The Biggest Hacker Whodunnit of the Summer

It's been almost a month since a $53 million hack sent the Ethereum community into crisis.

June 17 marked the beginning of perhaps the biggest digital bank robbery this summer: Unknown attackers disappeared $53 million in the cryptocurrency Ether from one of the startup finance world's most promising and futuristic projects.

The Decentralized Autonomous Organization (DAO), a new sort of venture capital fund that works without the need for human administrators, was attacked. The decentralized investment fund had just completed what is likely the biggest crowdfunding campaign in the history of the internet, raising $150 million just weeks before the hack.

Indeed, the heist seemed to be a success at first glance—but there's a catch: Unlike with a successful bank robbery, the anonymous perpetrators didn't make off with their booty, over the hills and far away. They were only able to temporarily store the money. The millions are now in one of the DAO's auxiliary accounts. Thanks to the blockchain system's transparency, this so-called "DarkDAO" can be viewed by anyone at the following address: 0x304a554a310c7e546dfe434669c62820b7d83490.

Everyone knew where the money was immediately after the robbery and, thanks to the attackers' digital traces, they were even able to create a profile of the perpetrator. However, the DAO developers have little more to go on.

Stephan Tual was probably looking forward to a more relaxing summer. The 38-year-old, alongside the brothers, Simon and Christoph Jentzsch from Saxony, Germany, are the central developers of the DAO.

Stephan Tual wanted to turn his attention back to his main project, the startup Slock.it, which enables sharing economy transactions without middlemen like Airbnb or Uber. If all had gone according to plan, the DAO would have even invested a portion of its funds into Slock.it. But that plan failed. Since June 17, everything had changed: Tual, his colleagues, and the rest of the Ethereum community are now hunting down the missing Ether millions, and the clock is ticking.

"We'll find him. He only needs to mess up once for the community to find him out."

Due to waiting periods built into the DAO, the team is about to run into a series of deadlines for saving the fund's money. The first deadline, July 16 at 5 AM CEST, is the date that any funds can legitimately exit the DAO—creating a cascading set of complications for the effort to change the Ethereum code in order to retrieve the stolen funds. This would be the last date for a "clean hard fork"—the most drastic and also most comprehensive fix that would reverse the impact of the hack. The next deadline, July 21, is the first date an attacker can "split" their account—meaning they would have new addresses that wouldn't be part of the hard fork. "The DAO is a moving target after the 21st," Tual said.

The final date to save the bulk of the $53 million—30 percent of the DAO's value—is August 31.


It's now been two weeks since the hack. Tual and much of the Ethereum community have been working feverishly to find a solution to the problem. Even Vitalik Buterin, the creator of the Ethereum system on which the Ether currency is built, couldn't help the DAO at the moment of the hack. Buterin did indeed call for all DAO activities to stop for the time being, but he also wrote on Twitter that the Ethereum Foundation, whose blockchain code forms the basis of the DAO, isn't responsible for the organization or its investors.

The DAO investment fund was supposed to be the first company to lack human administrators, organizing itself through its open source code. The code was purposely designed so that it wouldn't recognize authority and so that its creators couldn't intervene to put the money back where it belongs. For the developers, the objectivity of the algorithm and the decentralized nature of the organization constitute nothing less than the ringing-in of a new epoch of economic systems.

But who is even behind the hack? Tual definitely has his suspicions: "Actually, I am relatively sure that I have met the hacker already," he said in a Skype interview with Motherboard. The attacker (or attackers) must have been decidedly clever to be able to identify the security loophole that they slipped through. The DAO hack is not something that a hobby hacker, who wasn't an absolute expert in Ethereum and the programming language Solidity, which was created solely for Ethereum, could accomplish.

"Only very few people are doing this (Ethereum and Solidity) full time, and this robber is a full time coder in Solidity full-time," Tual said, making an educated guess. "He is not the kind to just put in two hours after work."

There are about 100 people, Tual estimates, who work full-time as Solidity programmers. It's a small world that meets regularly at official conferences and in the meantime discusses things in email threads and Reddit forums.


