In a bid to thwart the latest exploitation of The DAO’s smart contract code, developer Alex Van de Sande, lead designer for the Ethereum Foundation announced on Twitter that the Ethereum development community were moving funds away from The DAO after reports on social media highlighted that funds were being drained from contracts on the network.
It was only a few days ago that news broke that millions of dollars worth of ether were taken from contracts on The DAO, sparking a heated debate as to what best action the owners of Ethereum can take.
Now, it seems as though the network is at the mercy of hackers again with reports emerging of a new alleged attack.
Proposal 59, Child DAO and Robin Hood group
In the first hack, this interactive command chain chart below highlights that Proposal 59 was the one that was hacked and the Child DAO resulting from it was where the ether went.
Taking to social media, Van de Sande stated that since Friday he has been in contact with a group of people, known as ‘Robin Hood’, intent on replicating the attack to prevent anymore siphoning of ether.
“After some initial setbacks the group was able to infiltrate all open split proposals trying to identify the best one to execute,” he said. “The best candidate proposal ended up being number 78 because it didn’t have many stalkers and we had identified the curator.”
He went on to state that they currently only control three of the five accounts that split with them and that if anyone has information on who the other accounts are to get into contact so the funds can be protected.
Outpacing the attacker
While opinion on whether to fork or not was a divided issue within the Robin Hood group many were cagey about doing the white hat counter-attack simply because they believed it could be devastating for the recovery efforts on past hacks.
After detecting that a new attack was taking place, the group's hands were forced seeing them go forwards with the attack. While the attack was slow to begin with, after Van de Sande donated 100k DAO tokens the attacker subsequently picked up pace with more attackers joining in.
“Some of the most efficient hackers were able to do up to 30 recursions with up to 200 ether moved in each. It became clear that if we didn’t do anything the DAO would be drained before anything could have been done.”
After the Robin Hood team touched base with some contacts known as ‘whales’, they were able to secure six million DAO tokens, enabling them to outpace the attacker.
The address used by the Ethereum developers in the Child DAO Robin Hood attack can be found here where it has amassed over seven million ethers, worth over $100m.
Funds from The DAO have also been sent here, but it’s unclear whether it’s involved with the alleged attack or with the Ethereum developer efforts where over $160k worth of ether has been collected.
Additionally, a third address here from The DAO funds has amassed just under $4 million.
Over seven million ethers from the DAO are now being held in the Child DAO with the Robin Hood team holding the private keys of the curator; however, while they have reduced the risk from twenty thousand attackers down to two, they still need to identify those remaining two.
DAO is now mostly empty. 7.2M ether have been secured so far. The community needs to help by identifying the rest. https://t.co/Ju26mD7fOG— alex van de sande (@avsa) June 21, 2016
However, Van de Sande is hopeful for a refund contract. He says:
“As soon as that DAO matures, we will try to move all the funds in a refund contract that will be much simpler than The DAO was. Of course we still need to be very careful with that code and to analyze it for any possible exploit.”
While there is still a lot of unaccounted ether on the main attacker DAO and copycat attacks, Van de Sande is adamant when he says that “most of the ether is now more secure…which will allow The DAO itself to buy tokens into the bad splits and attack them to recover or block the ether.”
The light at the end of the tunnel may be getting closer, but the debate surrounding The DAO is far from over.