Toby Hoenisch, co-founder and former CEO of TenX, appears to be the face behind one of the most significant hacks in the industry, the theft of 3,64 million ethers from The DAO.
An exhaustive investigation carried out by journalist Laura Shin, using advanced analysis tools from the forensic firm blockchain Chainalysis accuses TenX co-founder and former CEO Toby Hoenisch of carrying out the 3,64 hack of 2016 million ether from decentralized venture capital fund The DAO.
Laura Shin, cryptojournalist and author of The Cryptopians, made public an investigation that points to Hoenisch as the person responsible for the multi-million dollar theft from The DAO. In its publication, Shin said he received a complaint from Hoenisch, stating that his research was incorrect and that he could provide evidence to refute his findings. However, after several attempts, he was unable to contact him again, while All evidence points to him as the hacker, Shin said.
The DAO hack is one of the most significant in the history of cryptocurrencies so far. Due to this event, the Ethereum blockchain forked, giving rise to the network known as Ethereum Classic. At the time of the hack, the 3,64 million ethers stolen from the decentralized fund were valued at around $50 million. Today, this same amount of ethers exceeds $9.000 billion, with ETH trading at around $XNUMX billion. $2.600 per unit.
It may interest you: Opensea users have $2,9 million worth of NFTs stolen due to phishing
Toby Hoenisch and the hack of The DAO
Shin's investigation, which falls on Hoenisch, points out that in 2016 the former CEO of TenX had detected several technical vulnerabilities in The DAO project. Although he reported them to the development team, it seems that they did not take his warnings seriously enough, which may have motivated Hoenisch to carry out the hack. Shin pointed out that Hoenisch's big ego may have led him to carry out the attack, justifying himself with the fact that the code was flawed and allowed the exploit.
As an important fact, after the attack on The DAO, the hacker published a letter He anonymously addressed the community and developers, stating that the 3,64 million ethers were part of his “legitimate reward” for using a “function” explicitly coded into The DAO’s smart contract. He even threatened legal action if the funds were frozen or seized, as according to him and his lawyers, his actions were in full compliance with US criminal and civil liability law.
On the other hand, Julian Hosp, also co-founder of TenX, told Shin that Hoenisch was a very stubborn person. “He always believed he was right. Always.”he said.
Toby Hoenisch faces the brunt of Shin's accusations, who admits to speculating on the motives that could have led to the hack, due to the lack of communication. “Since Hoenisch does not want to talk to me, I can only speculate on his possible motives.”, Shin wrote.
The DAO, the basis of crypto crowdfunding
The DAO was one of the first decentralized organizations created on Ethereum, and was at the time considered the largest crowdfunding event in the crypto industry. In a short time, The DAO had raised more than 11,5 million ethers, valued at around $150 million. Its members numbered around 20.000 people from all over the world who had deposited their money within this decentralized organization with the intention of investing or saving it for the long term.
The hack and the hard fork
However, the rapid growth of the project led the developers to ignore security warnings that had been published by several of its members. In addition to Hoenisch, three other researchers also reported vulnerabilities in The DAO's code. Warnings that were also ignored by the development team. Thus, in July 3, the project was exploited, allowing the hacker to steal about 2016% of the funds stored in ether.
Ironically, one of the vulnerabilities prevented the hacker from immediately accessing the stolen funds. In fact, he had to send the ethers to a secondary DAO and wait 28 days to be able to access them. This situation gave the crypto community time to discuss what measures they should take to stop the theft. Vitalik Buterin, co-founder of Ethereum, weighed in on the public discussions, where most supported the decision to fork the network to recover the funds.
On July 20, 2016, the Ethereum blockchain split. The old chain became known as Ethereum Classic, which continued its original course with the hack, while the new blockchain, Ethereum, allowed members of The DAO to recover their stolen ethers.
Tracking funds
With the original chain being Ethereum Classic, the hacker moved ETC instead of ETH, which were less valuable. After the theft, the hacker moved the ETC to a new wallet, which remained inactive until October, when he began exchanging the funds on the ShapeShift platform. Within two months, the hacker managed to exchange $230.000 worth of ETC to BTC through this wallet. exchangeAlthough at the time, the platform allowed people to exchange cryptocurrencies without registration, ShapeShift ended up blocking the hacker's numerous exchange attempts.
Later, based on the analysis carried out by the firms Coinfirm and Chainalysis, Shin details that the hacker sent 50 BTC to a Wasabi wallet, focused on anonymity, which were then exchanged for the Grin (GRIN) cryptocurrency, also focused on privacy. GRIN has been withdrawn to a Grin node called grin.toby.ai. “The IP address of that node also hosted Bitcoin Lightning nodes: ln.toby.ai, lnd.ln.toby.ai… It was not a VPN”, Shin noted.
Identifier: Tobyai
According to the investigation, “tobyai” was the nickname used by Toby Hoenisch to identify himself on different platforms and social networks, such as AngelList, Betalist, GitHub, Keybase, LinkedIn, Medium, Pinterest, Reddit, StackOverflow and Twitter.
On the other hand, Shin discovered that the email address used in the withdrawal transactions was from the @toby.ai domain. Hosp confirmed to the crypto journalist that One of the regular email addresses used by Toby Hoenisch ended in @toby.aiHe also revealed that he had lost money by investing in GRIN, influenced by Hoenisch who was “fascinated” with that cryptocurrency.
Prior to The DAO hack, Hoenisch published a series of articles on Medium about vulnerabilities in The DAO's code. According to Hosp, Hoenisch was eerily familiar with The DAO hack. “He understood more about The DAO hack when I asked him what had happened… than he had found on the Internet or anywhere else”He said.
Advances in blockchain and crypto regulation
Shin explains that she and her team of researchers used advanced blockchain analysis tools, developed by Chainalysis, to follow several leads regarding the hack of The DAO.
Today, the development and evolution of blockchain technology has led crypto surveillance companies to develop sophisticated tracking and tracing tools, which have degraded the idea that the crypto space is an ideal haven for cybercriminals. “As new blockchain applications emerge, one of the earliest uses of cryptocurrencies, as an anonymity shield, is on the way out”, Shin said.
The rise of cryptocurrencies has also increased the pressure from regulators on companies that provide services with cryptoassets, which are subject, in most jurisdictions, to monitoring their clients and their financial movements.
As mentioned, Hoenisch has not reached out to the crypto journalist to refute the evidence pointing to him as the possible perpetrator of The DAO hack. In addition to this, Shin said that after receiving the first document of his investigation, which detailed the facts he had collected, Hoenisch deleted almost all of his Twitter history.
The DAO hack is also one of the great mysteries surrounding Ethereum, currently the leading network for the development of smart contracts, DApps, NFTs, games and Metaverses. Shin's research on this hack was conducted as part of his new book The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze, recently published.
Continue reading: What is Mars Stealer? The new Oski variant that attacks cryptocurrency wallet extensions
