Journalist alleges Mimo Capital co-founder was behind 2016 exploit of The Dao: Report

Published at: Feb. 22, 2022

Laura Shin, a cryptocurrency journalist and host of the Unchained Podcast, claimed to have discovered the identity of the individual behind an exploit which drained more than 3.6 million Ether from Germany-based startup Slock.it’s The DAO in 2016.

According to a Tuesday Bloomberg report, Shin claimed that she had “extremely strong evidence” that Mimo Capital co-founder Toby Hoenisch was responsible for removing more than 3.6 million Ether (ETH) from The DAO in June 2016 — roughly $50 million at the time. An unknown hacker used an exploit to drain roughly a third of The DAO’s ETH supply, forcing developers to hard fork the network and leaving the illicit funds in what became the Ethereum Classic (ETC) blockchain.

EXCLUSIVE: With the publication of my book today, I can finally announce: in the course of writing my book, my sources and I believe we uncovered the identity of the Ethereum's 2016 DAO hacker.

— Laura Shin (@laurashin) February 22, 2022

Shin’s research conducted with Ethereum developer Alex Van de Sande and blockchain analytics firm Chainalysis alleged that Hoenisch was aware of the exploit weeks before the attack occurred on June 17, 2016. According to Van de Sande, the hacker used crypto exchange Shapeshift to convert the pilfered ETC — following the hard fork — to Bitcoin (BTC). They believe the attacker then use crypto wallet Wasabi to mix the BTC, four “different central exchanges” to further launder the funds, and finally privacy-focused cryptocurrency Grin “for added privacy.”

Chainalysis said it was able to de-mix the crypto transactions and trace the funds to exchanges that later received the tokens in accounts allegedly managed by Hoenisch. The firm added that “this is yet another example of evidence preserved on the blockchain forever.”

“I have no pity on Toby Hoenisch, if he is truly the guy,” said Van de Sande. “That period was stressful for all of us, we almost saw everything we had build fracture and fall.”

The Mimo Capital co-founder has reportedly denied Shin’s allegations, calling her findings "factually inaccurate." In Mimo’s Telegram on Tuesday, community manager Thomas Reinhardt said Hoenisch has “had no active role in the day-to-day operations” of the platform since its early days.

“The content of these accusations is as surprising to us as they are to the community, and we remain committed to providing the best and the safest Euro stable token DeFi platform for our users,” said Reinhardt.

Had developers not acted to hard fork the network, the original 3.6 million ETH tokens would have been worth more than $9 billion at the time of publication. However, with the ETC price roughly 10% that of ETH, the stolen funds are estimated to be worth roughly $94 million. 

“I imagine a number of people who have used [Wasabi] for illicit purposes are feeling insecure today,” said Shin. “This may get them wondering if blockchain forensics will catch up to them later, even if they use the latest crypto obfuscation techniques today.”

Tags
Dao
Related Posts
Fei Protocol founder proposes ghosting Tribe DAO following hack repayment
An attack in April 2022, which drained off nearly $80 million from various Rari Fuse pools, required the decentralized finance (DeFi) platform Fei Protocol to come up with a solution that minimizes damage to the ecosystem. Fei Labs’ latest proposal, which partly recommends revoking participation from Tribe DAO, received mixed sentiments from the community. Fei Protocol founder Joey Santoro announced the latest proposal, TIP-121: Proposal for the future of the Tribe DAO, revealing the company’s intent to reimburse Fuze victims. It also details plans for asset redemption and the distribution of protocol-controlled value (PCV) assets that manage the liquidity and …
Altcoin / Aug. 20, 2022
Tribe DAO votes in favor of repaying victims of $80M Rari hack
After months of uncertainty, the Tribe DAO has passed a vote to repay affected users of the $80 million exploit on decentralized finance (DeFi) platform Rari Capital's liquidity pools. Following several rounds of voting and governance proposals, Tribe DAO, which consists of Midas Capital, Rari Capital, Fei Protocol and Volt Protocol, took the decision to a vote on Sept. 18 with the intent to fully reimburse hack victims. Data from on-chain voting platform Tally shows that 99% of those who voted were in favor and the proposal was executed on Sept. 20. According to the description underneath the voting data, …
Blockchain / Sept. 22, 2022
BonqDAO protocol suffers $120M loss after oracle hack
A small-scale decentralized autonomous organization (DAO) has suffered a rather sizeable smart contract exploit leading to an estimated $120 million being stolen from its protocol. BonqDAO, which is behind the Bonq protocol, told its Twitter followers on Feb. 1 that its protocol was exposed to an oracle hack that allowed the exploiter to manipulate the price of the AllianceBlock (ALBT) token. Bonq protocol was exposed to an oracle hack, where exploiter increased the ALBT price and minted large amounts of BEUR. The BEUR was then swapped for other tokens on Uniswap. Then, the price was decreased to almost zero, which …
Blockchain / Feb. 2, 2023
LastPass data breach led to $53K in Bitcoin stolen, lawsuit alleges
A class action lawsuit has been filed against password management service LastPass following a data breach from Aug. 2022. The class action was filed with the U.S. district court of Massachusetts on Jan. 3, by an unnamed plaintiff known only as “John Doe” and on behalf of others similarly situated. It alleges that the data breach of LastPass has resulted in the theft of around $53,000 worth of Bitcoin. The plaintiff claimed he began accruing BTC in Jul. 2022 and updated his master password to more than 12 characters using a password generator, as recommended by the LastPass “best practices.” …
Business / Jan. 5, 2023
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023