OPRR Flash Depth Activities

Search Extension

Who stole 3.64 million Ethereum?

2022-02-23 09:18

Read this article in 32 Minutes

AI summary

View the summary

Original title: "Exclusive: Austrian Programmer And Ex Crypto CEO Likely Stole $11 Billion Of Ether"

Original author: Laura Shin

Original compilation: Block unicorn

Austrian programmer and former cryptocurrency CEO may have stolen $11 billion in Ethereum.

Who hacked The DAO in 2016 and embezzled 3.6 million Ethereum? We identified the apparent hacker by following complex encrypted transaction trails and using previously undisclosed privacy-breaking forensic tools, which he denied.

Ethereum, the second largest crypto network, is worth $360 billion. Its creator, Vitalik Buterin, has more than 3 million followers on Twitter, made videos with Ashton Kutcher and Mila Kunis, and met Vladimir Putin. Over the past few years, all the most popular crypto trends have launched on Ethereum: Initial Coin Offerings (ICOs), Decentralized Finance (DeFi), Non-Fungible Tokens (NFTs), and Decentralized Autonomous Organizations (DAOs) . Ethereum has spawned a slew of blockchain imitators, often referred to as "Ethereum killers."

Ethereum is also a big mystery: who committed the largest ETH (Ethereum’s native token) theft ever by hacking The DAO? By the end of the crowdsale in 2016, the decentralized venture capital fund had raised $139 million in Ethereum (ETH), making it the most successful crowdfunding project to date. A few weeks later, a hacker siphoned 31% of the ETH in The DAO (a total of 3.64 million or 5% of all ETH outstanding at the time) out of the main DAO and into the so-called DarkDAO.

Who Hacked The DAO? My exclusive investigation is based on my new book, "The Cryptopians: Ideism, Greed, Lies, and the Making of the Cryptopians: Ideism, Greed, Lies, and the Making of the First Big Encrypted Currency Craze reports that the investigation appears to be that of Toby Hoenisch, a 36-year-old programmer who grew up in Austria and was living in Singapore at the time of the hack. His most widely known role to date is as the co-founder and CEO of TenX. TenX raised $80 million in its initial token offering in 2017 to create a crypto debit card, but the project's efforts fizzled. The market capitalization of these tokens soared to $535 million and is now only $11 million.

After receiving a document detailing evidence pointing to him as a hacker, Toby Hoenisch wrote in an email, "Your statements and The conclusions are actually inaccurate.” In that email, Toby Hoenisch offered to provide details to rebut our findings, but never responded to my follow-up messages asking him repeatedly for those details.

Looking at the seriousness of this hack, with ETH now trading around $3,000, 3.64 million ETH would be worth $11 billion. The DAO theft famously and controversially prompted a hard fork of Ethereum - the split of the Ethereum network in two to recover the stolen funds - which ended up allowing DarkDAO to hold not ETH, but much less valuable Ethereum Classic (ETC). Proponents of the fork had hoped that ETC would die, but it is now trading around $30. That means DarkDAO’s descendant wallets now hold over $100 million in ETC — a lofty monument to the biggest mystery man in cryptocurrency.

Last year, when I was writing my book, my sources and I leveraged (among other things) the crypto tracking company Chainalysis that previously provided a powerful and Secret forensics tool to start believing we already figured out who did it. In fact, the story of The DAO and the six-year search for the identity of the hacker amply demonstrates how advanced the technology for tracking transactions in the crypto world has been since the first crypto boom. Today, blockchain technology has become mainstream. But as new applications emerge, encryption's first use—as a shield of anonymity—is failing due to regulatory pressure and the fact that transactions on public blockchains are traceable.

< p>

Co-founders Toby Hoenisch and Paul Kittiwongsunthorn at the TenX Strategy Conference in Thailand in 2018.

Since Toby Hoenisch won't talk to me, I can only speculate on his possible motives; And may decide to strike after coming to the conclusion that his warnings were not heeded enough by the DAO's creators. (Julian Hosp, an Austrian doctor who co-founded TenX and now works full-time on blockchain, said of Hoenisch: “He’s a super opinionated guy who always believes he’s right. Always.”) For perspective, it’s also a story about the big brains and big egos that drive the crypto world — and how a hacker might justify his actions by telling himself he was just doing what the buggy code in the DAO allowed him to do of.

