A $79 million cryptocurrency heist just happened, and it’s menacing the future of blockchains
The Decentralized Autonomous Organization (DAO) is a radical experiment in crowdsourced investing, and it raised over $150 million in ether, a cryptocurrency that’s beginning to rival bitcoin. The funds were stored at an address on the ethereum blockchain (the protocol underpinning ether) where they would sit until members of the DAO determined how they desired to spend these funds, by collectively voting on proposals put before them.
But about nine hours ago (from the time of publication on June 17), chunks of ether began getting transferred away from the DAO’s address. As recently as an hour ago, the transfers were still taking place. All told, during that period the DAO’s balance fell by Three.7 million ether, worth $79.6 million at the time. As the hack was discovered, however, the price of ether itself has plunged by 27%, from being worth $21.50 each to $15.59 at its lowest. The price of bitcoin has also fallen by about 6% this morning, putting the brakes on a white-hot bull run.
It’s no surprise that cryptocurrency markets are in a funk. Funds invested in the DAO represents more than 10% of all the ether in circulation (81.8 million ether are in circulation, worth about $1.7 billion before the hack). A massive hack on the DAO’s holdings would be harshly equivalent to a successful heist at a major financial institution. The hack was very first reported by Business Insider.
Coincidentally, there’s a pretty good fiat-currency analogy to the DAO hack. The Bangladesh central bank had $81 million stolen from it in an online heist in February, after the SWIFT messaging network, which connects the world’s major financial institutions, was exploited by attackers.
While the Bangladesh heist only came to light in March, as government officials began pointing fingers, the DAO theft can be observed in real-time. Here’s the DAO’s address on an ethereum blockchain explorer called Etherscan, and here’s the address to which the apparent hacker is transferring funds. You can see the inflow of DAO funds into the attacker’s wallet on this list. The last transfer, for two hundred fifty eight ether, took place about ninety minutes ago.
Cryptocurrency heists happen fairly regularly. Most famously, Mt. Gox, once the thickest bitcoin exchange in the world, witnessed hundreds of millions of dollars worth of bitcoin vanish, leading to its collapse in 2014. But the DAO hack is significant for its size, and the fact that it has shaken the markets’ confidence in the security of the fundamental implements used to build on the ethereum protocol, which Wall Street sees as the blockchain’s “killer app” for its potential to automate routine contracts. While the code governing the ethereum blockchain doesn’t show up to have been compromised, the fact remains that the defenses of one of its largest pool of funds was breached.
It’s not presently clear how the DAO’s funds were accessed. The DAO community is congregating on its message board, and in a Slack group, to attempt to response that question. “Well I think the DAO is now finished,” wrote one poster in the emergency thread created to marshall defenses against the attack.
Others aren’t so sure. Stephan Tual, a co-founder of a startup called Slock.it, which helped create the DAO, says there’s one way to fix the problem and boost the ethereum economy’s robustness. Ethereum’s miners, who determine what transactions form the cryptocurrency’s permanent record, can collectively agree to do a “rollback”, rewinding the ethereum blockchain to some point before the hack happened. The transactions for the stolen funds would effectively be nullified and wiped from the record. “It shows the community can work together for the benefit of the common good,” says Tual.
This isn’t as crazy as it sounds. Bitcoin miners have performed at least one rollback, in 2010, to fix a technical glitch. But bitcoin was trading for pennies then, a far sob from the $11.Five billion-worth of bitcoin in circulation today. Ether at current prices is already worth serious money. All the ether in circulation today is valued at around $1.Three billion, at current prices.
Another question is whether a rollback riskily undermines a cryptocurrency designed to be decentralized and beyond the control of any single party or group. Tual has an argument against that too. “You need to compare this to a central server of a bank, where they can just switch numbers without anyone being aware,” he says. “In this case, it’s totally different. If all the miners come together and [do a rollback], it’s a community act. And it’s semitransparent, totally see-through.”