DAO system collapse incident escalates: attacker strikes back at Ethereum developers

Rage Comment : After the DAO, a representative project of decentralized autonomous organizations, received $160 million in ether, it was attacked by hackers and suffered heavy losses. Although Ethereum launched a "white hat hacker" to fight back and disperse the DAO funds to other accounts, it was further counterattacked by hackers using the same method as before. Therefore, some people said that the existing Ethereum rules must be changed and a fork must be made to prevent future attacks, but this has caused people to worry about the integrity of Ethereum. At present, these measures are only stopgap measures, but how to do it specifically still requires Ethereum to consider carefully.

Translation: Annie_Xu

The DAO incident continues to escalate.

The most well-known distributed autonomous organization on the Ethereum network, which once held $160 million in ether, has dispersed all funds into various accounts.

To make matters more confusing, the owners of some of the accounts are unknown.

In order to regain control of the funds, a group of Ethereum developers released "Robin Hood" on the 21st of this month, but it added more uncertainty. It is said that their purpose is to protect the Ethereum of the DAO, the target of the attack.

On the 21st, Ethereum developers successfully transferred tens of millions of dollars worth of Ether from the DAO to two new contracts, using the same method used to steal 3.6 million Ether previously.

But the attackers struck back again by exploiting the DAO smart contract.

Lefteris Karapetsas, technical director at German startup Slock.it, which is behind the DAO project, said the attackers could launch a similar attack again, using the same tactics as the previous one against the DAO.

Lefteris Karapetsas

The attacker could gain the rights to a child DAO, a subsystem of the DAO, and he had previously proposed a stopgap measure to destroy the attacker.

“Someone donated some ether to the DAO in the hope that he would have a stake in the DAO so that he could participate in a white hat DAO called ‘split 78’. He didn’t get much, but he now has some tokens in the DAO.”

However, the creation phase of the DAO subsystem means that attackers will not have the opportunity to exploit the vulnerability again until the end of next month.

Karapetsas said that in the meantime, the DAO system will be protected until the ethereum network forks.

Stephan Tual

Slock.it founder and COO Stephan Tual said Slock.it and members of the Ethereum Foundation participated in the transfer of DAO funds in an unofficial capacity.

"A white hat team consisting of members of Slock.it and the Ethereum Foundation directly controls 70% of DAO funds."

But the hacker’s counterattack shows that the inherent vulnerabilities of the DAO smart contract have created conditions for future attacks. Each DAO subsystem is a valid copy of the original system, and therefore carries the original system’s flaws. This is why some people want to change the rules of the Ethereum network.

Proponents of the strategy argue that it would allow developers to freeze the DAO’s decentralized funds, thereby protecting them until the system is restored.

Opponents argue that it threatens the integrity of the Ethereum blockchain and the overall project. Others assert that the fork of Ethereum is driven by the self-interest of some developers because they own the DAO and some of the investment rights.