What if the attacker doesn't even care about money? What's motivating the unknown assailant? Why would someone do harm to a project they were so close to and had invested so much time in? "I guess he could have simply done it because he thought this was amusing," Tual said. "But we'll find him. He only needs to mess up once for the community to find him out." The fact that he couldn't just get away with the money is something, according to Tual, that must have been clear to this person, who programs at this level in Solidity.

A second option does remain for the attacker to be able to profit financially: The price of the cryptocurrency, Ether, has fallen by almost half since the hack. The attacker could have shorted the cryptocurrency's price, betting that it would fall on an exchange. But Tual thinks that's improbable because shorting in high sums would be conspicuous on the crypto-exchanges.


The community isn't only confused about the anonymous assailant's motive, it's also squabbling about who is to share the blame for the fact that the DAO could even get into this crisis. During the chaos in the days following the hack, Tual addressed Emin Gün Sirer, an associate professor of computer science at Cornell University, in a tweet.

It's a tough accusation: Did the security researcher, Sirer, know about the DAO's problem before the hack without informing the core team about it? But it's also the type of accusation that programmers don't normally make publicly—in security circles, the consensus is typically that especially these kinds of volatile loopholes and accusations should be discussed privately.

Critics expressed disbelief in response to Tual's tweet, since he made the accusation in public and pointed his finger at someone on Twitter. Wired actually even expressed doubt about the DAO's reliability one day before the fatal attack. Sirer is far from the only person who believed they noticed weak points in the DAO. What's clear is that the question as to who is responsible for the DAO hack is not one that can be answered easily and will linger in the community for a while.

Some believe the hacker actually did the Ethereum community a service by identifying a vulnerability. Others blame the DAO's creators. "Certainly the attacker behaved in an unethical way but the next in line for responsibility is those who programmed a bad contract to begin with," Bruce Fenton, a DAO investor, told Motherboard. "Unfortunately, the entire ecosystem will pay for this error by a few." Others pointed out that a hard fork is a complicated task that takes time to code—if rushed and not done right, it could have disastrous consequences for the DAO's investors.


On June 21, four days after the initial hack, there was movement again in the DAO's accounts. Even more money disappeared unexpectedly, this time to two further accounts: 7.277M ETH arrived here; and 353K ETH landed here. It looked like another hacker attack. The community was getting worried. Would the rest of the millions also disappear? Hours after the attack, one of the better-known developers of the Ethereum platform gave an all-clear signal: "DAO IS BEING SECURELY DRAINED. DO NOT PANIC," Alex Van de Sande, the Ethereum team's chief designer announced on Twitter. In the community, this scenario is labeled a "white hat counterattack"—a counterattack done by good hackers.

A group of programmers, who call themselves "Robin Hood Group," executed the second hack on the DAO. Alex Van de Sande's tweet immediately suggests that it is the leading members of the Ethereum scene who are now clearing out the rest of the DAO. It still isn't clear today who was part of the counterattack or the Robin Hood Group, but the Ethereum scene has faith in its closest activists.

Tual with the other two main developers of the DAO, Simon and Christoph Jentzsch, who come from Saxony. Photo courtesy Stephan Tual

The Ethereum developers used the same weak point for the counterattack as the original attackers used. Almost all of the DAO's money has now disappeared to auxiliary accounts, which are either controlled by the unknown attackers or the Robin Hood Group. What's certain is that the Ether can't move from where the Robin Hood Group has transferred it to for 27 days due to the 'creation window' period built into Ethereum.

However if there are no fundamental changes made soon, then the money saved by the Robin Hood Group could conceivably also be hacked again, the attackers snatching it away from each other using the same trick. It's very probable that the DAO and its millions will sink into chaos. Since the DAO project is one of the biggest on the Ethereum platform at the moment, the hack threatens to push Ethereum itself into an existential crisis.


The entirety of the Ethereum elite has been hurrying in recent weeks to help the DAO makers: "People from the community and the Ethereum Foundation are on various Skype channels, putting in a huge amount of work. So, this group of people is very active now, they went through the possibilities of counter attacking, soft-forking and hard-forking," Stephan Tual told Motherboard.

