DAO Debacle Escalates: Attacker Counter-Attacks Ethereum Developers

The situation at The DAO is continuing to escalate.

The most visible distributed autonomous organization on the ethereum network, which once held $160m worth of the cryptocurrency ether, has now seen these funds dispersed to several different accounts.

Complicating matters is that the owners of some of these accounts are, at present, unknown.

The heightened uncertainty follows actions taken by a group of ethereum developers, who launched a "Robin Hood" effort to gain control of the funds yesterday. The effort was said to be aimed at safeguarding The DAO’s ether holdings following a new attack, a separate incident from the one that originally compromised investor holdings days before.

For the few who haven't been following, the ethereum developers yesterday successfully siphoned tens of millions of dollars worth of ether from The DAO and moved it into two new contracts utilizing the same exploit that resulted in the removal of roughly 3.6m ethers last Friday.

But now, someone behind one of those attacks has returned fire by taking advantage of the same aspects of The DAO's smart contract that allowed last week's attack.

Lefteris Karapetsas, technical lead for Slock.it, the Germany-based ethereum startup that spearheaded The DAO, said that the actors behind the actions are now in a position to launch a similar attack, using the same exploit that originally compromised The DAO.

Karapetsas said that attacker was able to obtain a stake in the two DAO sub-groups, known as child DAOs. He had previously proposed a counterattack that could be used as a stop-gap measure to disrupt the attacker.

Karapetsas told CoinDesk:

"Someone donated ether to The DAO with the sole purpose of having some balance inside The DAO so that he can join split 78, which is a whitehat DAO. He did not manage to get a lot but he has some tokens inside that DAO right now."

However, the creation phase of the child DAOs means that the attacker wouldn’t be able to perform the exploit until late next month.

This waiting period, Karapetsas said, would provide cover and time to come up with a fork of the ethereum network.

Slock.it founder and COO Stephan Tual told CoinDesk that much of The DAO's funds were moved in an effort including members of the Ethereum Foundation and Slock.it, among others, though he stressed that those groups were not playing an official role.

"70% of the funds are now under the direct control of a group of whitehats consisting of individuals from ethereum foundation, Slock.it, etc," he said.

But as it stands – and as today’s counter-move demonstrates – the inherent vulnerabilities in The DAO’s smart contract leaves the door open to future attacks. Each child DAO created is an effective copy of the original, bringing with it all of the flaws contained within. It’s because of this that some are pushing for a rule change in the ethereum network.

Proponents of that strategy say it would allow developers to freeze funds taken from The DAO, and thus secure funds until they can be recovered.

Opponents, on the other hand, argue that the move threatens the integrity of the ethereum blockchain and the project as a whole. Others have asserted that the drive to fork ethereum is driven by the self-interest of developers who have ownership stakes in the compromised funds as well as The DAO itself.

Image via Shutterstock