The DAO Falls Victim to Cyber Attack Leading Ethereum to Crash Over 20%

Friday, 17/06/2016 | 10:45 GMT by Avi Mizrahi
  • The event is still ongoing as hackers have already stolen over 3.5 million ETH from the DAO's coffers.
The DAO Falls Victim to Cyber Attack Leading Ethereum to Crash Over 20%
Finance Magnates

It looks like centralizing so much of a cryptocurrency's assets in one fund might be proven to be a catastrophic mistake after all.

About two hours ago users on cryptocurrency social forums started to report that the DAO was bleeding money fast for no apparent reason. Very soon after, those in charge of the DAO sounded the alarm and announced it is under attack by hackers. They called for all hands on deck, asking technically knowledgeable token holders to help stop the attack by performing various actions (further explained below).

The creator of Ethereum , Vitalik Buterin, has called on everyone to spam the system in order to jam it up and prevent any further transactions from taking place - including those of the DAO hackers. He also called on miners to increase the gas price.

As of the latest count the hackers were able to siphon off over 3.5 million (3,544,406.916983843) ETH from the DAO. This stolen loot is worth over $50 million even after the price crashed over 20%.

While the hacking and the vulnerability it exposed were on the DAO and not the Ethereum Blockchain , the event seems to shake the trust in the system and right now the price of ETH stands at only around $15.5 despite being close to $20 during the last 24 hours.

hour_CryptoCompare_Index_ETH_USD_120_61466160319546
Charles Hayter, CEO, CryptoCompare.com

Charles Hayter,
CEO, CryptoCompare.com

Charles Hayter, the CEO of CryptoCompare.com, commented: "This was bound to happen - what has been impressive is the speed of community reaction and solutions from Slock.it and the Ethereum Foundation. With experiments of this nature where money is involved - the 1,000 eyes looking to build it will see many more looking to exploit it."

He further explained what happened: "The best guess at the moment is that the attacker used a key exploit in conjunction with the DAO splitting function. The exploit allowed the attacker to withdraw funds from the DAO with a recursive call into a new DAO. An issue with the ethereum smart contract recursive call vulnerability. That means if he had 100 tokens in the DAO he could withdraw the underlying ether multiple times into his own DAO alongside the tokens. And then repeat the process with a new withdrawal.

The good news is that there are solutions short term and long term. At present the network is being spammed blocking the hacker from continuing to leech funds. There are fixes that could resolve the issues - the most dramatic suggestion being a hard fork - or essentially setting the clock back to before the hack. At the moment mining pools are advised by Vitalik Buterin to make a quick change blocking all network transaction by raising the gas price."

It looks like centralizing so much of a cryptocurrency's assets in one fund might be proven to be a catastrophic mistake after all.

About two hours ago users on cryptocurrency social forums started to report that the DAO was bleeding money fast for no apparent reason. Very soon after, those in charge of the DAO sounded the alarm and announced it is under attack by hackers. They called for all hands on deck, asking technically knowledgeable token holders to help stop the attack by performing various actions (further explained below).

The creator of Ethereum , Vitalik Buterin, has called on everyone to spam the system in order to jam it up and prevent any further transactions from taking place - including those of the DAO hackers. He also called on miners to increase the gas price.

As of the latest count the hackers were able to siphon off over 3.5 million (3,544,406.916983843) ETH from the DAO. This stolen loot is worth over $50 million even after the price crashed over 20%.

While the hacking and the vulnerability it exposed were on the DAO and not the Ethereum Blockchain , the event seems to shake the trust in the system and right now the price of ETH stands at only around $15.5 despite being close to $20 during the last 24 hours.

hour_CryptoCompare_Index_ETH_USD_120_61466160319546
Charles Hayter, CEO, CryptoCompare.com

Charles Hayter,
CEO, CryptoCompare.com

Charles Hayter, the CEO of CryptoCompare.com, commented: "This was bound to happen - what has been impressive is the speed of community reaction and solutions from Slock.it and the Ethereum Foundation. With experiments of this nature where money is involved - the 1,000 eyes looking to build it will see many more looking to exploit it."

He further explained what happened: "The best guess at the moment is that the attacker used a key exploit in conjunction with the DAO splitting function. The exploit allowed the attacker to withdraw funds from the DAO with a recursive call into a new DAO. An issue with the ethereum smart contract recursive call vulnerability. That means if he had 100 tokens in the DAO he could withdraw the underlying ether multiple times into his own DAO alongside the tokens. And then repeat the process with a new withdrawal.

The good news is that there are solutions short term and long term. At present the network is being spammed blocking the hacker from continuing to leech funds. There are fixes that could resolve the issues - the most dramatic suggestion being a hard fork - or essentially setting the clock back to before the hack. At the moment mining pools are advised by Vitalik Buterin to make a quick change blocking all network transaction by raising the gas price."

About the Author: Avi Mizrahi
Avi Mizrahi
  • 2727 Articles
  • 10 Followers
About the Author: Avi Mizrahi
Azi Mizrahi, expert in fintech trends and global markets, enriches readers with deep insights.
  • 2727 Articles
  • 10 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}