Another Suspect in Ethereum’s DAO Hack Emerges, Putting Coin Mixing Under Question

Ethereum Hack Privacy Security
Last updated:
Author
Author
Tim Alper
About Author

Tim Alper is a British journalist and features writer who has worked at Cryptonews.com since 2018. He has written for media outlets such as the BBC, the Guardian, and Chosun Ilbo. He has also worked...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Source: Adobe/manstock007

A prominent crypto journalist has published a remarkable j’accuse article claiming to unmask the identity of the 2016 hack on The DAO, which saw a raider make off with ETH 3.6m, now worth over USD 9.4bn. However, what is possibly more important, it put the popular coin mixing technology under question.

Writing for Forbes, Laura Shin explained that her research, in conjunction with that of the blockchain analytics firm Chainalysis, had traced the hack to the Austrian programmer Toby Hoenisch, the co-founder of the now-defunct TenX payments platform, one of the top 10 ICOs of 2017, that was turned into Mimo Capital.

Cryptonews.com has contacted Hoenisch with a request for comment.

“After being sent a document detailing the evidence pointing to him as the hacker, Hoenisch wrote in an email, “Your statement and conclusion is factually inaccurate.” In that email, Hoenisch offered to provide details refuting our findings—but never answered my repeated follow-up messages to him asking for those details,” Shin wrote.

In her article, Shin explained how Chainalysis data had traced a “presumed attacker” who had “sent bitcoin (BTC) 50 to a Wasabi Wallet address. The wallet makes use of “mixing” technology that aims to anonymize transactions by mixing numerous blockchain movements together at once in a CoinJoin.

She claimed that “using a capability” that was “being disclosed here for the first time,” Chainalysis had “de-mixed the Wasabi transactions and tracked their output to four exchanges.”

For some notable observers, the fact that Chainalysis appears to have developed the ability to de-mix Wasabi transactions was a major revelation with potentially significant consequences for the entire sector.

Shin continued, explaining that “an employee at one of the exchanges confirmed to one of my sources that the funds were swapped for” a privacy coin named grin (GRIN) – and then withdrawn to a Grin blockchain node called grin.toby.ai.

Further, she added:

“The IP address for that node also hosted Bitcoin Lightning nodes: ln.toby.ai, lnd.ln.toby.ai, etc., and was consistent for over a year; it was not a VPN.”

The hosting of the node was traced to Amazon Singapore, while “Lightning explorer 1ML showed a node at that IP called TenX.”

Shin also claimed that the email address used on the same exchange account ended in “@toby.ai.”

She added that “in May 2016, as it was finishing up its historic fundraise, Hoenisch was intensely interested in The DAO” – and had even “trolled” the Ethereum co-creator Vitalik Buterin “by retweeting something Buterin had said before The DAO was attacked” on the morning after the hack.

In discussing the alleged attacker and his possible motives for the raid, Shin claimed that insiders thought Hoenisch could have “instead remedied the situation” by exposing network flaws and later returning the ETH.

She noted that in a 2016 blog post, Hoenisch had written, “I’m a white hat hacker by heart.’’ This, she wrote, was just 20 days before the DAO attack.

Chainalysis also toasted the report – and the nods to its new investigative methods – in a Twitter post.

There was further sleuthing from crypto community members on Twitter – including a confirmation from the Cake DeFi boss Julian Hosp, another co-founder of TenX, who “confirmed” that Hoenisch had sent him a “tip […] to short ETH once the DAO crowdfunding ended.”

But some warned about the dangers of pointing the finger – and claimed that legal action could well follow.

________
Reactions:

_____
Learn more:
Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes
Mt. Gox Payouts Nearing, But Is the Market Ready for It?

More Articles

Blockchain News
Binance Labs Rebrands as YZi Labs, Expands Its Investment Focus to AI, Biotech
Veronika Rinecker
Veronika Rinecker
2025-01-23 20:21:56
Blockchain News
OKX Secures MiCA Pre-Authorization to Offer Crypto Services in Europe
Tanzeel Akhtar
Tanzeel Akhtar
2025-01-23 17:22:15
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors