The DAO, a virtual currency fund that relies on the ethereum blockchain, has suffered a sustained attack that has seen $50 million of Ether siphoned off, causing the price of the crypto-currency to plummet.
The DOA was created as a utopian decentralised venture capital-style smart contract, enabling participants to gain voting shares in exchange for ether. Those who buy into the fund are able to vote on project proposals submitted to the DAO by third party contractors and share in the profits from the investment.
The fund had attracted huge interest in the crypto-currency community, swelling its coffers as enthusiasts jumped onboard, growing the value of the fund to about $134 million. News of the attack has sent shockwaves through the market, causing mass-panic among holders of ether as exchanges ceased withdrawals sending the value of ether plunging from $21 to $15 within hours of the attack.
A critical update from Ethereum explains the modus operandi of the unidentified hacker: “The attacker is currently in the process of draining the ether contained in the DAO into a child DAO,” states Ethereum in a blog post that caused its Website to crash as worried participants piled in. “The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.”
To prevent further damage, Ethereum is proposing the introduction of a hard fork that would effectively set the clock back to a date before the assault took place.
In the meantime, a soft fork is being introduced to prevent the attacker from spending the stolen loot.
“Miners and mining pools should resume allowing transactions as normal, wait for the soft fork code and stand ready to download and run it if they agree with this path forward for the Ethereum ecosystem,” states the post. “DAO token holders and ethereum users should sit tight and remain calm. Exchanges should feel safe in resuming trading ETH.”