blockster.com
Journalist Laura Shin, in a Forbes article published on Tuesday, February 22, 2022, identified Toby Hoenisch, an Austrian programmer, who is co-founder and CEO of crypto debit card company TenX, as the hacker behind the infamous 2016 DAO hack. (Hoenisch’s company TenX raised $80 million in an initial coin offering (ICO) in 2017, intending to build a crypto debit card, a venture that was unsuccessful.)
Shin investigated the hacking incident for her new book titled The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze.
The DAO is a decentralized venture capital fund–yes, its name is simply “DAO”–that was one of the world's earliest decentralized autonomous organizations (DAOs) built on the Ethereum network. It launched in April of 2016 and held a twenty-eight-day crowd sale event, raising over $150 million worth of ETH to fund the organization.
However, things went sideways later in June 2016, after a hacker exploited a vulnerability found in the code behind the DAO. The attacker managed to siphon over 3.6 million ETH (currently worth $9.8 billion), which amounted to one-third of all the Ether held in the fund, transferring the ETH to a "child DAO".
Together with the Mt. Gox saga and the Bitfinex bitcoin theft, the DAO hack is one of the most famous crypto heists in history.
Apart from the ETH stolen, the hack is also significant because it nearly caused the collapse of the Ethereum network. A contentious debate soon followed the incident over ways to handle the situation, which later led to a chain split that resulted in the creation of Ethereum Classic (ETC).
Different investigations have attempted to identify the hacker, and now, six years after the incident, it seems the mystery has been solved. Shin, in the Forbes article, said she has been conducting a joint investigation with blockchain analysis firm Chainalysis.
According to the journalist, Chainalysis discovered that the suspect transferred 50 BTC to Wasabi Wallet, a non-custodial, privacy-focused Bitcoin wallet for Desktop, which anonymizes transactions. However, Chainalysis claimed that it was able to "de-mix" the transactions, tracing them to four crypto exchanges. The de-mixing process was made possible due to privacy mistakes reportedly committed by the alleged hacker Hoenisch. One of the mistakes was using centralized exchanges.
Shin said that an employee working at one of the four tracked exchanges confirmed that the Bitcoin in question was exchanged for the privacy coin, Grin.
The Grin was withdrawn to a non-custodial called grin.toby.ai. Interestingly, Hoenisch used his name "Toby" for his Grin and Lightning nodes, making it easy to trace the hack to the programmer. Another mistake was failing to use a virtual private network (VPN) to conceal his exact location.
In light of the revelation, Hoenisch has denied the allegations, stating that Shin's "statement and conclusion is factually inaccurate.” According to the Forbes journalist, Hoenisch claimed that he was going to refute the findings but has yet to provide such details.
The news comes on the heels of the recent seizure of stolen Bitcoin worth over $3.6 billion by U.S. federal authorities, which was linked to the 2016 Bitfinex hack. Two suspects, Ilya Lichtenstein, and his wife Heather Morgan have been arrested and charged with laundering the ill-gotten funds.