In the crypto world it is our daily bread to read about millionaire thefts of cryptocurrencies or NFTs, large-scale hacks, wallets emptied due to security flaws, and stop counting. However, in 2016 there was a particularly shocking robbery due to its magnitude and the fact that to date the culprit has not been caught.
This is the case of The DAO, a theft of more than 3.6 million ether, which at the current value of the cryptocurrency is equivalent to 11,000 million dollars. Back then it was “only” 50 million, and the mystery of how someone was able to take the money without anyone noticing now seems to have an answer.
Who took my crypto cheese
Ethereum is currently the second largest cryptocurrency network, behind only bitcoin. A single ether (ETH) has a current value of more than 2,300 euros according to Coinmarketcap, and the total capitalization of all the ether in circulation is equivalent to more than 300 billion euros.
Stolen 3,641,694 ether in 2016 turned out to be the biggest heist in cryptocurrency history, and now writer and blockchain tech expert Laura Shin says she’s found the culprit.
Shin has published a book today, and as she was writing it, she and her sources believe they have identified the biggest Ethereum thief in history. Shin explains in an article for Forbes, how by following a complicated trail of cryptographic transactions and using a privacy breach forensic tool, they believe they have identified the culprit as Toby Hoenisch, a 36-year-old programmer best known for being the CEO and founder of TenX, a cryptocurrency platform that offers wallets, unsuccessfully attempted to build a crypto debit card in 2017.
Most NFTs are not worth a dime (at least for now): science says so
Hoenisch denies the accusations, and in fact offered to provide evidence to Shin to refute everything they had found against her, but never responded with it. Shin claims to have contacted her four more times to verify facts with him, but she never replied, in addition to this, after receiving her emails, Hoenisch deleted almost all of her Twitter history.
Some of Shin’s incredibly complicated findings include multiple transactions across different wallets, and trading bitcoins for “private” coins like Grin through various Bitcoin Lightning nodes ending in “toby .ai” (Hoenisch used the username @tobyai on AngelList, Betalist, GitHub, Keybase, LinkedIn, Medium, Pinterest, Reddit, StackOverflow, and Twitter).
These transactions could also be traced to IPs hosted on Amazon Singapore (where Hoenisch lived) and that had the name of TenX (Hoenisch’s company).
The theft that was the fault of a programming error
One of the most interesting parts of this story is how the robbery in question happened. ‘The DAO’, the victim, is an organization created by a group of developers to function as a “decentralized autonomous organization” or DAO based on Ethereum.
The DAO created a Smart Contract that is nothing more than the code necessary for financial transactions with Ethereum that are executed on the blockchain. After it was deployed, 11,000 anonymous users joined it by putting their money into ‘The DAO’ as long-term savings or investment.
It turns out that the code of ‘The DAO’ had a bug that allowed ether to be extracted without permission from others that neither its creators had been aware of. In an anonymous letter published at the time by “The Attacker”, he said that it wasn’t really a theft because he simply used the code from The DAO’s own smart contract, and “the code was the law”.
How Ethereum is disputing the role of safest cryptocurrency on blockchain to Bitcoin
Since Hoenisch has not wanted to talk to Laura Shin, she dares to speculate about her reasons. One theory she has is that after having identified the technical vulnerabilities in The DAO and not being taken seriously enough by its creators, Hoenisch would have chosen to commit the attack.
Hoenisch went on to write multiple posts on Medium foreshadowing the main problem with The DAO and its security. Two weeks later, the robbery happened. Hoenisch also trolled Ethereum creator Vitalik Buterin by retweeting something Buterin had said before the DAO was attacked, but after it was known that the vulnerability used in the attack was evident in the DAO’s code.
To many in the crypto world at the time or even to Hoenisch’s former partner at TenX, Julian Hosp, that Hoenisch was responsible is entirely plausible. Hosp says he remembers that “For some strange reason, [Hoenisch] was pretty aware of what was going on… He understood more about the DAO hack when I asked him what had happened… than what he had found on the internet or on the internet.” anywhere else.”