PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Hacker Takes $50 Million Worth of Ether, A Rival to Bitcoin

The funds were immediately frozen, but the vulnerability raises concerns over the security of cyber currencies.

Tom Brant
 & Tom Brant Managing Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Exploiting a programming vulnerability, a hacker this week appears to have stolen more than $50 million worth of Ether, a cyber currency that is an alternative to Bitcoin.

The vulnerability lies within the software of a private fund, or "decentralized autonomous organization" (DAO), made up of a pool of investors whose money is stored in a blockchain, the foundation of digital currencies.

This particular DAO was worth about $150 million, according to the New York Times, and the hacker moved the Ether he stole into a separate DAO. But the Etherum Foundation, which manages the Ether currency, froze the DAO, meaning the hacker can't touch the funds for several weeks.

The potential theft raised panic within the cyber currency community, despite Etherum's assurances that its underlying currency platform was not affected by the hack.

"This is one of the nightmare scenarios everyone was worried about: someone exploited a weakness in the code of the D.A.O. to empty out a large sum," Cornell computer science professor Emin Gun Sirer told the Times.

DAO's rely on so-called "smart contracts" to cut out the middleman in digital transactions. Using sensors, code, and predetermined deal workflows, they track every unit of digital currency—including Bitcoins and Ethers. They can trace how often the currency is traded and raise alerts if they detect suspicious activity.

The hacker, though, was apparently able to fool one or more smart contracts by exploiting a recursive calling vulnerability, which allowed him or her to steal Ether many times in a single transaction.

Although it affects a relatively obscure cyber currency, the potential financial impact of the vulnerability highlights the risks that companies face as they evaluate smart contracts to replace everything from financial transactions to digital rights management.

About Our Expert

Tom Brant

Tom Brant

Managing Editor

I’m a managing editor at PCMag.com focused on PC hardware. Reading this during the day? Then you've caught me testing gear and editing reviews of Wi-Fi routers, printers, laptops, and tons of other personal tech. (Reading this at night? Then I’m probably dreaming about all those cool products.) I’ve covered the consumer tech world as an editor, reporter, and analyst since 2015.

I've covered most major consumer tech events, including CES, Computex, Google I/O, and IFA. I've also appeared on CBS News, in USA Today, and at many other outlets to offer analysis on breaking technology news.

Before I joined the tech-journalism ranks, I wrote on topics as diverse as Borneo's rainforests, Middle Eastern airlines, and Big Data's role in presidential elections. A graduate of Middlebury College, I also have a master's degree in journalism and French Studies from New York University.

The Technology I Use

While most people buy a phone or laptop and stick with it for years, I’m lucky enough to use devices based on Android, iOS, macOS, and Windows daily as part of my job. As a result, I cycle through lots of tech in addition to my IT-issue work laptop. (Yes, that's a ThinkPad.) Personally, I’ve also owned a lot of tech products both cutting-edge and cringeworthy, from the Nintendo GameCube and the original MacBook to the Palm m105 and the CueCat.

Read the latest from Tom Brant

Read full bio