Who stole 3.64 million Ethereum?
Original title: "Exclusive: Austrian Programmer And Ex Crypto CEO Likely Stole $11 Billion Of Ether"
Original compilation: Block unicorn
Original compilation: Block unicorn
Austrian programmer and former cryptocurrency CEO may have stolen $11 billion in Ethereum.
Who hacked The DAO in 2016 and embezzled 3.6 million Ethereum? We identified the apparent hacker by following complex encrypted transaction trails and using previously undisclosed privacy-breaking forensic tools, which he denied.
The second largest crypto network, Ethereum, is worth $360 billion. Its creator, Vitalik Buterin, has more than 3 million followers on Twitter, made videos with Ashton Kutcher and Mila Kunis, and met Vladimir Putin. Over the past few years, all the most popular crypto trends have launched on Ethereum: Initial Coin Offerings (ICOs), Decentralized Finance (DeFi), Non-Fungible Tokens (NFTs), and Decentralized Autonomous Organizations (DAOs) . Ethereum has spawned a slew of blockchain imitators, often referred to as "Ethereum killers."
Ethereum is also a big mystery: who committed the largest ETH (Ethereum’s native token) theft ever by hacking The DAO? By the end of the 2016 crowdfunding, the decentralized venture capital fund had raised $139 million in Ethereum (ETH), making it the most successful crowdfunding project to date. A few weeks later, a hacker siphoned 31% of the ETH in The DAO (a total of 3.64 million or 5% of all ETH outstanding at the time) out of the main DAO and into the so-called DarkDAO.
Who Hacked The DAO? My exclusive investigation is based on my new book "The Cryptopians: Ideism, Greed, Lies, and the Making of the First Big Encrypted Currency" Craze's report that the subject of the investigation appears to be Toby Hoenisch, a 36-year-old programmer who grew up in Austria and was living in Singapore at the time of the hack. His most well-known role to date is as co-founder and CEO of TenX. TenX raised $80 million in its initial token offering in 2017 to create a crypto debit card, but the project effort failed. The market capitalization of these tokens soared to $535 million and is now only $11 million.
After receiving a document detailing evidence pointing to him as a hacker, Toby Hoenisch wrote in an email, "Your statements and conclusions are actually inaccurate." In that email, Toby Hoenisch offered to provide details to rebut our findings, but never responded to my follow-up messages asking him repeatedly for those details.
Judging by the severity of this hack, with ETH now trading at around $3,000, 3.64 million ETH would be worth $11 billion. The DAO theft famously and controversially prompted a hard fork of Ethereum - the split of the Ethereum network in two to recover the stolen funds - which ended up allowing DarkDAO to hold not ETH, but much less valuable Ethereum Classic (ETC). Proponents of the fork had hoped that ETC would die, but it is now trading around $30. This means that DarkDAO’s descendant wallets now hold over $100 million in ETC — a lofty monument to the biggest mystery man in cryptocurrency.
Last year, as I was writing my book, my sources and I, using (among other things) a powerful and secretive forensics tool previously provided by the crypto tracking company Chainalysis, came to believe we had figured out who did it. In fact, the story of The DAO and the six-year search for the identity of the hacker amply demonstrates how advanced the technology for tracking transactions in the crypto world has been since the first crypto boom. Today, blockchain technology has become mainstream. But as new applications emerge, encryption's first use—as a shield of anonymity—is failing due to regulatory pressure and the fact that transactions on public blockchains are traceable.
Co-founders Toby Hoenisch and Paul Kittiwongsunthorn at a TenX strategy meeting in Thailand in 2018.
Since Toby Hoenisch won't talk to me, I can only speculate on his possible motives; back in 2016, he discovered a technical bug in the DAO, and may have decided to strike after he concluded that his warning didn't get DAO The creators paid enough attention to it. (Julian Hosp, an Austrian doctor who co-founded TenX and now works full-time on blockchain, said of Hoenisch: “He’s a super opinionated guy who always believes he’s right. Always.”) For perspective, it’s also a story about the big brains and big egos that drive the crypto world — and how a hacker might justify his actions by telling himself he was just doing what the buggy code in the DAO allowed him to do of.
