The DAO was attacked on 17/06/2016. Hackers found a “recursive call” vulnerability in the code for The DAO and drained ~30% (3,641,694.241898506 ether, ~ USD 59,578,117.80) of the ethers held by the smart contract running The DAO on the Ethereum blockchain. A good analysis of the techniques employed is described in Analysis of the DAO exploit. As part of the design of The DAO’s program, the attacker’s hacked funds are sitting in a child-DAO account for another 27 days since the attack.
In CRITICAL UPDATE Re: DAO Vulnerability, the Ethereum Foundation has proposed:
- A soft-fork to the blockchain to block the withdrawal of the hacked funds from the attacker-controlled child-DAO account. In this case the attacker receives nothing, and the DAO token holders may possibly receive up to ~60% of their original ethers back; and
- A hard-fork to the blockchain to move the frozen funds back into a Smart Contract allowing the original The DAO token holders to withdraw their ethers. In this case the attacker receives nothing, and the DOA token holders may possibly receive up to 100% of their original ethers back.
But it is up to the miners whether they support the soft and/or hard-fork by selecting the appropriate option in the upgraded blockchain node software. And some mining pools have already set up polls for their miners to vote on the proposed soft-fork (and hard-fork when details of this are released) – see ethpool.org/stats/votes and ethermine.org/stats/votes
The original aim of The DAO was to invest in building the Ethereum platform ecosystem. As a DAO token holder, I was originally happy if the community democratically decides to fork or not. This was part of the high risk of investing in The DAO.
The alleged attack group in Exclusive: Full Interview Transcript with Alleged DAO “Attacker” is offering Ethereum blockchain miners a huge bribe to oppose the soft-fork and the hard-fork. The alleged attack group have NOT proven the authenticity of their pastebin message and that they control the attacking account. This is more of the toxic r/bitcoin style social attack on Ethereum.
With the social attacks ratcheting up, I am now opposed to the opposition of the soft and hard-fork.
White-hat hackers are mobilising to move the remaining funds to the Ethereum Foundation.
And The DAO is fighting back – see A DAO Counter-Attack.