In early 2016, the Ethereum network was less than a year old, and there was only one person on it interested in this application: The DAO, a decentralized A venture fund that empowers its token holders to vote on funding proposals submitted. It was created by a company called Slock.it, which, instead of seeking traditional venture capital, decided to create this DAO and then open it up for crowdfunding — expecting their own projects to be funded by The DAO One of its projects, the team at Slock.it thinks The DAO could attract $5 million.

However, when the crowdfunding started on April 30, $9 million was made in the first two days alone, with participants exchanging 1 ETH for 100 DAO tokens. Some on the team were uneasy as the money poured in, but it was too late. By the time the funds were closed a month later, 15,000 to 20,000 people had donated, the DAO held 15% of the total Ethereum at the time, and the price of the cryptocurrency was steadily rising. At the same time, various security and structural concerns were raised about The DAO, one of which ironically turned out to be critical in limiting immediate access to the loot for hackers. There is a problem: it is too difficult to withdraw funds. To get their money back, you must first create a "child DAO" or "split DAO", which not only requires a high degree of technical knowledge.

On the morning of June 17, 2016, ETH hit an all-time high of $21.52, making the cryptocurrency in The DAO worth $249.6 million. When American Griff Green woke up that morning in Mitteweida, Germany, where he was staying at the home of two Slock.it co-founder brothers, he received a message on his phone from a member of the DAO Slack community that he said something happened. Did something weird - saw funds drained. Slock.it's first employee and community organizer Green checks: 258-ETH ($5,600 at the time) of transaction flow has indeed left The DAO. When the attack stopped a few hours later, 31% of the ETH in The DAO had been pumped into DarkDAO. As awareness of the attack spread, ethereum recorded its highest trading day ever, with its price plummeting 33% from $21 to $14.

Splitting Wealth

The 2016 DAO Crowdfunding Sale Will Price Ether (ETH) Pushing up to then-all-time highs—until the June 17 attack on The DAO sent it crashing. After the hard fork on July 20, the old blockchain began trading in the form of Ethereum Classic (ETC).

Soon, the Ethereum community identified the loophole that led to the theft: the DAO smart contract was written so that whenever someone withdraws money, the smart contract will first remit the money, Then update the person's balance. The attacker used a malicious smart contract to withdraw funds (258 ETH at a time), and then interfered with the contract's update, allowing them to withdraw the same ETH over and over again. It is as if the attacker had $101 in their bank account, withdrew $100 at the bank, then prevented the bank teller from updating the balance to $1, and then requested and received another $100 again.

To make matters worse, once the vulnerability is made public, the remaining 7.3 million ETH in The DAO are at risk of impersonation attacks. A group of white-hat hackers (i.e., ethical hackers) form and use the attacker's methods to transfer the remaining funds into a new child DAO. But the attacker still owns about 5% of the outstanding ETH, and given the flaws in The DAO, even the rescued ETH is vulnerable. Plus, the clock is ticking toward the July 21st deadline — the first date the original hackers might be able to get their hands on the funds they transferred to DarkDao. If the community wanted to prevent the attacker from cashing out, they would need to put the tokens in the hacker's DarkDAO, and then in any future "split DAO" (or child DAO) created by the unknown hacker. (According to the rules of the DAO smart contract, the attacker would not be able to withdraw the funds if anyone else in the split DAO objected.) Bottom line: If the white hats miss their window to fight back, the attacker will be able to abscond the funds -- which is Meaning that this informal group has to be vigilant at all times.

Eventually, after much wrangling (on Reddit, Slack channels, emails, and Skype calls) and Ethereum founder Buterin's public engagement, and the Ethereum did a "hard fork" after a majority of the community seemed to support the measure. On July 20, 2016, the Ethereum blockchain split in two, and all ETH that existed in the DAO was transferred to the "withdrawal" contract, which empowers original contributors to send their DAO tokens and The right to retrieve ETH on the blockchain still attracts some speculators to support the continuation of the old blockchain as Ethereum Classic (ETC).

