Hack sends cryptocurrency Ether plunging into the abyss

Vulnerabilities affecting DAO have been exploited, throwing the Ethereum network into chaos.
Written by Charlie Osborne, Contributing Writer

The Decentralized Autonomous Organization (DAO) has admitted becoming the victim of a cyberattack in which an attacker was able to drain the platform of the cryptocurrency Ether.

Founded in 2014, the crowdsourced company offers a blockchain app platform used to fund various projects through virtual currency.

The DAO's decentralized platform runs smart contracts and uses isolated servers in an attempt to reduce the "possibility of downtime, censorship, fraud or third party interference," but the cyberattack is likely to raise the same security worries of virtual currency that Mt. Gox and various other cryptocurrency platforms prompted.

Vitalik Buterin, co-founder of Ethereum, said in a statement on Friday that the cyberattack was found while the attacker was draining the DAO of funds, and asked that users stop trading temporarily.

Buterin said:

"The attack is a recursive calling vulnerability,where an attacker called the "split" function, and then calls the split function recursively inside of the split, thereby collecting Ether many times over in a single transaction."

Trading has now resumed and DAO has proposed a software fix which will stop the cyberattacker withdrawing funds after a 27-day window, giving the project time to mull over its options and ways to try and recover investor funds.

DAO has not revealed how much Ether was stolen during the hack. However, the New York Times reports it could be up to $50 million.

The executive emphasised that the vulnerability that affects the DAO specifically and "Ethereum itself is perfectly safe," but this hasn't stopped faith in the cryptocurrency being shaken.

At the time of writing, the price of Ether has plunged by roughly 11 percent and 1 ETH is now worth $11.29.

Over the last few days, DAO has crowdsourced a number of bugs and security flaws which need to be addressed to keep investor funds safe from future attacks.

Editorial standards