Why the DAO robber could very well return the ETH on July 14th

An awful lot of misinformation is being circulated regarding recent events. The first one is that a hacker ‘stole’ 50-ish million dollars from the DAO and ran with it. Another fallacy is that the community must be divided into two camps: the selfish pro-fork demanding their DAO ether back, and the idealist anti-fork who somehow hang onto some Willam Gibsonesque cypherpunk purity.

While I’m sure these divisive yet artificial arguments make fantastic, clickbaity headlines, the reality is — as usual — considerably more complex. In fact, the attacker might very well just return the funds: there would be no fork required AND most of The DAO’s ETH would be recovered. You read that right.

Mandatory Technical Mumbo Jumbo

The attacker opportunistically jumped on a child DAO that was splitting at the time, with a creation phase ending on the 14th of July. On that date, the attacker would have to bail out into to a grandchild DAO (by splitting yet again), and then and only then submit a proposal to send themselves all of the ill-gotten ETH (a process which would take an extra 14 days).

As if things were not complicated enough, there were copycats attacks initiated onto splits that were instantiated much earlier. Long story short, the last date for a clean hard fork for 100% of the ETH to be recovered is the 16th of July.

Not all copy cats attack DAOs were of the same magnitude, limiting the developer incentive to rush a hard fork just to recover a few thousand ETH. If it were a matter of only stopping the ‘main’ attacker, then the 21st of July would be a sufficient deadline for the hard fork.

Why the attacker might return the ETH

“Returning the ETH! But why would the evil attacker do such a thing?” Well, for starters, if the attacker had been financially motivated the attacker probably already made their money through shorting ETH on various exchanges. So that ship has sailed.

But returning the ETH pre-fork continues to make financial sense for the attacker: they could have purchased many DAO tokens at a discount when the price crashed. Returning the funds guarantees that tokens go back very near to their 100:1 valuation while the hardfork, on the other hand, is not necessarily guaranteed as it requires complex software development, consensus amongst developers, and the approval of the community to take effect.

Finally, the attacker probably always expected a soft fork to take place (keep in mind that it’s only after the attack that soft fork vulnerabilities to DDoS were discovered), or did not care about the ETH in their own child DAO. This is illustrated in the attacker’s behavior during the attack, in particular by the fact that a) they didn’t split with the child DAO giving them the earliest ‘exit’ date and b) they didn’t siphon the whole of the DAO.

In my opinion, holding on to the stolen funds was never really the attacker’s end game. A fleeting, exciting possibility perhaps, but not the end game.

Bastille Day

The attacker could return the ETH, but only from the 14th July onwards — and not a day before. How would that work? Well, since the Curator of the DAO the attacker jumped on is known and cooperative, it is possible to whitelist a refund contract, or even just re-whitelist The DAO curator multisig, from which the ETH could be redistributed.

On the upside, if the attacker returned the ETH, it would likely prevent a hard fork of Ethereum. I think even the pro-fork camp would agree this would be a good thing as, after all, ‘pro-forkers’ are probably only pro fork because they were led to believe that only a fork could right a wrong and allow for the stolen ETH to be recovered.

On the downside, it would do nothing to recuperate the copy cats attack DAOs and would result in the recovery of only 99% of the ETH.

Conclusion

There’s no guarantee of anything. The attacker might have been financially motivated, in which case the damage is done, or it could have been an experiment or a publicity stunt gone too far, in which case well, the damage is done, too.

The attacker might consider that returning the funds could lessen the heat they certainly are getting from whitehats bounty hunters and law enforcement. Or the attacker might on the contrary believe that any communication exposes them to further scrutiny. The attacker could be one person, or several, all with different goals and values, some financially motivated, some not.

In any case, July the 14th — Bastille Day — is known for its fireworks. This year certainly won’t disappoint.