In early 2016, the Ethereum network was less than a year old, and only one person on it was interested in this application: The DAO, a decentralized venture fund built with smart contracts, gave its token holders voting rights to submit funding proposals . It was created by a company called Slock.it, which, instead of seeking traditional venture capital, decided to create this DAO and then open it up for crowdfunding — expecting their own projects to be funded by The DAO One of its projects, the team at Slock.it thinks The DAO could attract $5 million.
However, when the crowdsale started on April 30, $9 million was made in just the first two days, with participants exchanging 1 ETH for 100 DAO tokens. Some on the team were uneasy as the money poured in, but it was too late. By the time the funds were closed a month later, 15,000 to 20,000 people had donated, the DAO held 15% of the total Ethereum at the time, and the price of the cryptocurrency was steadily rising. At the same time, various security and structural concerns were raised about The DAO, one of which ironically turned out to be crucial in limiting immediate access to the loot for hackers. There is a problem: it is too difficult to withdraw funds. To get their money back, you must first create a "sub-DAO" or "split DAO", which not only requires a high degree of technical knowledge.
On the morning of June 17, 2016, ETH hit an all-time high of $21.52, making the cryptocurrency in The DAO worth $249.6 million. When American Griff Green woke up that morning in Mitteweida, Germany, where he was staying at the home of two Slock.it co-founder brothers, he received a message on his phone from a member of the DAO Slack community that he said something happened. Did something weird - saw funds drained. Slock.it's first employee and community organizer Green checks: 258-ETH ($5,600 at the time) has indeed left The DAO in transaction flow. When the attack stopped a few hours later, 31% of the ETH in The DAO had been pumped into DarkDAO. As awareness of the attack spread, Ethereum had its highest trading day ever, with its price plummeting 33% from $21 to $14.
split wealth
The DAO crowdsale in 2016 pushed the price of ether (ETH) to record highs at the time—until the June 17 attack on the DAO sent it crashing. After the hard fork on July 20, the old blockchain began trading in the form of Ethereum Classic (ETC).
Soon, the Ethereum community identified the vulnerability that led to the theft: The DAO smart contract was written so that anytime someone withdraws money, the smart contract will first send the money and then update that person's balance. The attacker used a malicious smart contract to withdraw funds (258 ETH at a time), and then interfered with the contract's update, allowing them to withdraw the same ETH over and over again. It's as if the attacker had $101 in their bank account, withdrew $100 at the bank, then prevented the bank teller from updating the balance to $1, and then requested and received another $100 again.
To make matters worse, once the vulnerability became public, the remaining 7.3 million ETH in The DAO were at risk of impersonation attacks. A group of white hat hackers (i.e., ethical hackers) form and use the attacker's methods to transfer the remaining funds into a new child DAO. But the attacker still owns about 5% of the outstanding ETH, and given the flaws in The DAO, even the rescued ETH is vulnerable. Plus, the clock is ticking toward the July 21st deadline — the first date the original hackers might be able to gain access to the funds they transferred to DarkDao. If the community wanted to prevent the attacker from cashing out, they would need to put the tokens in the hacker's DarkDAO, and then in any future "split DAO" (or sub-DAO) created by the unknown hacker. (According to the rules of the DAO smart contract, the attacker would not be able to withdraw the funds if anyone else in the split DAO objected.) Bottom line: If the white hats miss their window to fight back, the attacker will be able to abscond the funds -- which is Meaning that this informal group has to be vigilant at all times.
Finally, after much wrangling (on Reddit, Slack channels, emails, and Skype calls) and the public engagement of Ethereum founder Buterin, and after a majority of the Ethereum community seemed to support the measure, Ethereum did a " hard fork". On July 20, 2016, the Ethereum blockchain split in two, and all ETH that existed in the DAO was transferred to the "withdrawal" contract, which empowers original contributors to send their DAO tokens and The right to retrieve ETH on the blockchain still attracts some speculators to support the continuation of the old blockchain as Ethereum Classic (ETC).
