DAO hacker syphons off £30m in crypto-currency Ethereum

Hacker exploited vulnerability in decentralised platform to shift vast quantities of ETH to a single wallet

A hack on the DAO, a leaderless decentralised platform designed to support projects based on the Ethereum blockchain, has led to a crash in the value of the associated Ethereum crypto-currency the ether (ETH) with around £30m-worth syphoned off into a single ether wallet.

At time of writing the price of ETH is 15 per cent lower than it was 24 hours earlier, while the price of the DAO token, created from the ETH in order to pay third party investors and contributors, is down 30 per cent, although both have been fluctuating wildly.

The DAO (for Decentralised Autonomous Organisation) is a hub that acts as a funding source for third-party projects. It was developed by smart contract organisation Slockit. The projects that receive funding are chosen by investors, who receive voting rights in the form of DAO tokens, and may receive dividends if projects selected are successful.

The platform, which has attracted £30m in crowdfunding investment, controls a pool of more than 11 million ETH, worth in the region £100m - although like most crypto-currencies the exchange rate is subject to large fluctuations.

A potential weakness in such a decentralised structure is that no one can turn it off if something goes wrong, and there is no single authority to make a quick decision. Instead decisions must be taken by consensus.

Blockchains are extremely secure, in part because of the amount of energy and computing power needed to crack them. Nevertheless a weak point for currencies that are based on such technology can be organisations built on top of them such as crypto-currency exchanges like MtGox, which declared itself bankrupt in 2014 after losing 750,000 customer bitcoin, and 100,000 of its own, worth a total of £300m.

Likewise, according to the Ethereum website, the vulnerabilities for the theft of ETH lie in the DAO's software, rather than the Ethereum blockchain.

"An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO," wrote Vitalik Buterin in the Ethereum blog.

"The attack is a recursive calling vulnerability, where an attacker called the 'split' function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction."

The price of ETH regained some value after inital steep losses once it was revealed that the stolen currency will not be spendable before 14 July, meaning that the whole DAO can be forked, with the criminal wallet remaining in the child version.

"The development community is proposing a soft fork ... preventing the ether from being withdrawn by the attacker past the 27-day window," said Buterin.

"This will later be followed up by a hard fork which will give token holders the ability to recover their ether."

Whether this will solve the problem in the long term is uncertain, however.

"The child DAO is exactly the same code as the parent, and has the exact same vulnerability. Converting the child back to ether takes another 34 days; replacing the child DAO with an upgraded contract takes a minimum of seven days," noted Emin Gün Sirer, hacker and professor at Cornell.

There has been speculation on Reddit about what this hack will mean for Ethereum and for the DAO.

"It is probably the end of DAO. Ethereum is still a good piece of software," commented one poster.

UPDATE 18 June

A guest poster has submitted an open letter to Pastebin claiming responsibility for the incident, which he or she says was made possible by a legitimate design feature of the DAO rather than being a hack.

The message begins: "I have carefully examined the code of the DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of 'child DAOs'.

"I am disappointed by those who are characterizing the use of this intentional feature as 'theft'. I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law."

The message, signed "The Attacker", goes on to state that forking the DAO would "amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract".

The validity of the message is unknown.