The DAO was attacked. There already are some good analyses of how it happened. Here is a chart of the command chain that includes all relevant accounts.
It also shows the shapeshift transaction the hacker used to fund his/her attack. The blue node represents the Bitcoin address used for funding (thanks tayvano@TheDAO.slack.com).
- Rectangles are accounts (blue = bitcoin, green = normal account, orange = malicious account)
- Rectangles with a wave at the bottom are contracts (green = normal contract, orange = malicious contract)
- Arrows are interactions (red = most important actions).
Sometimes they represent many transactions, e.g. the attacks from the proxy contracts were executed many thousand times.
- For clearity I have left out any DAO token transfers between the accounts/contracts
Here is an interactive version in which all accounts and actions are linked to ether.camp.
If you focus your attention on the red arrows, you get a basic idea.
Proposal 59 is the one that was highjacked and the child DAO resulting from it is where the prey went. The other proposals were seemingly used to prepare subsequent attacks, for testing or they were just failed attempts.
Update: The main control account received its DAO funds necessary for the attack from 08b3b3b (here is a list of transfers). I don’t have the time to include it in the chart, currently, but I will later.
I would like to thank the following people who have helped me put this together and interpret it: Martin Köppelmann, tayvano@TheDAO.slack.com