BTC -0.21%
ETH 3.65%
SOL 0.97%
PEPE 10.22%
SHIB 3.95%
BNB 2.13%
DOGE 3.89%
XRP -0.52%
presale is live

Another Suspect in Ethereum’s DAO Hack Emerges, Putting Coin Mixing Under Question

Tim Alper
Last updated: | 3 min read
Source: Adobe/manstock007


A prominent crypto journalist has published a remarkable j’accuse article claiming to unmask the identity of the 2016 hack on The DAO, which saw a raider make off with ETH 3.6m, now worth over USD 9.4bn. However, what is possibly more important, it put the popular coin mixing technology under question.

Writing for Forbes, Laura Shin explained that her research, in conjunction with that of the blockchain analytics firm Chainalysis, had traced the hack to the Austrian programmer Toby Hoenisch, the co-founder of the now-defunct TenX payments platform, one of the top 10 ICOs of 2017, that was turned into Mimo Capital has contacted Hoenisch with a request for comment.

“After being sent a document detailing the evidence pointing to him as the hacker, Hoenisch wrote in an email, “Your statement and conclusion is factually inaccurate.” In that email, Hoenisch offered to provide details refuting our findings—but never answered my repeated follow-up messages to him asking for those details,” Shin wrote.

In her article, Shin explained how Chainalysis data had traced a “presumed attacker” who had “sent bitcoin (BTC) 50 to a Wasabi Wallet address. The wallet makes use of “mixing” technology that aims to anonymize transactions by mixing numerous blockchain movements together at once in a CoinJoin.

She claimed that “using a capability” that was “being disclosed here for the first time,” Chainalysis had “de-mixed the Wasabi transactions and tracked their output to four exchanges.”

For some notable observers, the fact that Chainalysis appears to have developed the ability to de-mix Wasabi transactions was a major revelation with potentially significant consequences for the entire sector.

Shin continued, explaining that “an employee at one of the exchanges confirmed to one of my sources that the funds were swapped for” a privacy coin named grin (GRIN) – and then withdrawn to a Grin blockchain node called

Further, she added:

“The IP address for that node also hosted Bitcoin Lightning nodes:,, etc., and was consistent for over a year; it was not a VPN.”

The hosting of the node was traced to Amazon Singapore, while “Lightning explorer 1ML showed a node at that IP called TenX.”

Shin also claimed that the email address used on the same exchange account ended in “”

She added that “in May 2016, as it was finishing up its historic fundraise, Hoenisch was intensely interested in The DAO” – and had even “trolled” the Ethereum co-creator Vitalik Buterin “by retweeting something Buterin had said before The DAO was attacked” on the morning after the hack.

In discussing the alleged attacker and his possible motives for the raid, Shin claimed that insiders thought Hoenisch could have “instead remedied the situation” by exposing network flaws and later returning the ETH.

She noted that in a 2016 blog post, Hoenisch had written, “I’m a white hat hacker by heart.’’ This, she wrote, was just 20 days before the DAO attack.

Chainalysis also toasted the report – and the nods to its new investigative methods – in a Twitter post.

There was further sleuthing from crypto community members on Twitter – including a confirmation from the Cake DeFi boss Julian Hosp, another co-founder of TenX, who “confirmed” that Hoenisch had sent him a “tip […] to short ETH once the DAO crowdfunding ended.”

But some warned about the dangers of pointing the finger – and claimed that legal action could well follow.


Learn more: 
Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes 
Mt. Gox Payouts Nearing, But Is the Market Ready for It?