Attacker behind record 2016 crypto hack might have been found


The 2016 attack on TheDAO was the result of a flaw in its code allowing an attacker to slowly drain funds from the main platform into other newly-created DAOs, relying on good actors to engage with those offshoot DAOs to stop the attacker from withdrawing funds entirely. — Reuters

One of the most significant hacks in the history of crypto has gone unsolved for almost six years, after an unknown attacker siphoned 3.6 million Ether – worth over US$9bil (RM37.66bil) at current prices – from a decentralised fund known as TheDAO. Now, journalist Laura Shin says in a new book that she may have discovered the person behind it.

The 2016 attack on TheDAO was the result of a flaw in its code allowing an attacker to slowly drain funds from the main platform into other newly-created DAOs, relying on good actors to engage with those offshoot DAOs to stop the attacker from withdrawing funds entirely.

That year, a hacker exploited that flaw to steal around 31% of TheDAO’s total Ether stash, which at the time was around 5% of all ETH ever created. In order to stop that person getting away with most of the cash, Ethereum developers were forced to split its blockchain in two. The result was that the hacker was not left with the ETH we know today, but Ethereum Classic – worth far less than ETH, valuing the total token pile at around US$94mil (RM393.43mil) in today’s prices.

Detailing the findings of her book in a Forbes summary on Tuesday, Shin pointed to Toby Hoenisch, co-founder and chief financial officer of Euro-pegged stablecoin project Mimo Capital, as the alleged hacker. Shin cited a web of data and evidence based on tracked transactions and comments made by Hoenisch about security flaws in TheDAO before the attack occurred.

Hoenisch denied to Shin that her findings were accurate. Hoenisch did not immediately respond to Bloomberg requests for comment.

Research carried out by Shin, early Ethereum developer Alex van de Sande, crypto research firm Chainalysis and others alleged that Hoenisch had brought the specific flaw exploited in the 2016 hack to the attention of TheDAO several weeks before it occurred.

In a statement to Bloomberg, Shin said her findings provide “extremely strong evidence of the attacker’s identity”, alleging Hoenisch’s knowledge of TheDAO provided him with the means and motivation to carry out the hack.

Following the theft, the attacker tried to obscure some of their activity by transferring funds through the privacy mixer Wasabi Wallet. A tool newly developed by Chainalysis de-mixed these transactions, allowing researchers to find the exchanges that subsequently received the stolen funds in accounts allegedly managed by Hoenisch.

Wasabi Wallet did not immediately respond to a request for comment.

“Now that Chainalysis has disclosed with my book and article that it has the ability to de-mix Wasabi transactions, I imagine a number of people who have used that mixer for illicit purposes are feeling insecure today,” Shin said in an email.

“This may get them wondering if blockchain forensics will catch up to them later, even if they use the latest crypto obfuscation techniques today.” – Bloomberg

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!
   

Next In Tech News

'World of Warcraft' mobile game to be axed: Sources
Twitter tests new status feature in US and Australia
Robinhood cuts 23% of staff, joining Netflix and Amazon in tech slowdown
A YouTubers’ child predator sting, a foot pursuit across a busy freeway, and an arrest
'King of Fighters XV': A fighter game meant more for fun
Musk challenges Twitter CEO to public debate on bots
Musk says Twitter deal should go ahead if it provides proof of real accounts
How to take care of your hearing aid if you’re taking a beach holiday
Wind and water: undersea drone readies to aid offshore boom
Finfluencers: Can we trust investment tips from social media?

Others Also Read