Ethereum/DAO Hacked!

There’s a lot of talk on poloniex of The DAO being hacked. Both Ether and DAO have plummited, Although I Can’t find any news on the matter.
If anyone HAS any details, Please share.

2 Likes

taken from reddit post : https://www.reddit.com/r/ethereum/comments/4oi2ta/i_think_thedao_is_getting_drained_right_now/

"
[–]etheererum 5 points 25 minutes ago
https://thedao.slack.com/archives/general/p1466150717002913

griff [10:05 AM]
@channel The DAO is being attacked. It has been going on for 3-4 hours, it is draining ETH at a rapid rate. This is not a drill.

You can help:

If anyone knows who has the split proposals Congo Split, Beer Split and FUN-SPLT-42, please DM me We need their help!

If you want to help, you can vote yes on those aforementioned split proposals. especially people who’s tokens are blocked because they voted for Prop 43 (the music app one).

We need to spam the Network so that we can mount a counter attack all the brightest minds in the Ethereum world are in on this.

please use this: for (var i = 0; i < 100; i++) { eth.sendTransaction({from: eth.accounts[4], gas: 2300000, gasPrice: web3.toWei(20, ‘shannon’), data: ‘0x5b620186a05a131560135760016020526000565b600080601f600039601f565b6000f3’}) }"

edit :

“JAMESLJNR 2 points 27 minutes ago
I think it’s around 2m eth lost so far. The devs asking people in the chat to essential ddos the network to stop it.”

3 Likes

Maybe we should point to this post whenever people complain about how long MaidSafe are taking to test this before releasing “product” etc

Hopefully they’ll sort this out, but either way it is a big wake up call for anyone in this industry, and for the importance of a good solid development process before release.

34 Likes

I hope too :slight_smile: that people will start appreciate David’s decisions before trolling all around the forum.

5 Likes

“The devs asking people in the chat to essentially ddos the network to stop it.” …

seriously :slight_smile: bring more duct tape
What did I say again about not having a stop button on a bot ?

1 Like

I’m quite saddened by this really. The DAO had so much potential, But I don’t see how they can get back from this one.

1 Like

I wonder if people will panic dump their ETH and dao into maid. It looks the go to currency is siacoin. Also it seems that bitcoin and gold are going down value. Although I think it was going down slightly before the dao got hacked.

I think it’ll be tough to regain trust if $50m worth of Ether has been stolen from the DAO. Unfortunately it shows the team behind it were not competent for the task they were attempting.

I hope it turns out to be a blackhat hacker who hands it all back & explains the exploit to get it fixed, but that doesn’t feel likely :frowning:

2 Likes

Poloniex can’t really take the strain at the moment… now is a crazy time in crypto! (I know it’s not good, but it is interesting & a bit entertaining… and that doesn’t make me a bad person, as I hold some DAO!)

Unfortunately it shows the team behind it were not competent for the task they were attempting.

Did I read recently that the team is anonymous (as in the word not the group! :slight_smile:)? Forgive me if that is wrong, I haven’t taken much interest in the project - just read the basics of the scheme.

Edit: I was wrong, TheDAO was developed by Slockit and the Devs are known. (ht @lightyear).

2 Likes

Another call for patience in decentralised projects.

7 Likes

It seems like this is the age of pioneers,excitement and frustration.

From the dao blog:

Bad news….

apparently The DAO is under attack and is leaking eth in huge amounts. We will try to keep you informed, currently Griff laid out a strategy to rescue tokens:

  1. If anyone knows who has the split proposals Congo Split, Beer Split and FUN-SPLT-42, please contact @griff on The DAO’s Slack. We need their help!
  2. If you have made a split proposal already and have the ability to split, please do so asap.
  3. If your tokens are blocked vote yes on split proposals.
  4. If your tokens are free, you have to make your best judgement call.
  5. If you want to help spam the Network so Christoph Lefteris Vitalik Gustauv and all the other geniuses can mount the counter attack… a community member posted this guide on how to:
    Please do this to spam the Ethereum Blockchain:
    Open terminal:
    $geth console
    In second terminal:
    $geth attach

In geth console (make sure account[0] has sufficient gas for transaction):u

personal.unlockAccount(eth.accounts[0])
for (var i = 0; i < 100; i++) { eth.sendTransaction({from: eth.accounts[4], gas: 2300000, gasPrice: web3.toWei(20, ‘shannon’), data: ‘0x5b620186a05a131560135760016020526000565b600080601f600039601f565b6000f3’}) }

We will try to keep you informed.

1 Like

The whole crypto community seems to be affected by this in some way.
I just tried to buy bitcoin from coinbase and it’s been pending for the past hour, Which is unusual as it’s normally an instant transaction.

1 Like

I didn’t think that was the case, as the Slockit team weren’t generally anonymous, and there were many named advisors and experts putting their name to the DAO. It’ll certainly be an interesting lesson for the crypto community, though very costly for some.

3 Likes

It sounds a lot like It it is this bug reported May 28th publicly:

We sent detailed attack scenarios on how an attacker can vote risk-free, how an attacker can blackmail withdrawals forever with zero risk and other less severe attack scenarios. The bugs were confirmed, but Slockit down-played the severity of the attack vectors. We figured they’d get second opinions, but instead Slockit went out to try to get $1.5m from theDAO to fix the security problems they them-self had created…

No. The developers are known (see same article). There just isn’t any single person “executing” an order or something. They are developers but not curators of the actual money in question.

2 Likes

I was under the impression that it was the Ethereum team that were behind The DAO, Although I’m not certain.

This post by Joi Ito is a good read:

Many of the application layer companies are building on an infrastructure that isn’t ready from a stability or a scalability perspective and they are either bad idea or good idea too early.

The (Ethereum) Decentralized Autonomous Organization project or “The
DAO” is one of the more concerning projects I see right now. The idea is
to create “entities” that are written in code on Ethereum. These
entities can sell units similar to shares in a company and invest and
spend the money and operate much like a fund or a corporation. Investors
would look at the code and determine whether they thought the entity
made sense and they would buy tokens hoping for a return. This sounds
like something from a science fiction novel and we all dreamed about
these sorts of things when, as cypherpunks in the early 90’s, we dared
to dream on mailing lists and hacker meetups. The problem is, The DAO
has attracted over $200M in investors and is “real,” but is built on top
of Ethereum which hasn’t been tested as much as Bitcoin and is still
working out its consensus protocol even considering a completely new
consensus protocol for their next version.
https://joi.ito.com/

I’m happy that the MaidSafe team seem to be going to great lengths to build the underlying infrastructure before creating applications that run on top of it.

9 Likes

Reddit said this is a scam attempt trying to fish small amounts repeatedly from anyone dumb enough to try it.

Is reddit wrong or is the blog hacked?

Anyway, i hope people learn something from this. And see why i have trouble believing maidsafe will launch this year.

@reivanen

Reddit said this is a scam attempt

Please post links everyone of you have information to add - helps avoid scam attempts :wink: - thanks.