Ethereum Classic is the DAO and the attacker's loot (in the form of 3.64 million ETC) still exists. That summer, the attackers moved their ETC to a new wallet, which remained dormant until late October, when they began trying to convert the money into bitcoin using an exchange called ShapeShift. Since ShapeShift had no access to personally identifiable information at the time, the identity of the attacker was unknown even though all of the attacker's blockchain movements were visible. Over the next two months, the hackers managed to acquire 282 bitcoins (worth $232,000 at the time, more than $11 million today). Then, perhaps because ShapeShift routinely blocked the transactions they were attempting, they gave up cashing out, leaving behind 3.4 million Ethereum Classic (ETC), worth $3.2 million at the time, now over $100 million.
That could be the end of the story - an unknown hacker sitting on a fortune he can't cash out. Except last July, one of my sources involved in the DAO rescue, a Brazilian named Alex Van de Sande (aka Avsa), reached out to say that the Brazilian police had opened an investigation into the DAO attack — and whether he It could be the victim or even the hacker himself. Van de Sande decided to commission a forensic report from blockchain analysis firm Coinfirm to help exonerate him (although, he says, the police then closed the investigation). Should any similar situation arise in the future, he will continue to write reports examining cash-out attempts in 2016.
A Swiss businessman and his associates were among the early suspects in the hack, and in the process of tracing the funds, van der Sander and I discovered another suspect: the Russian developer of Ethereum Classic. But all of these guys are in Europe/Russia, and cashing in on a morning-to-night timetable mapped to Asia - from 9am Tokyo time to midnight - when Europeans are probably sleeping. (The timing of their social media posts suggests they kept fairly regular hours.) But based on the customer support emails the hackers gave ShapeShift before the attack, I believe they spoke fluent English.
Starting with Coinfirm’s analysis, blockchain analysis firm Chainalysis discovered that a putative attacker had sent 50 BTC to Wasabi Wallet, a private desktop bitcoin wallet designed to anonymize multiple bitcoins by mixing them in a so-called CoinJoin trade. Using functionality first disclosed here, Chainalysis breaks down Wasabi transactions and tracks their outputs to four exchanges. In a crucial final step, an employee of one of the exchanges confirmed to one of my sources that the funds had been swapped for the privacy coin Grin and withdrawn to a Grin node called grin.toby.ai. (Often such customer information is not disclosed due to the exchange privacy policy.)
The IP address of this node also hosts the Bitcoin Lightning nodes: ln.toby.ai, lnd.ln.toby.ai, etc., and has remained consistent for over a year; it is not a VPN.
It is hosted on Amazon Singapore and Lightning explorer 1ML shows a node called TenX on that IP.
For anyone entering the crypto space in June 2017, the name might ring alarm bells. That month, as the ICO craze reached its initial peak, there was an $80 million ICO called TenX. The CEO and co-founder uses the handle @tobyai on AngelList, Betalist, GitHub, Keybase, LinkedIn, Medium, Pinterest, Reddit, StackOverflow, and Twitter. His name is Toby Hoenisch.
where is he? in Singapore. Although he was born in Germany and raised in Austria, he is fluent in English. Withdrawal transactions mainly occur from 8:00 am to 11:00 pm Singapore time.
The email address used by the exchange on this account is [exchange name]@toby.ai.
In May 2016, while wrapping up its historic fundraising campaign, Hoenisch became interested in The DAO. On May 12, he emailed Hosp a tip (“Profitable Crypto Trade Coming Soon”) to short ETH after the DAO crowdsale period ended. On the DAO Slack channel on May 17th and 18th, he had a lengthy conversation, and by count, he posted at least 52 comments about bugs in The DAO, touching on various aspects of the code and being critical of the code itself The way it is structured, what exactly is possible.
One question prompted him to email Slock.it's CTO Christoph Jentzsch, Chief Technical Engineer Lefteris Karapetas, and Community Manager Griff Green. In his email, he said he was writing a funding proposal for The DAO for a crypto card product called DAO.PAY, adding: “For our due diligence, we checked the DAO code and found some Worrying stuff." He outlined three possible attack vectors, and later emailed a fourth. Jentzsch, a German who was working on a PhD in physics before dropping out to focus on ethereum, responded point by point, acknowledging some of Toby Hoenisch's assertions but saying others were "wrong" or "didn't work" . The back and forth ends with Hoenisch writing; "If we find out about anything else, I'll keep you updated."
