Journalist Reveals How She Identified 2016 DAO Hacker Who Stole 3.6 Million ETH

American crypto journalist Laura Shin, backed by research from blockchain surveillance firm Chainalysis, claims to know the identity of the hacker who drained millions of dollars’ worth of ETH from The DAO in June 2016.

Shin accuses Austrian programmer and former TenX CEO Toby Hoenisch of masterminding the US$60 million hack that precipitated the loss of 3.6 million ETH, worth close to US$10 billion on today’s exchange rate.

Hoenisch Denies the Allegations

Hoenisch has already denied Shin’s allegations, reportedly telling the former Forbes senior editor that her “statement and conclusion [are] factually inaccurate”.

The DAO was one of the world’s first decentralised autonomous organisations, serving as an open-source venture fund platform for crypto projects. It had raised 12.7 million ETH, worth around US$150 million at the time, from crowdfunding.

Advertisement

When it was hacked in 2016, nearly a third of The DAO’s funds were drained. Shin and Chainalysis tracked the movement of the stolen funds, which she says led her to Hoenisch.

“We identify the apparent hacker – he denies it – by following a complicated trail of crypto transactions and using a previously undisclosed privacy-cracking forensics tool,” Shin writes, revealing the tool as having been supplied by Chainalysis.

How the Hack Was Engineered

Shin says that whoever hacked The DAO swapped the stolen ETH for BTC and then sent the latter to a Wasabi wallet, which was used to scramble BTC transactions in a process called “mixing”. But Chainalysis was able to “de-mix” the transactions and trace them to four different exchanges.

Evidence revealed someone had exchanged the BTC for the privacy coin Grin, which was withdrawn to a non-custodial Grin node called “grin.toby.ai”. The name “toby.ai” had been used by Hoenisch on various social media accounts and was one of his email addresses, Shin wrote. The IP address hosting that node also hosted another node called “TenX” – the name of Hoenisch’s former company.

According to Shin, Hoenisch was aware of The DAO’s code and had written blog posts warning of potential hacks. Shin breaks down the 2016 exploit in forensic detail in her new book, The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze, published this week.

In December, BadgerDAO became the latest DeFi protocol to be hit by hackers, who siphoned US$120 million worth of cryptocurrencies.

Phil Stafford
Author

Phil Stafford

Phil is a long-standing Australian journalist with specialised experience in business, finance, travel and popular culture.

You may also like