Laura Shin, a cryptocurrency journalist and host of the Unchained Podcast, claimed to have discovered the identity of the individual behind an exploit which drained more than 3.6 million Ether from Germany-based startup Slock.it’s The DAO in 2016.
According to a Tuesday Bloomberg report, Shin claimed that she had “extremely strong evidence” that Mimo Capital co-founder Toby Hoenisch was responsible for removing more than 3.6 million Ether (ETH) from The DAO in June 2016 — roughly $50 million at the time. An unknown hacker used an exploit to drain roughly a third of The DAO’s ETH supply, forcing developers to hard fork the network and leaving the illicit funds in what became the Ethereum Classic (ETC) blockchain.
With the publication of my book today, I can finally announce: in the course of writing my book, my sources and I believe we uncovered the identity of the Ethereum’s 2016 DAO hacker.
— Laura Shin (@laurashin) February 22, 2022
Shin’s research conducted with Ethereum developer Alex Van de Sande and blockchain analytics firm Chainalysis alleged that Hoenisch was aware of the exploit weeks before the attack occurred on June 17, 2016. According to Van de Sande, the hacker used crypto exchange Shapeshift to convert the pilfered ETC — following the hard fork — to Bitcoin (BTC). They believe the attacker then use crypto wallet Wasabi to mix the BTC, four “different central exchanges” to further launder the funds, and finally privacy-focused cryptocurrency Grin “for added privacy.”
Chainalysis said it was able to de-mix the crypto transactions and trace the funds to exchanges that later received the tokens in accounts allegedly managed by Hoenisch. The firm added that “this is yet another example of evidence preserved on the blockchain forever.”
“I have no pity on Toby Hoenisch, if he is truly the guy,” said Van de Sande. “That period was stressful for all of us, we almost saw everything we had build fracture and fall.”
The Mimo Capital co-founder has reportedly denied Shin’s allegations, calling her findings “factually inaccurate.” In Mimo’s Telegram on Tuesday, community manager Thomas Reinhardt said Hoenisch has “had no active role in the day-to-day operations” of the platform since its early days.
“The content of these accusations is as surprising to us as they are to the community, and we remain committed to providing the best and the safest Euro stable token DeFi platform for our users,” said Reinhardt.
Had developers not acted to hard fork the network, the original 3.6 million ETH tokens would have been worth more than $9 billion at the time of publication. However, with the ETC price roughly 10% that of ETH, the stolen funds are estimated to be worth roughly $94 million.
“I imagine a number of people who have used [Wasabi] for illicit purposes are feeling insecure today,” said Shin. “This may get them wondering if blockchain forensics will catch up to them later, even if they use the latest crypto obfuscation techniques today.”