New Book Claims to Have Identified the Hacker Behind a Massive $15 Billion Crypto Theft

New Book Claims to Have Identified the Hacker Behind a Massive $15 Billion Crypto Theft
Photo: Jaap Arriens/Sipa USA, Getty Images

In 2016, a massive heist shook the crypto world. Someone robbed The DAO — an early, Ethereum-based, decentralized autonomous organisation. The DAO was supposed to be a “revolutionary” entity that showed all the promise that the crypto industry had to offer, but, instead, it became an early warning about the industry’s allure for criminals after someone hacked it. That hacker, whoever they were, exploited a security vulnerability in the platform to transfer 3.64 million ETH — or 31 per cent of the DAO’s total ETH holdings — into another account. The crypto, which was worth about $US55 ($76) million back then, would today be worth over $US11 ($15) billion, making the heist easily one of the largest ever.

So, naturally, people want to know who did it. Crypto journalist Laura Shin now says she believes the culprit behind the heist may be none other than Toby Hoenisch, a 36-year-old developer and the co-founder of a now-defunct crypto platform called TenX. Hoenisch, who currently helps run a stablecoin platform called Mimo, was allegedly very interested in The DAO at the time of the hack.

Screenshot: Lucas Ropek/YouTube/BlockShowScreenshot: Lucas Ropek/YouTube/BlockShow

Shin says Hoenisch became a suspect as a result of research she did for her new book, The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze, which just dropped on Tuesday. In a recent article for Forbes, Shin lays out her case for why the young crypto entrepreneur was probably behind the heist.

According to Shin, digital traces connected to the hack seem to point in Hoenisch’s direction. To map the twisty route of the digital tokens after they were stolen, Shin says that she enlisted a “previously secret” digital forensics tool that was provided by blockchain analysis firm Chainalysis. The tool showed that the crypto was converted into Bitcoin, after which it was mixed, in an attempt to obscure the transaction history. However, using the tracking tool, investigators were able to follow the path of the stolen coins, uncovering that they ended up in accounts at four separate crypto exchanges. At one of those exchanges, the crypto was converted into the privacy coin Grin, and subsequently sent to crypto nodes with names almost identical to social accounts held by Hoenisch: those names included “ln.toby.ai,” “lnd.ln.toby.ai,” and “TenX.” By comparison, Hoenisch’s handle on a multitude of social accounts was “@tobyai,” and, of course, he was the CEO and co-founder of TenX, at the time.

In her Forbes piece, she notes how the tool was used to investigate Hoenisch’s potential connection to the hack and what it means for the crypto-space:

…my sources and I, utilising (among other things), a powerful and previously secret forensics tool from crypto tracing firm Chainalysis, came to believe we had figured out who did it. Indeed, the story of The DAO and the six-year quest to identify the hacker, shows a lot about just how far the crypto world and the technology for tracking transactions have both come since the first crypto craze. Today, blockchain technology has gone mainstream. But as new applications arise, one of the first uses of crypto — as an anonymity shield — is in retreat, thanks to both regulatory pressure and the fact that transactions on public blockchains are traceable.

According to Shin, Hoenisch was “intensely” interested in The DAO and actually reached out to its operators in 2016 to notify them about security vulnerabilities endemic to the platform.

However, Hoenisch has denied the allegations against him. When questioned by Shin, he allegedly sent her back an emailed reply that only read: “Your statement and conclusion is factually inaccurate.” We also reached out to Mimo about Hoenisch via a direct message and will update this story if we get a response.