Ethereum Classic is the DAO and the attacker's loot (in the form of 3.64 million ETC) still exists. That summer, the attackers moved their ETC to a new wallet, which remained dormant until late October, when they began trying to convert the money into bitcoin using an exchange called ShapeShift. Since ShapeShift had no access to personally identifiable information at the time, the identity of the attacker was unknown even though all of the attacker's blockchain movements were visible. Over the next two months, the hackers managed to get their hands on 282 bitcoins (worth $232,000 at the time, more than $11 million now). Then, perhaps because ShapeShift often blocked the transactions they were trying, they gave up on cashing out, leaving behind 3.4 million Ethereum Classic (ETC), worth $3.2 million at the time, now over $100 million.

This could be the end of the story - an unknown hacker is sitting on a fortune he can't cash in. Except last July, one of my sources involved in the DAO rescue, a Brazilian named Alex Van de Sande (aka Avsa), reached out to say that the Brazilian police had opened an investigation into the DAO attack — and whether he It could be the victim or even the hacker himself. Van de Sande decided to commission a forensic report from blockchain analysis firm Coinfirm to help exonerate him (although, he says, the police then closed the investigation). Should any similar situation arise in the future, he will continue to write reports examining the cash-out attempts in 2016.

A Swiss businessman and his associates were among the early suspects in the hack, and in the process of tracing the funds, van der Sander and I discovered another suspect Who: Ethereum Classic developer in Russia. But all of those guys are in Europe/Russia, and cashing in on a morning-to-night timetable mapped to Asia — from 9am to midnight Tokyo time — when Europeans are probably sleeping. (The timing of their social media posts suggests they kept fairly regular hours.) But based on customer support emails the hackers submitted to ShapeShift before the attack, I believe they speak fluent English.

Following Coinfirm's analysis, blockchain analysis firm Chainalysis discovered that a putative attacker had sent 50 BTC to Wasabi Wallet, a private desktop bitcoin wallet , which aims to make transactions anonymous by mixing multiple bitcoins in what is called a CoinJoin. Using functionality first disclosed here, Chainalysis breaks down Wasabi transactions and tracks their outputs to four exchanges. In a crucial final step, an employee of one of the exchanges confirmed to one of my sources that the funds had been swapped for the privacy coin Grin and withdrawn to a Grin node called grin.toby.ai. (Due to the exchange's privacy policy, such customer information is generally not disclosed.)

The IP address of this node also hosts the Bitcoin Lightning node: ln.toby .ai, lnd.ln.toby.ai, etc., and have been consistent for over a year; it's not a VPN.

It is hosted on Amazon Singapore and Lightning explorer 1ML shows a node called TenX on that IP.

For anyone entering the crypto space in June 2017, this name may ring alarm bells. That month, as the ICO craze reached its initial peak, there was an $80 million ICO called TenX. CEO and co-founder uses the handle @tobyai on AngelList, Betalist, GitHub, Keybase, LinkedIn, Medium, Pinterest, Reddit, StackOverflow, and Twitter. His name is Toby Hoenisch.

Where is he? in Singapore. Although he was born in Germany and raised in Austria, he is fluent in English. Withdrawal transactions mainly occur from 8:00 am to 11:00 pm Singapore time.

The email address used by this exchange on this account is [exchange name]@toby.ai .

In May 2016, while wrapping up its historic fundraising campaign, Hoenisch became interested in The DAO. On May 12, he emailed Hosp a tip (“Profitable Crypto Trade Coming Soon”) to short ETH after the DAO crowdsale period ended. On the DAO Slack channel on May 17th and 18th, he had a lengthy conversation, and by count, he posted at least 52 comments about bugs in The DAO, touching on various aspects of the code and being critical of the code itself The way it is structured, what exactly is possible.

A question prompted him to email Slock.it's CTO Christoph Jentzsch, Chief Technical Engineer Lefteris Karapetas and Community Manager Griff Green. In his email, he said he was writing a funding proposal for The DAO for a crypto card product called DAO.PAY, adding: “For our due diligence, we checked the DAO code and found some Worrying thing." He outlined three possible attack vectors and later emailed a fourth. Jentzsch, a German who was working on a PhD in physics before dropping out to focus on ethereum, responded point by point, acknowledging some of Toby Hoenisch's assertions but saying others were "wrong" or "didn't work" . The back and forth ends with Hoenisch writing; "If we find out about anything else, I'll keep you posted."

