The attack story

Johannes Pfeffer
Jun 18, 2016 · 2 min read

The DAO was attacked. There already are some good analyses of how it happened. Here is a chart of the command chain that includes all relevant accounts.

It also shows the shapeshift transaction the hacker used to fund his/her attack. The blue node represents the Bitcoin address used for funding (thanks


  • Rectangles are accounts (blue = bitcoin, green = normal account, orange = malicious account)
  • Rectangles with a wave at the bottom are contracts (green = normal contract, orange = malicious contract)
  • Arrows are interactions (red = most important actions).
    Sometimes they represent many transactions, e.g. the attacks from the proxy contracts were executed many thousand times.
  • For clearity I have left out any DAO token transfers between the accounts/contracts

Here is an interactive version in which all accounts and actions are linked to

If you focus your attention on the red arrows, you get a basic idea.

Proposal 59 is the one that was highjacked and the child DAO resulting from it is where the prey went. The other proposals were seemingly used to prepare subsequent attacks, for testing or they were just failed attempts.

Update: The main control account received its DAO funds necessary for the attack from 08b3b3b (here is a list of transfers). I don’t have the time to include it in the chart, currently, but I will later.

Image for post
Image for post

I would like to thank the following people who have helped me put this together and interpret it: Martin Köppelmann,

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store