DAO Debacle Escalates: Attacker Counter-Attacks Ethereum Developers

An effort to thwart an attack on funds tied to The DAO, the ethereum-powered, smart contract-based funding vehicle, has grown more complicated.

AccessTimeIconJun 22, 2016 at 3:41 p.m. UTC
Updated Sep 11, 2021 at 12:20 p.m. UTC

The situation at The DAO is continuing to escalate.

The most visible distributed autonomous organization on the ethereum network, which once held $160m worth of the cryptocurrency ether, has now seen these funds dispersed to several different accounts.

Complicating matters is that the owners of some of these accounts are, at present, unknown.

The heightened uncertainty follows actions taken by a group of ethereum developers, who launched a "Robin Hood" effort to gain control of the funds yesterday. The effort was said to be aimed at safeguarding The DAO’s ether holdings following a new attack, a separate incident from the one that originally compromised investor holdings days before.

But now, someone behind one of those attacks has returned fire by taking advantage of the same aspects of The DAO's smart contract that allowed last week's attack.

Lefteris Karapetsas, technical lead for Slock.it, the Germany-based ethereum startup that spearheaded The DAO, said that the actors behind the actions are now in a position to launch a similar attack, using the same exploit that originally compromised The DAO.

Karapetsas said that attacker was able to obtain a stake in the two DAO sub-groups, known as child DAOs. He had previously proposed a counterattack that could be used as a stop-gap measure to disrupt the attacker.

Karapetsas told CoinDesk:

"Someone donated ether to The DAO with the sole purpose of having some balance inside The DAO so that he can join split 78, which is a whitehat DAO. He did not manage to get a lot but he has some tokens inside that DAO right now."

However, the creation phase of the child DAOs means that the attacker wouldn’t be able to perform the exploit until late next month.

This waiting period, Karapetsas said, would provide cover and time to come up with a fork of the ethereum network.

Slock.it founder and COO Stephan Tual told CoinDesk that much of The DAO's funds were moved in an effort including members of the Ethereum Foundation and Slock.it, among others, though he stressed that those groups were not playing an official role.

"70% of the funds are now under the direct control of a group of whitehats consisting of individuals from ethereum foundation, Slock.it, etc," he said.

But as it stands – and as today’s counter-move demonstrates – the inherent vulnerabilities in The DAO’s smart contract leaves the door open to future attacks. Each child DAO created is an effective copy of the original, bringing with it all of the flaws contained within. It’s because of this that some are pushing for a rule change in the ethereum network.

Proponents of that strategy say it would allow developers to freeze funds taken from The DAO, and thus secure funds until they can be recovered.

Opponents, on the other hand, argue that the move threatens the integrity of the ethereum blockchain and the project as a whole. Others have asserted that the drive to fork ethereum is driven by the self-interest of developers who have ownership stakes in the compromised funds as well as The DAO itself.

Image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.