But on May 28, 2016, Toby Instead of engaging in further email exchanges, Hoenisch wrote four posts on Medium, beginning with “TheDAO — Risk-Free Voting.” The second, "TheDAO - Ransom Withdrawals," foreshadows the main problem with The DAO and why Ethereum eventually opted for a hard fork: if not, the only other options are for the attacker to cash out his ill-gotten gains or For some group of DAO token holders to follow him forever into the new split DAO he created while trying to cash out. “TLDR: If you end up with a DAO contract with no majority voting power, an attacker can block all withdrawals indefinitely,” he wrote. The third shows how an attacker can do this cheaply.

Looking at the severity of this hack, 3.64 million ETH would be worth $11 billion now that ETH is trading around $3,000.

His most eloquent final piece of the day, "TheDAO - A $150M Lesson in Decentralized Governance" says , DAO.PAY decided not to propose a carrier after discovering a "significant security flaw" and "Slockit downplaying the severity of the attack." he wrote, "TheDAO is live...we are still waiting for a warning from Slockit that there is no safe way to exit!"

June 2016 On the 3rd, his last article on Medium, "Announcing BlockOps: Blockchain Hack Challenges," said, "BlockOps is a playground for you to crack encryption, steal bitcoins, crack smart contracts, and simply test your security knowledge." Although he promises to "publish new challenges in bitcoin, ethereum, and cybersecurity every two weeks," I can find no record of him doing so.

Two weeks later came the DAO attack. The morning after the attack, at 7:18 a.m. Singapore time, Hoenisch retweeted what Buterin had said before The DAO was attacked as a way to lure ethereum creator Vitalik Buterin, but learned that the After the vulnerability became apparent in the DAO's code. In a tweet two weeks ago, Buterin had said that he had been buying DAO tokens since the security news broke. In the weeks that followed, Hoenisch tweeted anti-hard fork posts, such as one titled “Too Big to Fail is Guaranteed to Fail.”

Curiously, a few weeks after the attack, on July 5, 2016, Toby Hoenisch and Karapetsas exchanged Reddit DMs titled "DarkDAO Strikes Back" — although the content of the message is unclear, as Toby Hoenisch has deleted all of his Reddit posts. (Hosp recalls that Hoenisch told him he had deleted his Reddit account after a dispute with a "idiot" on Reddit about The DAO.) Toby Hoenisch wrote, "Sorry for not reaching out first, I There's no way to find it and tell the community to fight back. Anyway, I don't see any way an attacker could use it."

Tell Toby Hoenisch White in Karapetsas After Hat planned to protect what was left in the DAO, Hoenisch replied, "I'm resigning from this position." Karapetsas responded, "From now on, I'll keep you updated on what we're doing." Toby Hoenisch was there The last message in this exchange: "I'm sorry if I messed up the plan."

July 24, 2016 on the Ethereum Classic chain A day after resuming and starting trading on Poloniex, Hoenisch tweeted, "Ethereum drama escalation: from #daowars to #chainwars. Ethereum Classic is now on poloniex as ETC and miners plan transaction attacks." On July 26, 2016, he retweeted Barry Silbert, founder and CEO of the powerful and well-respected Digital Currency Group, who had tweeted: "Bought my first non Bitcoin digital currency...Ethereum Classic (ETC)."

"He really screwed up (hacking the DAO), reputation is more important than money more valuable.”

After hearing the name Toby Hoenisch, without evidence that he was the DAO attacker , Karapetsas, a usually humorous Greek software developer who was one of the creators of The DAO and was approached via email and Reddit, said, "He's annoying... Found a lot of issues.” After hearing that DarkDAO ETC had been cashed out to a Grin node using the alias of Toby Hoenisch, Karapetsas observed that if Toby Hoenisch rectified the situation while DarkDao funds were frozen, the Ethereum community Will give him "huge kudos" for finding the weakness and returning ETH. Likewise, Griff Green, whose current projects tend to help nonprofits and public causes thrive in the digital world, believes that hackers miss the opportunity to "be the hero."

Green said: Ironically, in a 2016 blog post, Toby Hoenisch wrote, "I'm a white hat hacker."20 Days later, The DAO was attacked.

As I mentioned earlier, after receiving a document listing evidence that he was a hacker and requesting a comment on my book, Hoenisch wrote My conclusion was "actually inaccurate," he said. He said in that email that he could give me more details — then did not respond to four requests for those details, or other fact-checking inquiries for this article. Additionally, after receiving the first document detailing the facts I had gathered, he deleted nearly all of his Twitter history (although I had saved relevant tweets).

