DAO Debacle Escalates: Attacker Counter-Attacks Ethereum Developers

An effort to thwart an attack on funds tied to The DAO, the ethereum-powered, smart contract-based funding vehicle, has grown more complicated.

AccessTimeIconJun 22, 2016 at 3:41 p.m. UTC
Updated Aug 18, 2021 at 4:58 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

The situation at The DAO is continuing to escalate.

The most visible distributed autonomous organization on the ethereum network, which once held $160m worth of the cryptocurrency ether, has now seen these funds dispersed to several different accounts.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Complicating matters is that the owners of some of these accounts are, at present, unknown.

    The heightened uncertainty follows actions taken by a group of ethereum developers, who launched a "Robin Hood" effort to gain control of the funds yesterday. The effort was said to be aimed at safeguarding The DAO’s ether holdings following a new attack, a separate incident from the one that originally compromised investor holdings days before.

    But now, someone behind one of those attacks has returned fire by taking advantage of the same aspects of The DAO's smart contract that allowed last week's attack.

    Lefteris Karapetsas, technical lead for Slock.it, the Germany-based ethereum startup that spearheaded The DAO, said that the actors behind the actions are now in a position to launch a similar attack, using the same exploit that originally compromised The DAO.

    Karapetsas said that attacker was able to obtain a stake in the two DAO sub-groups, known as child DAOs. He had previously proposed a counterattack that could be used as a stop-gap measure to disrupt the attacker.

    Karapetsas told CoinDesk:

    "Someone donated ether to The DAO with the sole purpose of having some balance inside The DAO so that he can join split 78, which is a whitehat DAO. He did not manage to get a lot but he has some tokens inside that DAO right now."

    However, the creation phase of the child DAOs means that the attacker wouldn’t be able to perform the exploit until late next month.

    This waiting period, Karapetsas said, would provide cover and time to come up with a fork of the ethereum network.

    Slock.it founder and COO Stephan Tual told CoinDesk that much of The DAO's funds were moved in an effort including members of the Ethereum Foundation and Slock.it, among others, though he stressed that those groups were not playing an official role.

    "70% of the funds are now under the direct control of a group of whitehats consisting of individuals from ethereum foundation, Slock.it, etc," he said.

    But as it stands – and as today’s counter-move demonstrates – the inherent vulnerabilities in The DAO’s smart contract leaves the door open to future attacks. Each child DAO created is an effective copy of the original, bringing with it all of the flaws contained within. It’s because of this that some are pushing for a rule change in the ethereum network.

    Proponents of that strategy say it would allow developers to freeze funds taken from The DAO, and thus secure funds until they can be recovered.

    Opponents, on the other hand, argue that the move threatens the integrity of the ethereum blockchain and the project as a whole. Others have asserted that the drive to fork ethereum is driven by the self-interest of developers who have ownership stakes in the compromised funds as well as The DAO itself.

    Image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.