While there has been no dearth of hacks and exploits within the cryptocurrency space, one of the most infamous ones transpired in 2016. At the time, around 3.64 million Ether were siphoned off The DAO protocol. The hack remains unsolved to this day. However, crypto-journalist Laura Shin is now claiming to have uncovered new evidence from the hack. Evidence that has apparently led her to the perpetrator – an Austrian programmer named Toby Hoenisch.
During the heyday of Ethereum, the DAO was one of the few dApps running on the network. Through massive crowdfunding, he managed to raise millions of dollars in the form of nearly 15% of Ether’s supply at the time. At the time the hack happened, this ETH was worth $249.6 million, 31% of which the hackers were able to siphon off.
At press time, these tokens are worth around $11 billion, making it the costliest crypto-exploit to ever take place.
However, the identity of the culprit may finally be out, as Shin claims in his latest briefing for Forbes.
According to the journalist, the alleged perpetrator is none other than the CEO of TenX, a failed crypto debit card venture that raised $80 million in its ICO. Hoenisch, upon being confronted with the evidence, vehemently denied these allegations before leaving the conversation, she added.
What led her to this conclusion was a “previously unknown” forensic tool from Chainalysis. The tool managed to unmix some 50 BTC which the suspected hacker sent to the Wasabi wallet. These were then attributed to four exchanges, one of which confirmed that the BTC had been exchanged for a privacy coin called Grin and withdrawn to a Grin node called grin.toby.ai, Shin noted.
“The IP address for that node also hosted Bitcoin Lightning nodes: ln.toby.ai, lnd.ln.toby.ai, etc., and was consistent for over a year; it was not a VPN. It was hosted on Amazon Singapore. Lightning explorer 1ML showed a node at that IP called TenX.”
She further revealed that @tobyai was Hoenisch’s handle on various online platforms. It was also based in Singapore, while the time for hack withdrawal transactions also matched the country’s time.
“And the email address used on that account at the exchange was [name of exchange]@toby.ai,” she added.
Furthermore, Shin also found out about the TenX CEO’s interest in The DAO in 2016 after he made several detailed comments about potential vulnerabilities. When his concerns went unaddressed, Hoenisch wrote several posts on Medium explaining how an attack could take place and how it can be carried out cheaply. This foreshadowed the actual exploit that took place weeks later.
When Hoenisch was presented with all this evidence and more, Shin said that he called it “factually incorrect.” He later stopped replying after assuring her he could provide contrary evidence. Finally, he also deleted most of his Twitter posts soon after.
