Ethereum project The DAO hacked and possibly dismantled. Here are the cryptocurrency highlights of week 24:
- Ethereum and The DAO token holders got the scare of a lifetime this week as a bug was found and exploited in The DAO smart contract. The attacker exploited what is called a “recursive calling vulnerability”. By calling the “split” function, and then calling the split function recursively inside of the split, it becomes possible to collect Ether many times over in a single transaction. The attacker used this to drain the Ether contained in The DAO into a child DAO hoping to be able to withdraw the Ether soon. Because there is a creation window for child DAOs the attacker won’t be able to do this for the next month, giving developers some time to respond to the matter.
- After the attack on The DAO it has immediately been decided that the project smart contract should be dismantled. Ethereum developers have proposed a soft fork to prevent the stolen Ether locked in a child DAO from being withdrawn after the creation window. A hard fork will subsequently be proposed in order to transform The DAO smart contract in one that allows all The DAO token holders to reclaim their proportional amount of Ether. It should be noted that this means no transactions or blocks will be “reversed” on the Ethereum blockchain. The size of The DAO had been a point of concern ever since its crowdsale less than a month ago. By dismantling The DAO, Ethereum loses a massive liability in the form of a significant portion of all Ether in existence being locked up in a single smart contract, but others in the community are worried that a hard-fork to this purpose would be setting a dangerous precedent.
- The attacker of The DAO has posted a signed message on pastebin stating “I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward”. The attacker continues by arguing that the attack should not be classified as a theft: “I am disappointed by those who are characterizing the use of this intentional feature as ‘theft’. I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law”. The attacker is also considering legal actions “any accomplices of illegitimate theft, freezing, or seizure of my legitimate ether” and warns that “any fork, soft or hard, will further damage Ethereum and destroy its reputation and appeal”. It must be added that several members of the Ethereum community have pointed out that the signature on this message may be false.
- Ripple has been granted the second ever BitLicense by the New York State Department of Financial Services (NYDFS). Bitcoin wallet Circle was the first to receive a BitLicense already nine months ago. Ripple CEO Chris Larsen was happy to receive the license and stated “With the BitLicense in hand, we look forward to working with our New York bank customers seeking to use XRP for liquidity and cost savings”. Other applicants for a BitLicense, such as Bitcoin exchange Coinbase and Bitcoin storage specialist Xapo, are still awaiting approval.
- Bitcoin continued to rally this week, even though the rally seems to have lost some of its momentum following the attack on The DAO. The value of the most popular digital currency increased by 32 percent, resulting in an exchange rate of about $773 per BTC. Ethereum on the other hand suffered from heavy fallout of The DAO attack, taking down the exchange rate of Ether by 16 percent compared to the previous week, to a current rate of $11.72 per ETH. In the hours prior to the attack Ether even briefly traded above 21$ per ETH, meaning that Ether has even lost 44 percent of its value in a short period of time as a result of the attack on The DAO.