The world of cryptocurrencies continues to expand at the same rate that electronic scams and thefts related to these virtual currencies grow. This week we explained the attack phishing suffered by the OpenSea digital asset trading platform. A total of 254 non-fungible tokens (NFTs) valued at €1.5 million disappeared overnight, leaving more than thirty people with empty pockets. This is not the first (nor will it be the last) cryptocurrency theft, in fact, there are many precedents in the last 10 years.
One of the first cryptocurrency heists took place six years ago. Known as the case The DAO, someone stole 3.6 million ether (ETH), currently valued at almost 10 million euros. To this day, the name of the person responsible for the theft is still unknown. However, an investigation by the tech-savvy journalist and writer blockchainLaura Shin, would have unmasked the thief of one of the biggest robberies in the history of Ethereum.
Who hacked The DAO of Ethereum?
Who hacked the Ethereum DAO? It is the question that Shin asked himself when he launched an investigation to name and surname the culprit of the theft of 3.6 million ether (ETH), which were then valued at 50 million dollars. Now, six years after the robbery, Shin believes he has found out who was responsible. The journalist has told it in an article of Forbes based on reports from his new book, The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze.
Ethereum is the second largest cryptocurrency network in the world, behind the most popular currencies, bitcoins. The company is valued at $360 million. Its creator, Vitalik Buterin, a native of Russia, is one of the most influential people in the crypto market. In 2017 he met with the very president of Russia, Vladimir Putin. Last year, Ashton Kutcher and Mila Kunis surprised their fans with a cameo with Buteri. Ethereum has grown exponentially in recent years, but despite this, it is still surrounded by an unsolved mystery: the person responsible for the theft of 3.6 million ether in 2016. Six years later, journalist Laura Shin seems to have the answer: Toby Hoenisch, a 36-year-old programmer who is the co-founder and CEO of TenX, a cryptocurrency platform that offers wallets.
Hoenisch denies Shin’s accusations, and in fact offered to provide evidence to knock down Shin’s arguments, evidence that never came. The journalist claims to have contacted her up to four times by email to corroborate the facts, but she never answered her requests. Also, after learning that an investigation into the theft was underway, Hoenisch deleted almost all of her Twitter history.
A vulnerability in The DAO code allowed the theft of 3.6 million ether
It all started in July 2016, when an anonymous user stole $50 million worth of Ethereum. The theft was caused by a vulnerability in a code of the DAO (Decentralized Autonomous Organization) of Ethereum, The DAO. This system, which had been created by the Slock.it company, was being used by thousands of investors as a long-term common fund. A DAO is entirely controlled by computational algorithms. These algorithms are known as smart contracts, which are nothing more than codes necessary for financial transactions that are executed on the blockchain. In 2016, 11,000 anonymous users put their ether into ‘The DAO’ as a long-term savings or investment without knowing that it had a flawed code that allowed ETH to be mined without permission.
On the morning of June 17, 2016, ETH hit a new all-time high of $21.52, making the cryptocurrency on The DAO worth $249.6 million. The hacker took advantage of the spike to divert 31% of ETH in The DAO to DarkDAO thanks to a bug in The DAO code. Within hours, the Ethereum community identified the vulnerability that allowed this theft: the DAO smart contract had been written so that each time someone withdraws money, it would be sent before updating that person’s balance. The attacker used a malicious smart contract, allowing him to withdraw money over and over again.
According to Shin, before committing the theft, Hoenisch wrote multiple posts on Medium notifying of The DAO vulnerability, but Slockit downplayed the severity of the issue. Two weeks later, the robbery occurred.