íàçâàíèå

Ethereum: We Haven’t Seen the Last of the Bug That Killed the DAO

Ethereum: We Haven’t Seen the Last of the Bug That Killed the DAO

More than two years after the collapse of The DAO thrust the Ethereum community into civil war, one of the bugs that caused that caused that black swan event continues to lurk in many smart contracts, waiting to be exploited by hackers.

That’s according to Emin G?n Sirer?, a computer science professor at Cornell and the co-director of cryptocurrency research initiative IC3, who said that he has seen a variety of smart contracts that may be vulnerable to a “reentrancy” attack that allows a malicious user to drain ETH from a payment channel.

“BTW, I’ve seen other contracts like this one that implicitly trust the erc-20 tokens issued on top of their platform to not perform reentrant calls. I’m sure this isn’t the last episode of this bug,” he wrote on Twitter.

Sirer was commenting on the news that SpankChain, an adult entertainment startup whose platform runs partially on Ethereum smart contracts, had been hacked for nearly $40,000 worth of cryptocurrency over the weekend.

As CCN reported, the company said that the hacker used a reentrancy attack to siphon 1165.38 ETH out of the smart contract over a series of transactions. In short, the attacker used a malicious smart contract to trick the SpankChain contract into believing that the attacker could withdraw funds from the payment channel.

The firm explained:

“The attacker created a malicious contract masquerading as an ERC20 token, where the ‘transfer’ function called back into the payment channel contract multiple times, draining some ETH each time.”


As both Spankchain and Sirer noted, the attack was similar to the one that crippled The DAO, a decentralized venture capital fund that long held the record for most funds raised by an initial coin offering (ICO).

Worth as much as $150 million at a time when the total market cap of ethereum was still far below $2 billion, The DAO held nearly 15 percent of the total ETH supply on June 17, 2016, when an attacker stole 3.6 million ETH — today worth nearly $815 million — by exploiting its vulnerable smart contract.

We all know what happened next: a series of futile attempts to recover the funds, the infamous chat room conversation, and the contentious hard fork that resulted in the creation of Ethereum Classic.

Now, more than two years later, Ethereum has largely put The DAO hack in its rearview mirror. The ethereum price, which plunged as low as $6 in the months following the hack, now stands at $230. Hundreds of blockchain startups have used Ethereum to raise billions of dollars through ICOs, and thousands of developers are building decentralized applications (dApps) that run on the platform.

However, though the consequences may not always be quite as serious as they were on that infamous morning in June 2016, the bug that permanently altered the cryptocurrency landscape appears determined to continue to rear its ugly head.

Images from Shutterstock


• Join CCN's crypto community for $9.99 per month, click here.
• Want exclusive analysis and crypto insights from Hacked.com? Click here.
• Open Positions at CCN: Full Time and Part Time Journalists Wanted.
10.10.2018 / 08:15 17
‘We Got Spanked’: Adult Entertainment ICO Suffers $38,000 Hack ‘We Got Spanked’: Adult Entertainment
“We got spanked.” That’s the message that SpankChain, the initial coin offering (ICO) funded adult entertainment website, used to inform its users
Hackers Steal $200,000 Worth of EOS, dApp Had Smart Contract Flaw Hackers Steal $200,000 Worth of EOS,
A gambling application that is based on the EOS blockchain has had a flaw in its smart contract system exploited. Hackers were able to make off with
Cornell Professor and Nick Szabo Criticize EOS for Bugs and Centralization Cornell Professor and Nick Szabo
As CCN reported on May 29, the launch of the mainnet of EOS was delayed due to a critical bug found by China-based cybersecurity firm Qihoo 360. Emin
EOS Will See ‘Massive Exchange Hack’ This Year, Cornell Professor Says EOS Will See ‘Massive Exchange Hack’
EOS will be the victim of a “massive” exchange hack this year, developer and computer science professor at Cornell University, Emin G?n Sirer, has
Ethereum Smart Contracts only Good in ‘Kangaroo Courts’: NYU Prof. Nouriel Roubini Ethereum Smart Contracts only Good in
New York University (NYU) professor Nouriel Roubini is famous for his bearish economic prognostications, but in the cryptocurrency community “Dr.
Most Cryptocurrency Cost Less Than $1 Million a Day to 51% Attack: Cornell Professor Most Cryptocurrency Cost Less Than $1
Earlier today, on May 31, prestigious US university Cornell professor Emin G?n Sirer ?noted that the vast majority of proof-of-work (PoW)-based
Comments (0)
Add a comment
Comment on