By the look of things, the worries for The DAO are far from over. Their Ethereum account is being drained for the second time in as many days, using the same type of exploit. Although a much smaller amount has been stolen, this time, this is a very worrying trend for what many people believed to be the future of decentralized organizations.
News broke yesterday about The DAO being under attack from an exploit in their smart contract code. An assailant was able to drain over 3 million ETH from their account through a recursive bug. But it looks like that was not the only attack against this project, as a second incident was reported about an hour ago.
The DAO Attack #2
So far, the second attack is far less successful compared to yesterday’s attempt. Every recursive split execution drained roughly 0.85 ETH, and a total of 22 Ether has been stolen in total. It appears this is just someone who wanted to test the exploit and see if they could use it to their advantage.
This goes to show the technology used by The DAO is far from secure. Moreover, the developers still did not address the same vulnerability reported nearly a week ago. While it is pretty much impossible for hackers to withdraw funds they drain from The DAO – it is locked for four weeks – this is setting a very concerning precedent.
The second attack in as many days against The DAO is the last thing this project needed right now. There has been a lot of discussion regarding their plans to execute either a hard or soft fork of the code. Doing so would allow them to recoup the stolen funds, but the concept is facing a lot of negative feedback from the community so far.
It is evident a solution has to be found before the remaining DAO funds are drained as well. Coming up with a solution to prevent further losses should be the top priority right now. Since there are still over three weeks left to ensure the lost funds can be recovered, there is plenty of time to address that issue later on.
Header image courtesy of Shutterstock