Ethereum DAO Hacker Doxxed? How This Chainalysis Tool Led To His Identity

Reporter Laura Shin shared new information related to the mythical 2016 Ethereum DAO hack. As part of a larger investigation for her new book, Shin claims a long-rumored Chainalysis tool tracked down the identity of the bad actor. Related Reading | Data Shows Bitfinex Hack Woke Up Largest Ever 5yr+ Bitcoin Supply 6 years ago, […]
Reporter Laura Shin shared new information related to the mythical 2016 Ethereum DAO hack. As part of a larger investigation for her new book, Shin claims a long-rumored Chainalysis tool tracked down the identity of the bad actor. Related Reading | Data Shows Bitfinex Hack Woke Up Largest Ever 5yr+ Bitcoin Supply 6 years ago, […]

Reporter Laura Shin shared new information related to the mythical 2016 Ethereum DAO hack. As part of a larger investigation for her new book, Shin claims a long-rumored Chainalysis tool tracked down the identity of the bad actor.

Related Reading | Data Shows Bitfinex Hack Woke Up Largest Ever 5yr+ Bitcoin Supply

6 years ago, this hacker managed to steal 3.6 million in ETH from The DAO leading to one of the most controversial decisions in the history of this cryptocurrency; the hard fork which created the blockchain known as Ethereum, and the original network known as Ethereum Classic. The stolen funds are currently valued at over $9 billion.

According to Shin, her investigation indicates Toby Hoenisch (36) was behind the hack. The alleged suspect is an Austria-born programmer based in Singapore at the time of the Ethereum DAO hack.

Hoenisch, per the investigation, co-founded a crypto company called TenX which participated in the Initial Coin Offer (ICO) craze one year after the hack. The company managed to raise $80 million with their offer and launched a token that followed the same fate as many of the cryptocurrencies with an ICO; it failed.

In an email sent to Shin, Hoenisch denied his implication with the DAO hack and called the investigation and its conclusions “factually inaccurate”. The alleged suspect was to provide additional information that could clear the events around the hack, but as Shin wrote, “never answered my repeated follow-up messages”.

Shin added the following providing more context on the relevance of the 2016 DAO hack:

The DAO theft famously and controversially prompted Ethereum to do a hard fork—where the Ethereum network split into two as a way to restore the stolen funds—which ultimately left the DarkDAO holding not ETH, but far less valuable Ethereum Classic (ETC). The proponents of the fork had hoped ETC would die out, but it now trades around $30. That means the descendant wallets of the DarkDAO now hold more than $100 million in ETC—a high dollar.

Tracking Down The Ethereum DAO Hacker

The journalist revealed research firm Chainalysis provided her with access to a “powerful and previously secret forensics tool”. In the crypto community, there has been speculation about this tool said to be able to break the CoinJoin transaction structure of some crypto wallets, specifically Wasabi.

Created as a way to shield Bitcoin investors from firms such as Chainalysis, CoinJoin is used to mix coins and prevent their transaction history to reveal the identity of previous holders. As Shin stated, following the events of the hack and the subsequent fork, the hacker attempted to cash out the stolen funds via an exchange called ShapeShift.

This platform would let the bad actor swap their Ethereum Classic (ETC, due to the fork), for Bitcoin. In the span of two months, the hacker was able to exchange the stolen funds for 282 BTC before ShapeShift stopped future trades. Shin added:

Chainalysis saw the presumed attacker had sent 50 BTC to a Wasabi Wallet, (…). Chainalysis de-mixed the Wasabi transactions and tracked their output to four exchanges. In a final, crucial step, an employee at one of the exchanges confirmed to one of my sources that the funds were swapped for privacy coin Grin and withdrawn to a Grin node called grin.toby.ai.

Toby.ai was also part of the IP address that hosted a Bitcoin Lightning node called ln.toby.ai and lnd.ln.toby.ai which coincided with @tobyai a handle used by Hoenisch across different social media platforms.

In addition, Shin claims the email associated with the ShapeShift account trading the stolen ETH funds into bitcoin ended with @toby.ai. Hoenisch also publicly displayed considerable knowledge on the DAO itself and its hack, and even tried to warn the team behind the decentralized entity to no avail.

It remains to be seen if Hoenisch will be confirmed as the hacker, or if authorities will launch a formal investigation.

Related Reading | How The U.S. Government Seized 119K Bitcoin, Crypto Easier To Track?

As of press time, ETH trades at $2,612 with a 1.6% profit on the daily chart.

Ethereum ETH ETHUSD
ETH with small profits on the daily chart. Source: ETHUSD Tradingview