Following the development of The DAO hack that happened on the 17th of May, leaving the crypto community baffled as 3,641,694 ETH were drained from the DAO through a recursive call exploit, members of the Ethereum Foundation and the Slock.it team, have been working to find a way to return the stolen funds to The DAO token holders. A Soft-fork and a Hard-fork have been proposed, and the soft-fork is already being voted on by the mining community. This soft-fork, however, will not return the funds in the Hacker’s childDAO or “DarkDAO” to the DAO token holders it will simply freeze the Ether stolen from the Decentralized Autonomous Organization for longer than the 27 days’ standard to the DAO’s creation period, this sof-fork will affect any DAO 1.0. Many see the Hard-fork as an extremely difficult decision to make, as returning the stolen Ether to the original owners is the best possible outcome, a hard-fork could theoretically set a precedent for future forks that would favor of a group/individual, thus risking the decentralized nature of the Ethereum Project.
A third option has been presented in a blog post created by one of the Slock.it team members, Lefteris Karapetsas. This proposal is not intended to get the Ether stolen from The DAO back to the original token holders and is to be executed in case the soft-fork is not implemented. So, if this option will not refund the token holders what is the purpose? This counter-attack would ensure the attacker would not be able to withdraw the Ether stolen from the original Decentralized Autonomous Organization, leaving the attacker empty handed. This measure would also allow the people involved more time to come up with a follow-up strategy, or to apply the Hard-fork (if voted for by the majority of miners).
In this Blog post Lefteris describes the steps to be performed in order to to exectute a simple but very clever counter-attack that can be performed by The DAO:
The DAO Curators would need to approve the attacker’s DAO address (0x304a554a310c7e546dfe434669c62820b7d83490) as they would a contractor, this is done to allow the creation of a new proposal by The DAO in which it would fund the Dark DAO with ether and create new Dark DAO tokens, sending them to a wallet that could then perform the same recursive call attack on the Dark DAO. This attack, can then be performed again by the hacker and then by The DAO and so on, thus making it a preventive measure and not a conclusive one.
The recursive call bug can still be used to drain The DAO, leaving the Organization vulnerable to further attacks and since the code cannot be updated to fix this bug The DAO is considered a failed experiment that never saw its first trial, but there is still a chance to revert the funds stolen from The DAO without a need for a hard-fork, implementing the counter-attack described above and a soft-fork 2.0 that could prevent the Dark or Child DAO from performing the same move against the original DAO during the counter-attack, thus breaking the chain of recursive call attacks and returning the initial investment back to the token holders. Although this is a soft-fork, it will be very hard to perform and it will take some time to do so, until then Coincheck will keep you updated.
– António Madeira