It looks like centralizing so much of a cryptocurrency’s assets in one fund might be proven to be a catastrophic mistake after all.
About two hours ago users on cryptocurrency social forums started to report that the DAO was bleeding money fast for no apparent reason. Very soon after, those in charge of the DAO sounded the alarm and announced it is under attack by hackers. They called for all hands on deck, asking technically knowledgeable token holders to help stop the attack by performing various actions (further explained below).
The creator of Ethereum, Vitalik Buterin, has called on everyone to spam the system in order to jam it up and prevent any further transactions from taking place – including those of the DAO hackers. He also called on miners to increase the gas price.
As of the latest count the hackers were able to siphon off over 3.5 million (3,544,406.916983843) ETH from the DAO. This stolen loot is worth over $50 million even after the price crashed over 20%.
While the hacking and the vulnerability it exposed were on the DAO and not the Ethereum blockchain, the event seems to shake the trust in the system and right now the price of ETH stands at only around $15.5 despite being close to $20 during the last 24 hours.
Charles Hayter, the CEO of CryptoCompare.com, commented: “This was bound to happen – what has been impressive is the speed of community reaction and solutions from Slock.it and the Ethereum Foundation. With experiments of this nature where money is involved – the 1,000 eyes looking to build it will see many more looking to exploit it.”
He further explained what happened: “The best guess at the moment is that the attacker used a key exploit in conjunction with the DAO splitting function. The exploit allowed the attacker to withdraw funds from the DAO with a recursive call into a new DAO. An issue with the ethereum smart contract recursive call vulnerability. That means if he had 100 tokens in the DAO he could withdraw the underlying ether multiple times into his own DAO alongside the tokens. And then repeat the process with a new withdrawal.
The good news is that there are solutions short term and long term. At present the network is being spammed blocking the hacker from continuing to leech funds. There are fixes that could resolve the issues – the most dramatic suggestion being a hard fork – or essentially setting the clock back to before the hack. At the moment mining pools are advised by Vitalik Buterin to make a quick change blocking all network transaction by raising the gas price.”
1/3 TL;DR #theDAO attack: a hardfork will retrieve all stolen funds from the attacker.
— Stephan Tual (@stephantual) June 17, 2016
3/3 – TL;DR #theDAO attack – Since no money in the DAO was ever spent, and nothing was stolen, nothing was lost.
— Stephan Tual (@stephantual) June 17, 2016
(Photo: pixabay)