The DAO Hacker is Getting Away

The DAO hacker may walk away with millions in spite of efforts by the ethereum community to prevent this outcome.

AccessTimeIconAug 8, 2016 at 6:00 p.m. UTC
Updated Sep 11, 2021 at 12:26 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

What happened to The DAO hacker?

It's a question that weeks after the headline-grabbing heist rocked the blockchain world seems to evade an easy answer.

Interviews conducted by CoinDesk indicate the ethereum community seems to have largely abandoned efforts to find the individual or group that compromised the project, even as the ramifications of what was done to protect investors continue to reverberate.

To recap, The DAO attack proved the primary motivation in encouraging a majority of the ethereum community to agree to create a new blockchain history last month. The thinking was that ethereum users would quickly migrate to the new fork, leaving any coins on the original blockchain where The DAO hacker had a balance worthless.

This, however, is not what occurred.

Rather than abandon the old blockchain, development continues to be led by those ideologically opposed to the new blockchain and its values.

Two weeks later, the blockchain known as ethereum classic has a amassed a global market cap of almost $200m. The market has further decided its tokens, classic ethers (ETC), have value, enough for it to be the fifth largest digital currency in the world.

In addition to creating a new market for investors, the developments are a huge break for The DAO hacker.

Should these funds be successfully sold, The DAO could ultimately walk away with $8.5m. Though that's still a fraction of the nearly $40m he or she would have if his bounty was denominated in ETH, it's not a bad cache for one day's work.

What moves the tale beyond speculation, though, is that there is increasing evidence to suggest the hacker has noticed the appreciation of his new funds.

In recent days, that value has been on the move.

Exiting positions

There remain other open questions as well, such as how The DAO hacker will liquidate his or her position in ETC.

Due to the original construction of The DAO, there were rules on how funds could be withdrawn, and those have now been replicated in the alternative version of the accounts on ethereum classic. And so, as happened in ethereum prior to the hard fork, a 27-day countdown has once again begun before the 3.6m ETC can be taken out of the contract.

Nick Johnson, software engineer for the non-profit Ethereum Foundation (which has supported the hard-fork version of ethereum), was able to explain how the DAO hacker could profit by converting his classic ether funds into fiat currency or another digital currency.

Johnson explained that it's likely the attacker wasn't a curator of the fund, meaning he or she would need to create another DAO to withdraw those funds to before gaining custody.

But he added that he hadn't investigated the details of the matter.

Interviews with members of the Ethereum Foundation suggest stopping the DAO hacker from profiting from his heist, even through an alternative version of the blockchain, isn't top of mind.

"Sorry to disappoint," he said. "But I'm afraid I'm probably the wrong person to ask here."

Plot thickens

The story gets more complex, though.

In the weeks preceding the hard fork, other measures were taken to try and gain control of The DAO hackers funds.

This included the formation of a group of so-called "white hat" hackers that sought to attack The DAO contract in a bid to return custody of the funds to their owners. At the time of the fork, multiple DAOs existed that contained stolen funds wrested from the hacker's control.

Due to the fact that this blockchain continues to operate, these accounts were also replicated.

Still remaining in those white hat accounts on the ETC blockchain are 7.2m ETC in one account and nearly 600,000 ETC in another account. Based on the ETC rate of $2.24 at the time of publication that makes those accounts collectively worth more than $17.6m.

It remains unclear how this value could be spent, who associated with that effort may attempt to liquidate this value and whether any proceeds would be used to compensate investors.

In conversation with CoinDesk, ethereum lead developer Fabian Vogelsteller and Ethereum Foundation UX designer Alex Van de Sande both said they didn’t know what might happen to those resources, adding that they have focused their attention on the new ethereum blockchain.

Neither said they knew who owns the private keys that could possibly grant access to the funds.

When it came to what might happen to the DAO account owned by the hacker, both Vogelsteller and Van de Sande agreed that the attacker will likely walk away with the funds.

"I don’t know what will happen with the white hat DAOs," said Van de Sande, adding:

"But yes, the Dark DAO attacker was able to get away with a big part of ether classic. That was the point of classic wasn’t it?"

The gatekeepers

The final barrier for the hacker then may be the major ethereum exchanges.

As the primary venues for the buying and selling of ETH and ETC, they remain the easiest option The DAO hacker has to obtain an exit, but one of the most problematic due to the KYC and AML rules they enforce.

Founder and CEO of Poloniex, Tristan D'Agosta, said the next step for the hacker would likely be to convert the ETC to BTC.

But when those funds "do start really moving," he said, the attacker will have to work to evade detection – no small feat on a public blockchain, where the history of transactions can be freely explored.

As for how exactly any conversion might take place, D'Agosta offered some theories, but didn't want to go into too much detail so as not to accidentally give any ideas to the hacker.

"He probably knows already, as he has shown himself to be very smart," D'Agosta said. "But many attackers are brilliant in some ways and extraordinarily stupid in others."

Kraken, the second-largest ethereum exchange by volume, has not responded to requests for comment on the matter.

Ending unknown

It remains to be seen what the hacker might do next, but theories are already percolating online.

Last week, additional movement in a DAO associated with the hacker became a topic of conversation on social media, indicating that the funds are another step closer to being withdrawn.

As for the ETC accounts that correspond to the white hat attacks, one source with knowledge of the situation said he has "theories" as to who owns the private keys, but he said that he and others weren't likely to share names.

Of all the involved parties and all the millions of dollars on the line, the person with perhaps the strongest stance against doing anything to stop the hacker from successfully withdrawing the funds is Arvicco, the 40-year-old developer who last month initiated the etherum classic project.

The pseudonymous head of ethereum classic said he has no idea what will happen with the Dark DAO on the ETC blockchain.

He concluded:

"According to our philosophy, ethereum classic developers are focusing on the platform itself and do not meddle on [the] dapps/smart contract layer."

Bent bars image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.