The $9 Billion ETH Heist That Shook the Crypto World
In 2016, an unidentified attacker stole 3.6 million ETH (worth over $90 billion at current prices) from decentralized fund The DAO—one of cryptocurrency's most consequential hacks that remained unsolved for nearly six years. Crypto journalist Laura Shin now claims to have uncovered the perpetrator in her new book.
How the Attack Unfolded
- Vulnerability Exploited: A flaw in The DAO's code allowed gradual fund diversion to newly created child DAOs
- Stolen Assets: 31% of The DAO's ETH reserves (5% of all circulating ETH at the time)
- Ethereum's Response: Developers executed a controversial hard fork, converting the hacker's ETH to lower-value ETC (Ethereum Classic)
The Suspect: Toby Hoenisch
Shin's investigative findings point to Toby Hoenisch, co-founder of Euro-pegged stablecoin project Mimo Capital, as the mastermind. Key evidence includes:
- Pre-Attack Warnings: Hoenisch flagged The DAO's security flaws weeks before the hack
- Transaction Trails: Chainalysis tools traced Wasabi Wallet mixes to exchange accounts allegedly managed by Hoenisch
- Digital Footprint: Payments routed to a Grin node (
grin.toby.ai) linked to Hoenisch's known aliases (@tobyai)
"The evidence presents an extremely compelling case for the attacker's identity," Shin stated to Bloomberg.
Hoenisch's Denial
The accused has publicly rejected Shin's conclusions, calling them "factually incorrect" in emailed statements—though he declined to provide counter-evidence despite multiple requests.
The DAO's Legacy and Ethereum's Hard Fork
| Event | Date | Impact |
|---|---|---|
| The DAO Crowdsale | April-May 2016 | Raised $139M, became largest crowdfund |
| Attack | June 17, 2016 | 3.64M ETH stolen ($110B current value) |
| Ethereum Hard Fork | July 20, 2016 | Created ETH/ETC split; hacker's stash became ETC |
👉 How blockchain forensics revolutionized crypto crime investigation
FAQ: The DAO Attack Aftermath
Q: Could the hacker still access the stolen funds?
A: Yes—the 3.64M ETC remains in wallets traced to Hoenisch, now worth ~$100M.
Q: Why did Ethereum fork?
A: To freeze the attacker's access while preserving ecosystem trust—a divisive move that birthed Ethereum Classic.
Q: What was Hoenisch's possible motive?
A: Colleagues describe him as intensely opinionated; he may have viewed the hack as "exploiting flawed code" rather than theft.
Q: How did investigators break Wasabi's privacy?
A: Chainalysis deployed new forensic tools to de-mix CoinJoin transactions—a technique now making crypto mixers less effective for anonymity.
👉 The evolution of crypto security since 2016
Timeline of Key Events
- May 2016: Hoenisch emails DAO creators about vulnerabilities
- June 17: Attack executes via recursive call flaw
- July 2016: Ethereum community votes for hard fork
- Oct 2016: Hacker attempts ETC→BTC conversions via ShapeShift
- 2021: Chainalysis tools reveal Wasabi transaction links
"He really screwed up. Reputation is worth more than money."
—Griff Green, former Slock.it community manager
The Broader Implications
This case demonstrates:
- Blockchain's transparency: Even mixers can't fully obscure well-traced transactions
- Regulatory pressures: Exchanges now face stricter compliance requirements
- Tech maturation: Forensic tools have advanced dramatically since 2016
As crypto enters mainstream adoption, early promises of absolute anonymity are fading—with The DAO hack serving as a pivotal case study in accountability.