November 20, 2017
- KRAFTWERK on Blockchain - November 20, 2017
- MintHealth: Empowering Patients to Take Control of their Health and Data via Blockchain Technology - November 20, 2017
- IBM Completes PoC Of Blockchain-based Shared KYC With Deutsche Bank, HSBC, MUFG And Cargill, IBM Treasuries - November 20, 2017
- LetsEnhance.io to process images on Neuromation Platform - November 20, 2017
- Blockchain And AI Researchers Propose A New Model To Return The Control Over Human Life Data To The Patients And Accelerate Biomedical Research - November 20, 2017