- Jun 9, 2013
- 6,720
The DAO, a digital Decentralised Autonomous Organisation that has been set up to support projects related to Ethereum, a public blockchain platform that allows programmable transactions, has been hit by unknown attackers that are draining its ether (cryptocurrency) reserves.
Users who have invested their ether in DAO get a token that allows them to vote on which projects will get funded by the organization and, hopefully, get dividends once the project is successful. According to the organization’s website, they have amassed some 9.23 million ether. At the moment, the attackers transferred a little over a third of it to an ether wallet they control.
The attack was made possible not because there is a vulnerability in Ethereum, but because there is one in DAO.
“The attack is a recursive calling vulnerability, where an attacker called the ‘split’ function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction,” Vitalik Buterin, Ethereum creator and one of the DAO curators, explained on the blog of Switzerland-based Ethereum Foundation.
He says that the leaked ether is in a child DAO, and can’t be withdrawn by the attackers for at least another 27 days.
Full Article. The DAO is under attack, a third of its ether reserves stolen - Help Net Security
Users who have invested their ether in DAO get a token that allows them to vote on which projects will get funded by the organization and, hopefully, get dividends once the project is successful. According to the organization’s website, they have amassed some 9.23 million ether. At the moment, the attackers transferred a little over a third of it to an ether wallet they control.
The attack was made possible not because there is a vulnerability in Ethereum, but because there is one in DAO.
“The attack is a recursive calling vulnerability, where an attacker called the ‘split’ function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction,” Vitalik Buterin, Ethereum creator and one of the DAO curators, explained on the blog of Switzerland-based Ethereum Foundation.
He says that the leaked ether is in a child DAO, and can’t be withdrawn by the attackers for at least another 27 days.
Full Article. The DAO is under attack, a third of its ether reserves stolen - Help Net Security
