Dear Ethereum comunity,

Two days ago, a hacker used a recursive send exploit draining about 30% of the DAO ether.

Ethereum devs have been working on soft and hard forks to solve this issue. However, we have no guarantees that miners would accept the soft fork, nor that the whole community would accept the hard fork. Thus, we are looking for alternatives to these forks to recover the funds.

Preventing other attacks

The vulnerability is still active and if we do nothing, other attackers could try to steal the funds. In order to avoid that, we are voting “yes” on all the split proposal near their deadline. Would someone start a new attack with a split proposal, we would follow him in order to execute a stalker attack followed by a recursive send one on the child DAO, making the attacker unable to use the stolen ETH.

Attacking the Dark DAO

Attacking the Dark DAO is more complex, as it is too late to execute a stalker attack on it, as the attacker is the only one who voted “yes” on the split proposal. In order to execute an attack on the Dark DAO, we would need the collaboration of The DAO in order to get Dark DAO tokens. DAO holders, please stay tuned as we may need your vote. We would also need collaboration from the DAO curators to lower the quorum and to white list some address in order for this attack to succeed.

Getting the Ether back

We may be able to prevent attackers to use the stolen ETH, but up to now, we haven’t be able to find a way to actually recover the ETH. Recovering the ETH would need the collaboration of the attacker.

We would create a smart contract allowing if funded:

The attacker to claim a bounty of 1% of the total ETH which was in the DAO before the attack.

Token older to redeem their invested ETH (minus the 1% bounty).

The attacker could deny this settlement, but it would only continue a war costing transaction fees almost indefinitely. Thus, both parties (the attacker and the white hats)would have interest to move the funds into this smart contract.

The smart contract settlement could also be use in the case where miners agree on a soft fork (without the need of an hard fork). The soft fork would block the attacker from moving funds except to the contract. He could either have all the funds definitely frozen or collect his bounty.

With a soft fork we could even get all the funds back without a bounty nor the collaboration of the attacker. A soft fork would freeze the accounts of the attacker and we would attack the Dark DAO. His accounts being frozen, he would be able to defend and we would recover all the funds.

Notice that we don’t know the motivations of the hacker. So all this section is to be subject to caution as we are dealing with an human subject.

How could you help

We need your help, we need:

An attacking contract, using the same vector as the attacker. The vector is mostly known, but we still need the particular implementation of the contract. We do not advise to make it public, as this could allow script kiddies to use it (of course, we would attack them as stated in the first section, but that would be a waste of human resources and transaction fees).

A settlement contract, sending 99% of the ETH to the redeem contract and 1% to an address controlled by the attacker if an amount of Ether at least equal to X is sent to the contract.

A redeem contract. Allowing DAO token holders to get back their part of the ETH.

People investigating a way to optimize the attack vectors in order for our attack to demand less transaction fees.

People investigating in depth the attack of section 2.

People searching for attack vectors able to recover the funds, not only preventing the attackers to use them.

If you wan to contribute, feel free to give me way to each you in the comments (email address, DAO Hub account, reddit account, etc).

Best regards,

Clemage, Member of the DAO White Hat Team