One day after $53 million abruptly disappeared from an experimental cryptocurrency project, a note claiming to be from the attacker has surfaced on PasteBin, claiming that the money drained from the system is now legally his. The attacker withdrew the money by exploiting a contract bug in the code of the DAO (or Decentralized Autonomous Organization), a collective investment fund that uses the Ethereum cryptocurrency. The DAO had raised well over $100 million from Ethereum users at the time of the attack.
"I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether," the note reads. "I... have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward," the note reads. "I am disappointed by those who are characterizing the use of this intentional feature as ‘theft.’" The note also threatens legal action against any who attempt to reclaim the money through technical means.
The note concludes with an identifying signature and hash, but a number of experts have questioned their validity. Reached by The Verge, the Ethereum project's Nick Johnson said the signature doesn't appear to be valid:
ECDSA signatures of the sort used by Ethereum are 65 bytes (130 hexadecimal digits) long, and end with '00' or '01'. The number at the end of his message is the right length, but ends with '20', making it an invalid signature.
If the attacker wrote the message, there would be no reason for him not to provide a valid signature. If the message were written by an impostor, on the other hand, they'd be unable to generate a valid signature, and would have reason to make their message more convincing by adding a fraudulent one.
For that reason, I'm certain that the message is a fraud, written by someone who wants to stir up trouble in the community.
If valid, the note would significantly complicate the ongoing efforts to recover the money. At the moment, all funds taken from the DAO are stuck in a holding account as a result of a clause in the DAO contract, and must remain there for the next 26 days. A number of Ethereum leaders have been making efforts to get it back, including a proposed change to the Ethereum code that would make those coins effectively unspendable. If enough of the community accepts the change, it could prevent the money from slipping away.
Still, the legal reasoning in the note isn't entirely unprecedented. The DAO is structured like a legal contract, and while the attack certainly wasn’t an intended use of that contract, it proceeded according to the contract’s pre-established rules. Cornell cryptographer Emin Gün Sirer wrote yesterday that draining the funds may not even qualify as a hack.
"Had the attacker lost money by mistake," Sirer wrote, "I am sure the devs would have had no difficulty appropriating his funds and saying ‘this is what happens in the brave new world of programmatic money flows.’ When he instead emptied out coins from The DAO, the only consistent response is to call it a job well done."
Updated 1:40PM ET: Updated with Nick Johnson statement questioning the validity of the note.