In 2016 a spectacular series of hacks siphoned millions of dollars worth of the cryptocurrency ether from a virtual venture capital fund called the DAO. In a new book, Bloomberg News reporter Matthew Leising tells the story of the DAO hack and the growth of Ethereum—the Bitcoin-like blockchain technology that works with the ether token. The search for the name of anyone potentially associated with the hacks was twisty and mind-bending—so we’ve adapted this excerpt with footnotes to guide your way.
It was a beautiful day in Zurich, and I couldn’t tell if my hand shook from the coffee I’d had or if I was scared. The man across the table from me wore glasses and a plaid scarf. He was maybe in his late 50s and had lost some hair. I thought I was talking to a thief.
Not many people know there wasn’t only one attack on the DAO.
The Friday attack that stole $55 million is famous, but a second attack four days later on Tuesday, June 21, nabbed more than 269,000 ether, worth about $3.5 million at the time, making it the second-largest DAO theft.
I believe that the two attacks were carried out by separate people, with the Tuesday attack being a copycat.
In response to the DAO hack, the Ethereum community debated how to deal with the aftermath.
One approach, known as a soft fork, was to blacklist the addresses known to be involved with the attack
so the ether could never move, nullifying its value. As public support for a soft fork grew, the second attacker grew angry.
The hacker sent an encrypted message by way of a blockchain transaction on June 27, 2016. The soft fork “is a waste of time for everyone,” it said. Usually I would never know what this message said, because it’s encrypted and I don’t hold the private key needed to decrypt it. Someone who did have the private key shared a copy of the unencrypted message with me.
Following a trail created by the second attack initially led me to Zurich to question the Swiss man. But as sometimes happens in journalism, I would soon learn that a source had gotten it wrong. I’d reached the first dead end: The Swiss man had nothing to do with the DAO.
What I still had, however, was the address that launched the attack and sent the encrypted message. Ethereum addresses represent wallets where users hold their ether tokens. The address was 0x15DEF77337168d707E47E68aB9f7F6c17126b56. We’ll call it 0x15def for short.
I realized I should see how 0x15def began—how it had received the initial funds.
You could see that on the blockchain.
The 0x15def address had received its initial funding from address 0x35f5, which had sent it two ether on June 20, 2016. In looking at 0x35f5, I could see that it had been funded about half an hour before by 0x4fae.
It’s possible different people had sent ether to 0x35f5 or 0x15def—it didn’t have to be the same person. I thought my theory that the accounts were linked was solid because the initiating transactions provided a through line. Then there was the date and times of their creations. I thought it unlikely that there were other people sending ether to 0x15def or 0x35f5, as they were funded only 33 minutes and 3 seconds apart.
I had to link address 0x4fae to a person to get anywhere, and the source I had got it wrong about the Swiss man. But three years later, this source had access to more detailed blockchain transactions. This time a new name came back: Tomoaki Sato.
When I met Sato in Tokyo in January 2020, he wore a black overcoat buttoned to the top. Over the course of the more than an hour that we spent together, he never once loosened his coat; the button stayed fastened. Quiet to begin with, he got quieter when I started to ask him about the DAO attack.
Born in Tokyo in 1993, Sato had attended one of the city’s best high schools but dropped out of university. He created Smart Contract Japan in 2015, a startup to help Japanese coders working on Ethereum. He wrote code and hired engineers to help with blockchain projects as demand rose. In 2016 he started a venture called Starbase. He wanted to help startups that were funding themselves by selling a cryptocurrency. So far, Starbase had helped about five or six companies do an initial coin offering
, Sato said. But I wasn’t meeting with him to talk about Starbase.
After some small talk, I told Sato I wanted to ask him some questions about the DAO attack. I explained I had a trail of transactions that started at a cryptocurrency exchange called Poloniex and then moved to another called ShapeShift, which allows users to change one cryptocurrency into another with no way to track user identity. ShapeShift records showed two incoming Bitcoin transactions: The first had changed Bitcoin into ether, and the second had changed Bitcoin into tokens used specifically for the DAO. I showed him how the ShapeShift outputs had landed in the same Ethereum address: 0x4fae.
I said I’d been told by someone familiar with the matter that the account at Poloniex—the starting point—belonged to Sato.
