Skip to main content

Time is running out to stop a $53 million cryptocurrency heist

Time is running out to stop a $53 million cryptocurrency heist


Developers are starting over with just two weeks left

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Secure Laptop Hacking Story

On June 17, someone stole $53 million from the DAO, an experimental investment bank built in the Ethereum cryptocurrency system — and the developers have spent the last two weeks trying to get it back.

The DAO’s withdrawal system froze the money for 27 days, and rather than let the money slip away permanently, Ethereum's coders have decided to stop the theft by changing the basic code that the currency runs on. But making those changes is delicate and complex — and if nothing changes before July 14th, the money will be lost permanently, and the theft will be complete.

The result has been one of the most urgent coding challenges a cryptocurrency has faced so far. At the beginning of this week, it seemed as if Ethereum would clear it easily. Miners were scheduled to approve new code on today, and as of Monday, it looked like the proposed change would easily pass, saving the money with weeks to spare.

Then, the plan fell apart.

Developers had proposed a backwards-compatible change to the Ethereum code (a so-called "soft fork") that would make the stolen money unspendable. The update would make it impossible for miners to approve any transaction involving the stolen money, so even if the thief tried to withdraw his stolen funds, that withdrawal would never make it into the blockchain. It wouldn’t restore all the stolen funds, but it would at least stop the theft in its tracks.

"I’m rooting for these guys, but it’s been a tough week."

But two days before the vote, Cornell cryptographer Emin Gün Sirer found a nasty bug in the soft fork. The proposed change would void any contracts involving the stolen funds, Sirer wrote in a post, but the mechanism for doing so enabled an unexpected kind of denial-of-service attack. Under the soft fork, an attacker could fill up the blockchain with bogus contracts without incurring any costs, since invoking the stolen DAO funds would invalidate any contract halfway through.

Sirer imagined disgruntled attackers who "might short ETH and launch a DoS attack to profit off of the impending drop in the coin’s value… Because the attack currently has no cost, it is quite possible for these groups to launch it."

The soft fork was already controversial for political reasons — with some characterizing it as centralized censorship — but in the wake of Sirer’s post, support for the soft fork plummeted. The current miner vote shows little support, and today’s vote is expected to overwhelmingly reject the change.

But while the soft fork is out, it’s unclear what might take its place. As Bitcoin entrepreneur Andreas Antonoopolous put it in a recent video, "we’re back to, ‘okay, what do we do now?’"

Sirer’s bug is tied to the fork’s backwards compatibility, so his preferred solution is a new version that isn’t backwards-compatible — known as a "hard fork." That would avoid the denial-of-service bug, but leave anyone running the old version of the software completely cut off from the broader currency system.

Developers have already begun writing software for that system, but they’re facing a brutally tight deadline. The community will have only two weeks to implement the hard fork, having spent more than half its time going down a dead end. If a similar bug turns up in the new code, the result may simply be a $53 million loss for the DAO.

Former Bitcoin Foundation chairman Peter Vessenes says he believes there’s still political will to save the money, but the coding challenge is a serious one. "I’m rooting for these guys," says Vessenes, "but it’s been a tough week."