But on May 28, 2016, instead of further email exchanges, Toby Hoenisch wrote four posts on Medium, beginning with "TheDAO - Vote Without Risk." The second, "TheDAO - Ransom Withdrawals," foreshadows the main problem with The DAO and why Ethereum eventually opted for a hard fork: if not, the only other options are for the attacker to cash out his ill-gotten gains or For some group of DAO token holders to follow him forever into the new split DAO he created while trying to cash out. “TLDR: If you end up with a DAO contract with no majority voting power, an attacker can block all withdrawals indefinitely,” he wrote. The third shows how an attacker can do this cheaply.
Judging by the severity of this hack, with ETH now trading at around $3,000, 3.64 million ETH would be worth $11 billion.
His most convincing final piece of the day, “TheDAO — A $150M Lesson in Decentralized Governance,” said DAO.PAY decided not to accept the DAO.PAY after discovering a “major security flaw” and “Slockit downplays the severity of the attack.” Make suggestion vector. ’” he wrote, “TheDAO is live...we’re still waiting for Slockit to issue a warning that there’s no safe way to exit!”
On June 3, 2016, his last article on Medium, "Announcing BlockOps: Blockchain Hack Challenges," said, "BlockOps is your playground to crack encryption, steal bitcoins, crack smart contracts, and simply test your security knowledge." ’” Although he promises to “publish new challenges in bitcoin, ethereum, and cybersecurity every two weeks,” I can’t find a record of him doing so.
The DAO attack happened two weeks later. The morning after the attack, at 7:18 a.m. Singapore time, Hoenisch retweeted what Buterin had said before The DAO was attacked as a way to lure ethereum creator Vitalik Buterin, but learned that the After the vulnerability became apparent in the DAO's code. In a tweet two weeks ago, Buterin had said he had been buying DAO tokens since the security news broke. In the weeks that followed, Hoenisch tweeted anti-hard fork posts, such as one titled “Too Big to Fail is Guaranteed to Fail.”
Curiously, on July 5, 2016, a few weeks after the attack, Toby Hoenisch and the Karapetsas exchanged Reddit DMs titled "DarkDAO Strikes Back"—although the content of the message is unclear, as Toby Hoenisch had deleted his All Reddit posts. (Hosp recalls being told by Hoenisch that he had deleted his Reddit account after a dispute with an "idiot" on Reddit about The DAO.) Toby Hoenisch wrote, "Sorry for not reaching out first, I didn't find It does tell the community that there are ways to fight back. Regardless, I don't see any way attackers could use it."
After Karapetsas told Toby Hoenisch that the white hats planned to protect what was left in the DAO, Hoenisch replied, "I'm resigning from this position." .” Toby Hoenisch’s final message in that exchange: “I’m sorry if I messed up the plan.”
On July 24, 2016, the day after the Ethereum Classic chain was restored and began trading on Poloniex, Hoenisch tweeted, "Ethereum drama upgrade: from #daowars to #chainwars. Ethereum Classic is now at Poloniex as ETC and miners plan transaction attacks.” On July 26, 2016, he retweeted Barry Silbert, founder and CEO of the powerful and well-respected Digital Currency Group, who had tweeted "Bought my first non-Bitcoin digital currency...Ethereum Classic (ETC)," wrote.
"He really screwed up (the hacker DAO), reputation is worth more than money."
After hearing the name Toby Hoenisch, and in the absence of evidence that he was the DAO attacker, Karapetsas, a usually humorous Greek software developer who was one of the DAO's creators, communicated via email and Reddit He was approached and said, "He's annoying...he's very insistent on finding a lot of problems." After hearing that DarkDAO ETC had been cashed out to a Grin node using the alias Toby Hoenisch, Karapetsas observed that if Toby Hoenisch Correcting the situation with DarkDao’s funds frozen, the Ethereum community will give him “huge credit” for finding the weakness and returning ETH. Likewise, Griff Green, whose current projects tend to help nonprofits and public causes thrive in the digital world, believes that hackers miss the opportunity to "be the hero."
Green said: The irony is that in a blog post in 2016, Toby Hoenisch wrote: "I am a white hat hacker." 20 days later, the DAO was attacked.