Toby Hoenisch and the co-founders of his crypto debit card venture (originally known as OneBit) at the Mastercard Masters of Code in Singapore, May 2015 There have been some successes in hackathons. They started using the card on an invitation-only basis that year because, as Hoenisch explained on Reddit, “We didn’t want to launch a half-assed bitcoin wallet that would land us in the dark for KYC (know your customer) violations.” Dilemma. Legal. Yes, legal is the main reason we can’t drop ship.” Hoenisch had a background in artificial intelligence, IT security, and cryptography, according to an article in Bitcoin Magazine at the time.

In early 2017, months after the supposed DAO attackers stopped trying to cash out their ETC, Toby Hoenisch's team (then operating as TenX) announced Has raised $1 million in seed funding from Ethereum founder Buterin's Fenbushi Capital (among others), followed by an $80 million ICO. Things took a turn for the worse for TenX in early 2018 when TenX’s card issuer, Wavecrest, was launched from the Visa network, meaning TenX users could no longer use their debit cards.

On 1 October 2020, TenX announced that it will cease its services as its new card issuer, Wirecard SG, has been directed by the Monetary Authority of Singapore to cease operations. On April 9, 2021, TenX published a blog titled "TenX, Meet Mimo". It outlined a new business that would offer a euro-pegged stablecoin whose value is pegged to fiat currencies such as the dollar, euro or yen. The market capitalization of the TenX token soared to $535 million and is now only $11 million. TenX has rebranded itself as Mimo Capital and is offering holders of TenX tokens most of the worthless MIMO tokens instead at a rate of 0.37 MIMO per TenX.

Hosp, the public face of the company, was fired in January 2019 by Toby Hoenisch and another co-founder. This happened a few months ago when several crypto publications reported on Hosp’s past ties to an Austrian multi-level marketing scheme. However, before hearing evidence that Hoenisch was the DAO attacker, Hosp said his feeling was that Hoenisch might have pushed him out because he was jealous that Hoen sold bitcoin at the top of the bubble in late 2017, earning himself $20 million. Meanwhile, Toby Hoenisch has all his cryptocurrencies as a bubble — and his personal net worth — compressed.

“He comes from a very poor family, he has no investment experience, he was in the cryptocurrency industry in 2010, but actually he has no money, nothing , when we were in Las Vegas [in the summer of 2016], he had nothing, and my investment was doing well ... he was always going to fight for more salary, for better things." Hosp also Mentioned that Toby Hoenisch had to send money home to the mother who raised him, as well as to his sister and brother who were single parents.

As new blockchain applications emerge, encryption's first use—as an anonymity shield—is retreating.

After hearing that Toby Hoenisch was a possible DAO attacker, Hosp said he had "goosebumps" and began recalling details of his interactions with his former partner, Those details now seem to take on new meaning. For example, when asked if Toby Hoenisch liked Grin (the privacy coin that the hackers cashed out), Hosp said, "Yeah! Yes, he is. He's obsessed with it... I lost money because of those stupid coins." Money! I invested in them because of him, because they were so obsessed with him.” He said Toby Hoenisch was also obsessed with building a Bitcoin/Monero “atomic swap” — or a way of using smart contracts A method of swapping with the privacy coin Monero. At the time, Hosp was puzzled because he felt there was no market for such a product. Later, Hosp pulled up the chat logs from August 2016.

While trying to recall the events he believes prompted Toby Hoenisch to shut down Reddit, Hosp started searching on his computer and murmured, "He always Use tobyai." He confirms that one of Toby's regular email addresses ends in @toby.ai.

Recalls a still-shocked Hosp saying: "For some odd reason, he was very aware of what was going on... when I asked him what was going on At the time of the incident, he knew more about the DAO hacker...than I ever found out on the internet or anywhere."

The information provided in this article is for General Guidance and Information Purposes. The content of this article should not be considered investment, business, legal or tax advice under any circumstances. We accept no responsibility for individual decisions made based on this article and we strongly recommend that you do your own research before taking any action. While every effort has been made to ensure that all information presented here is accurate and up to date, omissions or errors may occur.