He said he didn’t remember any of the Ethereum addresses I showed him. That seemed fair. It had been years, and who can remember alphanumeric gobbledygook like blockchain addresses? I showed him the encrypted message and asked if he wrote it.
“No,” he said and laughed. “I don’t think I sent this kind of message.”
We went back and forth on this for a bit. I was stalling. I didn’t know how this was going to go, of course, but I hadn’t quite prepared for a flat denial. After a few minutes, I remembered the theory that the original DAO attack on Friday was the work of a group of people. I asked him if he had anyone else who worked with him who could have done this. He said he was using his Poloniex account to invest other people’s money on the exchange.
“I supported some other person at the time, because this other person cannot manage a local account,” he said. He gave the person access to the Poloniex account, because it wasn’t Sato’s money. Imagine having a Charles Schwab account but not having instant access to your money. No one would ever do that, and it could be the same case here.
I asked whether it was possible that the person he’d shared his Poloniex account with could have sent the message. “Yeah, that’s possible,” he said. He hadn’t spoken to this person in years, he said, and he didn’t want to tell me who the person was. “I don’t want to communicate with them.”
“Did you have any idea they could have been doing this?” I asked. The 17-second pause before he answered—I’ve listened to it many times on my recording—is very interesting and the longest time that he took during our conversation to choose his words.
“Maybe, maybe. Yeah,” he said. “Some of the persons know engineers.”
During our interview he asked twice about what the authorities thought of the DAO attack, if it was still something someone could get in trouble for.
I said I didn’t think so, it was too far in the past.
Then it got even more confusing. I reiterated that I was just trying to understand whether there were other people who had access to his Poloniex account. He said no, not access, because he had a Google two-factor authentication set up on the account and he didn’t share that security measure with anyone.
“I want to make sure I’m clear on this,” I said. “Did your Poloniex account—where you could send Bitcoin, ether, DAO tokens—were you the only one who had control over that account? Or could other people log on to that account and do things on their own but under your account?”
“I think sometimes they can, yeah, because sometimes I had other people’s money.” We were back to the brokerage idea and the Charles Schwab analogy.
“So then, it’s possible,” I said, “that this was done by somebody in your account that wasn’t you?”
“Yeah, that’s possible,” Sato said. “They want to keep their funds safe, but they don’t know how to keep them safe,” he said. “So I kept them safe instead of them. One way is the Poloniex account.”
Were the people who had access to his Poloniex account really good at Ethereum?
“The person’s friend is good at it,” he said, “but not the person himself.”
So, this friend could have done the attack?
“Yeah,” he said. Then he added, “Actually this attack is not so very difficult.”
I’m not accusing Sato of being an ether thief. I can’t make that claim: I don’t have any direct evidence for it, just a link from a source I’m not naming and Sato’s own words when we spoke.
Sato’s story is plausible. If someone else had the ability to withdraw Bitcoin from his Poloniex account, as he claimed, once that Bitcoin was sent to ShapeShift it was gone. Only the person who had sent it to ShapeShift had control of it now. If Sato hadn’t sent it, he would have no idea how that Bitcoin was being used.
But it felt like a dog-ate-my-homework excuse, too. If he wouldn’t tell me whom he was brokering cryptocurrency transactions for, I had hit a dead end.
Once back in the U.S. from Tokyo, I sent Sato a series of emails asking him to back up the story he’d told me. I hoped he could send me proof that someone else had access to his Poloniex account. He could take screenshots of his account log-on history that would show the IP address for anyone who’d logged on. He could also have shown me his withdrawal activity at the time when the Bitcoin allegedly moved from the Poloniex account to ShapeShift. If there was no withdrawal, that would exonerate him.
Eventually, Sato wrote back to say he checked and discovered he’d closed his Poloniex account in 2018, so he couldn’t provide screenshots from 2016. As for ShapeShift, he said the exchange didn’t keep records of customers’ transactions in 2016. I’d also reiterated in my follow-up email what I planned to report in my book, giving him a last chance to say if anything I was reporting was inaccurate. He didn’t reply.
Excerpted from Out of the Ether: The Amazing Story of Ethereum and the $55 Million Heist That Almost Destroyed It All, by Matthew Leising, to be published by Wiley on Sept. 29