The identity of The DAO hacker finally revealed? This is what Laura Shin, a journalist specialising in the world of blockchain, promises after several years of investigation alongside Chainalysis. The opportunity to come back on this event that could have changed the history of the famous Ethereum blockchain (ETH).
A name on the DAO hacker
The truth may finally be out about the origin of “The DAO” hack, which could well have brought the second largest blockchain in the entire ecosystem, Ethereum (ETH), to its knees.
Journalist and author Laura Shin, who specialises in the world of blockchain, led a lengthy investigation alongside data analytics company Chainalysis to track down the person who is believed to be responsible for this dark chapter in Ethereum’s history.
EXCLUSIVE:
With the publication of my book today, I can finally announce: in the course of writing my book, my sources and I believe we uncovered the identity of the Ethereum’s 2016 DAO hacker.– Laura Shin (@laurashin) February 22, 2022
According to this investigation, the culprit appears to be Toby Hoenisch, a 36-year-old man who grew up in Australia and was living in Singapore at the time of the hack.
However, the man is not unknown to the general public. Indeed, he is one of the co-founders of TenX, a project that managed to raise $80 million to develop a credit card service dedicated to cryptocurrencies. It never got beyond the project stage as it was eventually abandoned.
In order to find out more, the journalist contacted Toby Hoenisch to share her investigations, to which he reportedly simply replied, “Your statement and conclusion are factually incorrect. “
Review of the event
Let’s go back to 2016: a smart contract by the name of “The DAO” was attracting all the attention at the time, when the world of blockchain was (very) far from being as vast and varied as it is today. In concrete terms, ‘The DAO’ was a fundraiser open to the general public and hosted on the Ethereum blockchain, during which participants were given governance tokens to decide the future of the projects listed there.
Slock.it, the company behind the idea, expected The DAO to raise around $5 million, far from imagining the success that awaited it.
Everything went quickly: the public sale started on 30 April and raised $9 million in just 48 hours. Within a month, The DAO had 15% of all the Ether available on the market. On 17 June, the Ether printed a price of $21.52, bringing the value of The DAO to $249.6 million.
But joy soon gave way to dismay. The team behind The DAO began to realise that Ether was being drained bit by bit on the same day. Within hours, 31% of the Ether had already been stolen, and the price of the cryptocurrency had dropped by 33%.
A decision had to be made quickly to avoid disaster, and that’s when Ethereum experienced its now famous first hard fork under the name “DAO Fork”, becoming the blockchain we know today.
A few months later, the attacker turned his ETCs (the name of the ETH on Ethereum Classic following the hard fork) into Bitcoins (BTC) on the ShapeShift exchange, and that was that.
New clarifications
6 years later, we learn from this investigation that Chainalysis has reportedly developed a tool to track cryptocurrencies that have gone through blending solutions.
Today, many hackers use this tool through different platforms such as Tornado Cash, which was notably used in the Meter bridge hack earlier this month. These protocols make it possible to “mix” the different funds deposited on them in order to make them untraceable, which therefore allows hackers to retain a certain anonymity.
Thanks to this tool developed by Chainalysis, the journalist was able to see that the attacker had used Wasabi Wallet, a wallet using this method, to store his BTC on four different addresses.
The hacker then used the different wallets to transform his BTC into GRIN tokens via a Grin node with the address “grin.toby.ai”.
Little by little, it would have been possible for Laura Shin to trace the addresses of the nodes used, which always ended in “.ai”. Worse still: one of the addresses was directly associated with the company TenX.
But that’s not all. According to Laura Shin, Toby Hoenisch used the handle “@tobyai” on numerous social networks, including Twitter and Reddit, and even his e-mail address had the same ending. He also used this same address to communicate with a Slock.it employee to tell him about the flaws he had found in The DAO’s system some time before the attack.
It remains to be seen whether a new investigation will be carried out by the authorities following the appearance of these new and rather disturbing elements and now that the person responsible seems to have been clearly identified.