As I mentioned earlier, after receiving a document laying out evidence that he was a hacker and requesting a comment on my book, Hoenisch wrote that my conclusions were "actually inaccurate." He said in that email that he could give me more details — and then did not respond to four requests for those details, or other fact-checking inquiries for this article. Additionally, after receiving the first document detailing the facts I had gathered, he deleted nearly all of his Twitter history (although I had saved relevant tweets).
In May 2015, Toby Hoenisch and the co-founders of his crypto debit card venture (originally called OneBit) had some success at the Mastercard Masters of Code hackathon in Singapore. They started using the card on an invitation-only basis that year because, as Hoenisch explained on Reddit, “We didn’t want to launch a half-assed bitcoin wallet that would land us in the dark for KYC (know your customer) violations.” Dilemma. Legal. Yes, legal is the main reason we can’t dropship.” A Bitcoin Magazine article at the time said Hoenisch had a background in artificial intelligence, IT security, and cryptography.
In early 2017, months after the supposed DAO attackers stopped trying to cash out their ETC, Toby Hoenisch's team (then operating as TenX) announced that it had withdrawn from Fenbushi Capital (among other companies) where Ethereum founder Buterin was based. $1 million in seed funding followed by an $80 million ICO. Things took a turn for the worse for TenX in early 2018 when TenX's card issuer, Wavecrest, was launched from the Visa network, meaning TenX users could no longer use their debit cards.
On October 1, 2020, TenX announced that it would cease its services as its new card issuer, Wirecard SG, has been directed by the Monetary Authority of Singapore to cease operations. On April 9, 2021, TenX published a blog titled "TenX, Meet Mimo". It outlined a new business that would offer a euro-pegged stablecoin whose value is pegged to fiat currencies such as the dollar, euro or yen. The market capitalization of the TenX token soared to $535 million and is now only $11 million. TenX has rebranded itself as Mimo Capital and is offering holders of TenX tokens most of the worthless MIMO tokens instead at a rate of 0.37 MIMO per TenX.
Hosp, the public face of the company, was fired by Toby Hoenisch and another co-founder in January 2019. This happened a few months ago when several crypto publications reported on Hosp's past ties to Austrian multi-level marketing schemes. However, before hearing evidence that Hoenisch was the DAO attacker, Hosp said his feeling was that Hoenisch might have pushed him out because he was jealous that Hoen sold bitcoin at the top of the bubble in late 2017, earning himself $20 million. Meanwhile, Toby Hoenisch has all his cryptocurrencies as a bubble — and his personal net worth — compressed.
“He came from a very poor family, he had no investment experience, he was in the cryptocurrency industry in 2010, but he had no money, nothing, and when we were in Las Vegas [in the summer of 2016], he Nothing, and I've done well with my investments...he's always going to fight for more money, for better things." Hosp also mentioned that Toby Hoenisch had to send money home to the people who raised him. mother, and his sister and brother as single parents.
As new blockchain applications emerge, encryption's first use -- as an anonymity shield -- is in retreat.
After hearing that Toby Hoenisch was a possible DAO attacker, Hosp said he had "goosebumps" and began recalling details of his interactions with his former partner that now seem to take on new meaning. For example, when asked if Toby Hoenisch liked Grin (the privacy coin that the hackers cashed out), Hosp said, "Yeah! Yes, he is. He's obsessed with it... I lost money because of those stupid coins." Money! I invested in them because of him, because they were so obsessed with him.” He said Toby Hoenisch was also obsessed with building a Bitcoin/Monero “atomic swap” — or a way of using smart contracts to combine Bitcoin and privacy. A method of exchanging between Coins and Rocoins. At the time, Hosp was puzzled because he felt there was no market for such a product. Later, Hosp pulled up the chat logs from August 2016.
While trying to recall the events he believes prompted Toby Hoenisch to shut down Reddit, Hosp started searching on his computer and muttered, "He always uses tobyai." He identified one of Toby's regular email addresses as @toby .ai ending.
"For some odd reason, he was very aware of what was going on... When I asked him what was going on, he knew more about the DAO hack... than I do on the Internet," recalls a still-shocked Hosp. or more found anywhere."
Original link
