[2016-06-18] BS: A hacking of over $50 mn in the world of virtual currency

[polynesia]

A hacking of over $50 mn in the world of virtual currency

http://www.business-standard.com/article/international/a-hacking-of-over-50-mn-in-the-world-of-virtual-currency-116061800707_1.html

A hacker on Friday siphoned more than $50 million of digital money away from an experimental virtual currency project that had been billed as the most successful crowdfunding venture ever - taking with him not just a third of the venture's money but also the hopes and dreams of thousands of participants who wanted to prove the safety and security of digital currency.

The attack most likely puts an end to the project, known as the Decentralized Autonomous Organization, which had raised $160 million in the form of Ether, an alternative to the digital currency Bitcoin. While the computer scientists involved in the project are aiming to tweak the code that underpins Ether in a way that will recover the money, the theft is nevertheless prompting a bigger debate about the viability and principles of virtual currencies like Bitcoin and Ether.

[skang]

FUD

1. Its not a hack,
- she played by the written rules.

2. Participats didn't want to prove safety & security of digital currency by participating in theDAO
- lol, DAO is not even a currency, leave alone a blockchain

3. the theft is prompting no debate in bitcoin space
- bitcoin devs may not the most intelligent people on earth but certainly aren't stupid either.. who ignores known vulnerabilities!? lol

[I did not read the article]

[dashingriddler]

FUD

1. Its not a hack,
- she played by the written rules.

2. Participats didn't want to prove safety & security of digital currency by participating in theDAO
- lol, DAO is not even a currency, leave alone a blockchain

3. the theft is prompting no debate in bitcoin space
- bitcoin devs may not the most intelligent people on earth but certainly aren't stupid either.. who ignores known vulnerabilities!? lol

[I did not read the article]

These are too much for the media person to understand.

None of the articles talk about why the attacker stopped at 1/3rd of the pool. There was still a lot of unlocked ether in that DAO address which did not get touched. Does anyone know the reason?

[manav1112]

FUD

1. Its not a hack,
- she played by the written rules.

2. Participats didn't want to prove safety & security of digital currency by participating in theDAO
- lol, DAO is not even a currency, leave alone a blockchain

3. the theft is prompting no debate in bitcoin space
- bitcoin devs may not the most intelligent people on earth but certainly aren't stupid either.. who ignores known vulnerabilities!? lol

[I did not read the article]

These are too much for the media person to understand.

None of the articles talk about why the attacker stopped at 1/3rd of the pool. There was still a lot of unlocked ether in that DAO address which did not get touched. Does anyone know the reason?

That is a great point to question actually

[skang]

Because the attacker would make money by shorting eth prior to the attack...not by actually selling the obtained eth since all eyes would be on it..

Anyways, most of the hackers do it just because they can... to prove that the system can be penetrated... curiosity...

[dashingriddler]

Because the attacker would make money by shorting eth prior to the attack...not by actually selling the obtained eth since all eyes would be on it..

Anyways, most of the hackers do it just because they can... to prove that the system can be penetrated... curiosity...

Shorting millions of ether is not that easy to do over few hours and would mean he is the attacker. Unlikely as this could also expose him.

[CounterEntropy]

None of the articles talk about why the attacker stopped at 1/3rd of the pool. There was still a lot of unlocked ether in that DAO address which did not get touched. Does anyone know the reason?

Source: https://twitter.com/TuurDemeester/status/744269347535749120

[polynesia]

Because the attacker would make money by shorting eth prior to the attack...not by actually selling the obtained eth since all eyes would be on it..

Anyways, most of the hackers do it just because they can... to prove that the system can be penetrated... curiosity...

Shorting millions of ether is not that easy to do over few hours and would mean he is the attacker. Unlikely as this could also expose him.

If he/she does short, then he may be guilty of another crime - insider trading. 
It reminds me of drug mafia getting indicted for tax evasion. 

[skang]

Because the attacker would make money by shorting eth prior to the attack...not by actually selling the obtained eth since all eyes would be on it..

Anyways, most of the hackers do it just because they can... to prove that the system can be penetrated... curiosity...

Shorting millions of ether is not that easy to do over few hours and would mean he is the attacker. Unlikely as this could also expose him.

A $3M Ethereum short occurred on Bitfinex just moments before the attack; some claim this short closed with almost $1M USD of profit.

She did not have to do it over few hours. This exploit takes a long time in making.. you have to propose a split and wait for the voting period to expire..then you recursively call the split function after theDAO sends you money but before it updates your balance.. (I was able to code the exploit yesterday, pretty basic..let me know if anyone wants).. Hence this attack could have been more than a month in making..and atleast a week..

[dashingriddler]

Because the attacker would make money by shorting eth prior to the attack...not by actually selling the obtained eth since all eyes would be on it..

Anyways, most of the hackers do it just because they can... to prove that the system can be penetrated... curiosity...

Shorting millions of ether is not that easy to do over few hours and would mean he is the attacker. Unlikely as this could also expose him.

A $3M Ethereum short occurred on Bitfinex just moments before the attack; some claim this short closed with almost $1M USD of profit.

She did not have to do it over few hours. This exploit takes a long time in making.. you have to propose a split and wait for the voting period to expire..then you recursively call the split function after theDAO sends you money but before it updates your balance.. (I was able to code the exploit yesterday, pretty basic..let me know if anyone wants).. Hence this attack could have been more than a month in making..and atleast a week..

The volume is of $60M but that is still a lot of money considering knowing that the attack may not be successful.

Sure you can put on pastebin and share the link. Would like to look at the code.