In order to prevent the chaos on July 21, the fundamental rules and logic of the DAO have to be changed. But since there isn't a boss and there's no hierarchy, the programmed rules can only be changed by two forms of voting: the so-called soft fork and hard fork. Both scenarios are updates of the community codes and are being fervently discussed in the scene. Soft forks are changes in which only a portion of the network, namely the miners exclusively, can execute an update. These miners are certainly an important part of Ethereum, since they make computing power available to the network, which is managed without a centralized server infrastructure, with their own computers—and they earn small amounts of Ether with each computer operation.

In the days following the hack and Robin Hood Group's counterattack, the community speculated about the possibility of a soft fork. Since the DAO runs on the Ethereum blockchain, it's the Ethereum miners who process the DAO's transactions. The soft fork, the update being discussed at the time, would filter out those transactions. "All transactions that would deplete the DAO's account balance would be filtered out," Ethereum developer Lefteris Karapetsas told Motherboard in an email. "One exception would be the Robin Hood Group's accounts. The community trusts them."

After the soft fork, nobody besides the Robin Hood Group would be able to move Ether out of the DAO, so the group could take the money back out of the "Dark DAO"—the nickname for the accounts controlled by the first, ostensibly malicious attackers—in peace after the four weeks are up and return it to its rightful owners. Even the soft fork code, for the update, doesn't seem to be particularly complicated.

It's not a big project in itself, doable within a few days if miners cooperate. But voices in the community are getting loud: Are the miners consolidating all the power in doing so? Can the miners then censor the DAO? People within the libertarian-minded crypto-community don't like censorship at all.


The vote on the soft fork began. The update was published and members of the community started to download it. At first, it seemed like the community was able to get behind the new measures: 80 miners decided for the soft fork update in the first days of voting. The problem seemed to have been solved way before the deadline. That is, until the hacker and computer science professor, Emin Gün Sirer, published a blog post on June 26. Sirer wrote that the soft fork would open up the DAO to other vulnerabilities, such as denial of service attacks.

The soft fork failed. The millions are in danger again, and Tual and his team now have only two weeks instead of four.

The only chance left for Tual and the Ethereum developers to freeze the crypto millions is to have the entire system vote, a so-called hard fork. In contrast to the soft fork, the hard fork is a code change for the entire Ethereum platform, that 51 percent of the users must vote for. This vote also functions as an update: Whoever downloads it is installing the new rules on their computer in doing so. If 51 percent of the community update to the new version of the software, meaning 51 percent of the miners, users, crypto exchanges and developers, then the new rules apply.

At 5 AM CEST on Thursday, July 14, the hacker made a move to set themselves up to grab the funds, confirming malicious intent

Roughly three weeks after the hack, miners reached a general consensus in favor of the hard fork. Nothing is certain until the code is released and miners actually implement it, but Tual and his colleagues have a little room to breathe. "I am quite sure the hard fork will be successful because no one wants the robber to win," he said.

Since the $53 million were hacked in mid-June, basically everyone on the team at Stephan Tual's startup, Slock.it, has been busy limiting the extent of the damage and trying to get back the money. "Slock.it put a huge amount of work in building the framework for the DAO. At least six months of work—that's a net loss, we are financially and mentally exhausted," Tual said.

At 5 AM CEST on Thursday, July 14, the hacker made a move to set themselves up to grab the funds, confirming malicious intent.

I asked Lefteris Karapetsas again what would actually happen if something went awry and the hard fork fails. According to Karapetsas, in the worst case the assailant will get away with the millions. Then the only question is, where does it go? The biggest crypto exchanges wouldn't allow any transactions that have a connection to criminal accounts, according to Karapetsas. If the hard fork does fail, then the $53 million from the DAO would really be lost: Out of reach of Tual and his developer colleagues, and useless to the attacker who to this day remains anonymous.

Correction: A sentence in an earlier version of this story erroneously implied in one that there would need to be two hard forks; in fact the only scenario up for debate was one soft fork, one hard fork.

This article originally appeared on Motherboard Germany.