Article Lead Image

Illustration via Wikimedia

Hackers have stolen $60 million and counting from Bitcoin’s ‘unhackable’ competitor

It's not over yet.

 

Patrick Howell O'Neill

Tech

Posted on Jun 17, 2016   Updated on May 26, 2021, 2:29 pm CDT

Over $60 million worth of the virtual currency Ether, Bitcoin‘s largest competitor, has been stolen in a hack that’s still ongoing as of Friday morning.

Meanwhile, the price of Bitcoin surged 70 percent this week and over 200 percent on the year, making it one of the currency’s best years ever.

Introduced in July 2015, the Ethereum protocol and its crytocurrency, Ether, blew past $1 billion in May 2016, a rapid rate of growth that the inspired co-founder of Coinbase, Fred Ehrsam, to say Ethereum could “blow past Bitcoin entirely.” 

A new virtual gold rush is underway,” Nathaniel Popper wrote in the New York Times. Corporate giants called it Bitcoin 2.0.

Now, in the midst of this massive and so far successful heist against one of Ethereum’s most popular applications, the currency’s future course is in question. Previous criticisms from Bitcoin advocates over Ethereum’s security problems and lack of testing are looking increasingly prescient.

The price of the currency fell significantly until Ethereum co-founder Vitalik Buterin asked currency exchanges, where people can buy and sell Ethers, to immediately pause transactions.

The target of the attack is the Decentralized Autonomous Organization (DAO), a platform built on top of Ethereum meant to innovate over Bitcoin’s much-talked about blockchain, the open ledger of cryptocurrency transactions at the core of many of Bitcoin’s innovations. 

The Ethereum code and network itself has not been hacked.

The DAO, which was worth well over $100 million prior to this attack, is essentially open-source code meant to transparently hold money and create binding financial agreements independent of human oversight. Media called the application nearly unhackable.

The DAO, rather than Ethereum itself, is exactly what’s being attacked and stolen from right now by unknown hackers. 

Griff Green, spokesman for Slock.it, the creators of the Dao, stated on the DAO Slack channel, according to Crypto Coin News:

“The DAO is being attacked,” Green said toward the beginning of the attack. “It has been going on for 3-4 hours, it is draining ETH at a rapid rate. This is not a drill.”

Observers can watch the hack in progress from one key perspective: The attacker’s Ether wallet is open for all to see as funds are siphoned in. Money is still piling up. However, at the time of publication, nothing has been cashed out.

The exploit used to hack the DAO was publicly disclosed a week ago.

 “Your smart contract is probably vulnerable to being emptied if you keep track of any sort of user balances and were not very, very careful,” cryptocurrency expert Peter Vessenes wrote on his website.

“An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO,” George Hallam of the Ethereum Foundation explained on Reddit. “The attack is a recursive calling vulnerability, where an attacker called the ‘split’ function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.”

Significant tension exists now about how to address the heist, especially because it is the DAO and not Ethereum itself that’s been hit. A lively debate has sprung forth about the options of “rolling back” the currency or altering the code in what’s being dubbed a “too big to fail political fork” of the software.

The immediate and obvious comparison is to the enormous heist that hit Bitcoin’s Mt. Gox exchange in 2013, earning the hackers bitcoins worth $450 million then and $640 million today.

That heist, which remains murky to this day, was a heavy black eye for Bitcoin, but one that it ultimately survived.

Share this article
*First Published: Jun 17, 2016, 11:39 am CDT