DAO Debacle Escalates: Attacker Counter-Attacks Ethereum Developers

An effort to thwart an attack on funds tied to The DAO, the ethereum-powered, smart contract-based funding vehicle, has grown more complicated.

AccessTimeIconJun 22, 2016 at 3:41 p.m. UTC
Updated Sep 11, 2021 at 12:20 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

The situation at The DAO is continuing to escalate.

The most visible distributed autonomous organization on the ethereum network, which once held $160m worth of the cryptocurrency ether, has now seen these funds dispersed to several different accounts.

Complicating matters is that the owners of some of these accounts are, at present, unknown.

The heightened uncertainty follows actions taken by a group of ethereum developers, who launched a "Robin Hood" effort to gain control of the funds yesterday. The effort was said to be aimed at safeguarding The DAO’s ether holdings following a new attack, a separate incident from the one that originally compromised investor holdings days before.

But now, someone behind one of those attacks has returned fire by taking advantage of the same aspects of The DAO's smart contract that allowed last week's attack.

Lefteris Karapetsas, technical lead for Slock.it, the Germany-based ethereum startup that spearheaded The DAO, said that the actors behind the actions are now in a position to launch a similar attack, using the same exploit that originally compromised The DAO.

Karapetsas said that attacker was able to obtain a stake in the two DAO sub-groups, known as child DAOs. He had previously proposed a counterattack that could be used as a stop-gap measure to disrupt the attacker.

Karapetsas told CoinDesk:

"Someone donated ether to The DAO with the sole purpose of having some balance inside The DAO so that he can join split 78, which is a whitehat DAO. He did not manage to get a lot but he has some tokens inside that DAO right now."

However, the creation phase of the child DAOs means that the attacker wouldn’t be able to perform the exploit until late next month.

This waiting period, Karapetsas said, would provide cover and time to come up with a fork of the ethereum network.

Slock.it founder and COO Stephan Tual told CoinDesk that much of The DAO's funds were moved in an effort including members of the Ethereum Foundation and Slock.it, among others, though he stressed that those groups were not playing an official role.

"70% of the funds are now under the direct control of a group of whitehats consisting of individuals from ethereum foundation, Slock.it, etc," he said.

But as it stands – and as today’s counter-move demonstrates – the inherent vulnerabilities in The DAO’s smart contract leaves the door open to future attacks. Each child DAO created is an effective copy of the original, bringing with it all of the flaws contained within. It’s because of this that some are pushing for a rule change in the ethereum network.

Proponents of that strategy say it would allow developers to freeze funds taken from The DAO, and thus secure funds until they can be recovered.

Opponents, on the other hand, argue that the move threatens the integrity of the ethereum blockchain and the project as a whole. Others have asserted that the drive to fork ethereum is driven by the self-interest of developers who have ownership stakes in the compromised funds as well as The DAO itself.

Image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.