DAO hack timeline

slacknation
Jun 21, 2016 · 2 min read

time of hack
= 6/17/2016 3:34:48 UTC

ether transferred
= 3,641,694 ether (31.6%)
= USD 77,203,912 at start of hack
= USD 61,617,462 at end of hack

proposal involved
= 59

hacker’s main account
0x969837498944ae1dc0dcac2d0c65634c88729b2d

account of hacked ether
0x304a554a310c7e546dfe434669c62820b7d83490

creator of proposal 59
0xb656b2a9c3b2416437a811e07466ca712f5a5b5a
has ether funded by
0x48229752de3f97d6b5081619564acefa0375049b
here we assume that 0xb65… and 0x482… are both owned by one party

kraken’s dao wallet
0x0a869d79a7052c7f1b55a8ebabbea3420f0d1e13

poloniex’s dao wallet
0xdf21fa922215b1a56f5a6d6294e6e36c85a0acfb

1. proposal 59 created
0x5798fbc45e3b63832abc4984b0f3574a13545f415dd672cd8540cd71f735db56
6/8/2016 5:38:01 UTC

2. Christian Reitwiessner, creator of solidity, warns of possible re-entrancy attacks
https://blog.ethereum.org/2016/06/10/smart-contract-security/
6/10/2016 16:15:46 UTC
It seems that this warning was given to some developers a few days ago before released publicly
http://vessenes.com/more-ethereum-attacks-race-to-empty-is-the-real-deal/

3. first smart contract revealed publicly to be vulnerable to re-entrancy attacks
https://www.reddit.com/r/MakerDAO/comments/4niu10/critical_ether_token_wrapper_vulnerability_eth/
6/10/2016 22:34:19 UTC

4. unknown forum poster correctly identified the vulnerable function in the DAO but made the wrong conclusion that it was not exploitable
https://forum.daohub.org/t/bug-discovered-in-mkr-token-contract-also-affects-thedao-would-allow-users-to-steal-rewards-from-thedao-by-calling-recursively/4947
6/12/2016 00:00:01 UTC

5. 305,000 dao deposit to kraken from creator of proposal 59
0x0b5dfbbce4c4dad6eb92c0790fa9903cd7f27e70d9cadcd6aa30a63c0c11f7d6
6/14/2016 2:52:44 UTC

6. all remaining dao (306,914 dao) deposit to poloniex from creator of proposal 59
0xf0daeb80b0635bc78eb724660d8788c6758ffe7f5ce705c943121c43b388d7f0
6/14/2016 3:43:07 UTC

7. first dao transfer into hacker’s main account
0xc017561624884dff6916f1e4e6f450cd1ccefc0c922727eccb8ed791e224c0e2
6/14/2016 11:42:35 UTC

8. hacker vote yes for proposal 59
0xb5ff2d7a165baba4ca8d7bf8223af9dcf956ec6a4f4f85dbdd3ebea0111251ed
0x1de9b7db4d55af395518b83a49dafe0c37cb746e840ce9d4bc367cb050dbe6ac
6/15/2016 04:26:02 UTC

9. first successful hack
0x0ec3f2488a93839524add10ea229e773f6bc891b4eb4794c3337d4495263790b
6/17/2016 3:34:48 UTC

10. one of the first reddit post regarding the hack
https://www.reddit.com/r/ethereum/comments/4oi2ta/i_think_thedao_is_getting_drained_right_now/
6/17/2016 7:10:25 UTC

11. one of the first message on poloniex trollbox regarding the hack
http://www.polonibox.com/?messageId=7738533
6/17/2016 7:29:40 UTC

12. hacker stopped draining funds
0xa348da60799bff3ca804b3e49c96edebea44c5728a97f64bec3e21056d42f6e3
6/17/2016 11:00:23 UTC

13. Vitalik outlines recovery plan, mentioning a soft and hard fork
https://www.reddit.com/r/ethereum/comments/4oiqj7/critical_update_re_dao_vulnerability/
6/17/2016 11:13:41 UTC

More information:
1. Interactive charts
https://slacknation.github.io/medium/010/

Written by

Blockchain, make me rich and I care not what you can be used for.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade