How many The DAO recursive call vulnerability attacks have occurred to date?

Question

The first identified The DAO recursive call vulnerability attack occurred on 17 June 2016, with the accounts identified in Which accounts are involved in mounting the recursive call vulnerability attacks on The DAO?.

How many other The DAO attacks have occurred to date?

Answer 1

Summary

As of 22/06/2016 AEST, 5+ attacks are identified below:

• # 1 The major 17 June 2016 attack #1 that pictured in ether.camp/dao-thief (info from user iamtrillion in the post DAOhub.org - [Workgroup] DAO White Hat Team).

• #2 0xae8ad906948ef5ad5e95eed52990ff89312887d7 where you can see the recursive call transfers in 0x0f6994bd16df20f0d0992a607ab78e8be1a05cb07b411437fed2fec83be1bc9c, has netted 160.09485354 Ether ($1,807.47) in 0xfe24cdd8648121a43a7c86d289be4dd2951ed49f, and commenced at 6/19/2016 12:17:37 PM. This first attack was identified in reddit/r/ethereum - DAO is under attack again where 22 ETH was hacked at the time of writing. Proposal #74 used.

• #3 0x1eb9bd9c2236649b15ee8be1961b40397a64a166 where you can see the recursive call transfers in 0xfa19dcc4af83627730f63ca92281a87d00e3c5d9f06b173d55e2ce5a47283440, has netted 2.123311222 Ether ($23.84) in 0xf14c14075d6c4ed84b86798af0956deef67365b5 and commenced at 6/19/2016 10:20:35 PM. Proposal #81 used.

• #4 0xf68d23ee23703a99d8374a71a92ec0678354498e where you can see the recursive call transfers in 0x27a52fd947e623d3393ca59f3e99c654938d387657bf7c12a04f736c27f45648, with a current balance of 269.80994743 Ether ($3,145.98) in 0xfe24cdd8648121a43a7c86d289be4dd2951ed49f and commenced at 6/21/2016 8:28:16 AM (same account as in attack #2). Lots of failed transaction, balance not necessarily all created by the recursive call vulnerability. Another test attack? These are spaced out over longer periods of time.

• #5 0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf is another test or small attack. These are spaced out over longer periods of time. And there is some accumulation happening in 0x4613f3bca5c44ea06337a9e439fbc6d42e501d0a, 11605 ETH currently.

• Phew. Finally. White hat attack and Update on the White Hat attack. 0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334 where you can see the recursive call transfers in 0x60c58610f70682454d88483e289b7a374b274e546d4f28e76900b9520b40880d and destination account 0xb136707642a4ea12fb4bae820f03d2562ebff487 with balance 7,277,336.423038517 Ether ($96,934,121.15) that commenced in block 1745899 at 6/21/2016 5:44:27 PM. A small number of the Transfer events follow:

  1,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  2,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  3,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  4,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  5,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  6,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  7,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  8,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  9,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  10,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  11,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  12,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  13,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  14,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  15,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  16,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  17,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  18,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  19,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  20,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  21,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  22,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  23,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  24,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  25,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  26,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  27,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  28,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  29,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  30,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  31,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  32,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746785,10000
  33,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746808,5000
  34,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746825,5000
  35,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746830,2500
  36,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746830,2500
  

Update 11:54 22/06/2016 AEST

A new attack is in progress. Confirmed white hat - https://mobile.twitter.com/LefterisJP/status/745419842954530816. Balance now 0.14 ETH so no more attacks on the main account. All split proposals now cannot split.

1,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747775,1605973
2,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747775,1605973
3,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747775,1605973
4,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747775,1605973
5,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747775,1605973
...
231,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747838,1605973

About 266 kETH has been drained. 0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b with destination account 0x84ef4b2357079cd7a7c69fd7a37cd0609a679106 with current balance 266,897.915541427 Ether ($3,755,253.67). Transfers can be seen in 0x6f8c0d2751e7e18325e1a113019a9ae5372f306d5424722f79d2123a0eb7d598.

Update 22:03 22/06/2016

Details on the amounts drained are available in How many ethers have been drained through the recursive call attacks on The DAO?.

Update 27/06/2016

Here's an alternative analysis of the attacking accounts by https://medium.com/@oaeee by looking at the recursion depth, with data taken from http://pastebin.com/BZGNeXyR. There is a slight difference to the balances in How many ethers have been drained through the recursive call attacks on The DAO?:

Analysis by https://medium.com/@oaeee

DAO Wars: The Clone Wars

This table shows DAO clones that resulted from attacks and their prey:
Depth refers to the recursion depth reached during the attack.
The tx field shows the number of ether transfers to the child dao

child_dao                                       depth     tx               prey
-------------------------------------------------------------------------------------
b136707642a4ea12fb4bae820f03d2562ebff487        91        642              7561423 <-- Whitehat DAO 1
304a554a310c7e546dfe434669c62820b7d83490        85        14460            3731498 <-- The Dark DAO
84ef4b2357079cd7a7c69fd7a37cd0609a679106        91        1167              386602 <-- Whitehat DAO 2
f4c64518ea10f995918a454158c6b61407ea345c        94        679               325263
4613f3bca5c44ea06337a9e439fbc6d42e501d0a        97        42                 22603
aeeb8ff27288bdabc0fa5ebb731b6f409507516c        91        17                  6028
fe24cdd8648121a43a7c86d289be4dd2951ed49f        91        36                   285

This list shows accounts that successfully attacked the dao:
c0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89 <-- orignial hack (proxy 1)
f835a0247b0063c04ef22006ebe57c5f11977cc4 <-- original hack (proxy 2)
4f0daa112142ffc4ba1b9f3b76bcd238a094d65b <-- white hat hack 2
2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334 <-- white hat hack 1
2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf
e306aac52823ba1d3938608381a2444d9d641cc1
34a5451ef61a567ee088dcf5f324bfbc4bcf426f
ae8ad906948ef5ad5e95eed52990ff89312887d7
f68d23ee23703a99d8374a71a92ec0678354498e

Fun fact: The heist has cost the attacker approximately 8.7 ether in gas.

---

Details

Copy the following script into getTheDAOTransferEvents:

#!/bin/sh

# First search from 1428757 (The DAO creation) to 1736131
# First Transfer event in block 1599207

FIRSTBLOCK=${1:-1599207}
LASTBLOCK=${2:-"'latest'"}

echo "Searching for The DAO Transfer events to address 0x0000000000000000000000000000000000000000 between blocks $FIRSTBLOCK and $LASTBLOCK"


geth attach << EOF | egrep -e ",0x"

var theDAOABI = [{"anonymous":false,"inputs":[{"indexed":true,"name":"_from","type":"address"},{"indexed":true,"name":"_to","type":"address"},{"indexed":false,"name":"_amount","type":"uint256"}],"name":"Transfer","type":"event"}];

var theDAOAddress = "0xBB9bc244D798123fDe783fCc1C72d3Bb8C189413";

var theDAO = web3.eth.contract(theDAOABI).at(theDAOAddress);

var theDAOTransferEvent = theDAO.Transfer({}, {fromBlock: $FIRSTBLOCK, toBlock: $LASTBLOCK});

console.log("No,From,Block,DAOs");
var i = 0;
theDAOTransferEvent.watch(function(error, result){
  var args = result.args;
  if (args._to == "0x0000000000000000000000000000000000000000") {
    i++;
    var daos = args._amount / 1e16;
    console.log(i + "," + args._from + "," + result.blockNumber + "," + daos);
  }
});
theDAOTransferEvent.stopWatching();

EOF

Set the executable bit of the file using chmod 700 getTheDAOTransferEvents.

The script without any parameters will search for the Transfer events between blocks 1599207 (the first Transfer event appears in this block) and the latest block. This will take some time. You can specify one parameter that will be used as the first block to search. Or you can specify two parameters for the first and last block to search.

This script will only search for Transfer events where the _to: address is 0x0000000000000000000000000000000000000000 as this is a characteristic of the recursive call vulnerability hack transfers. The many Transfer events from the same address will be located in the same block number.

First run geth console in a terminal window.

Then run the script in a separate terminal window to extract all Transfer events of interest using

./getTheDAOTransferEvents > output.txt

Let's exclude the addresses of the 17 June attack - 0xf835a0247b0063c04ef22006ebe57c5f11977cc4 and 0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89:

egrep -v "0xf835a024|0xc0ee9db1" output.txt 
Searching for The DAO Transfer events to address 0x0000000000000000000000000000000000000000 between blocks 1599207 and 'latest'
1,0x13680fa2a60fd551894199f009cca20fb63a3e31,1642728,1.0000000000000409
2,0xa72ded5c1122312d9f4ed66bf4a396139eadaf56,1648837,99999.99
3,0x56bcc40e5e76c658fad956ee32e4250bf97468a1,1648853,100000
4,0xf8f9fc62a19c87c657a06febd184f068c0fc9cae,1652799,50000
5,0x1502447aadf5979e7a842709cd6c4f60afb0a281,1653975,6086.72863124
6,0xb0ea1855228793d06e22dd6164fe6e8ea60a9145,1657485,125000
7,0x3d5507b53d1613d8491a606ecf5c9268301095dd,1657567,79.851818
8,0x042d2f9c0356d54e2f91ecfc30eac6711d40d8c4,1657649,10
9,0x13680fa2a60fd551894199f009cca20fb63a3e31,1659011,3457499.18
10,0xf398c9b8107dccc697546969fb2d5956762b60fb,1659144,1686495.654
11,0xe7535ddfcbefe5c318d271476d068d5f7cf77290,1661021,1000
12,0x6c0d74c64b4ed871837651c4ab3cdce425c1ec6c,1663755,9999.851818000001
13,0x95a61f934d66580dd410a7369f9c5b8e228d2ff3,1663977,1000
14,0xb18e6467db64686dfed14c7368ca59e5019c95c8,1664014,36737.990714019994
15,0x598c72e3fe70e76d2e2f47f529f22634330ffcf3,1665558,4
16,0xb42da5b3701a0592e5aa0aebc0c20711bd49fb46,1666381,10705
17,0xcf69ab35bb6a87a68ce83571a174eef4f998baa7,1667056,960964.209
18,0xcf69ab35bb6a87a68ce83571a174eef4f998baa7,1667381,21326.5709481
19,0xcf69ab35bb6a87a68ce83571a174eef4f998baa7,1667694,155758.42108477
20,0xfdf97eaa34a883647fac329926b1747e9ef601c6,1668800,5000
21,0x7ead5155cef3c97a938967902ab4f9a5c0fc1930,1668807,4999
22,0x50211bb45d81714938e047707c25cdfcd3f5d2f4,1668818,16686.37588422
23,0xa7c605a1aacb641d873c82f9b2715e87339dfd48,1670146,4117.329243
24,0xf4c0eef475ab35625ac223394f9c410ccb577747,1670795,212183.45006283
25,0x98dac39fdcc5c9a8dfc6f63898b62704806851b4,1674370,7676.17428491
26,0xcf69ab35bb6a87a68ce83571a174eef4f998baa7,1676663,85848.11449128
27,0x2b15c5211bda6a867c582080536f6c61766aa5af,1679412,10000
28,0x5a422fb07fc9270f5b310fc61f85b8e779cb29a2,1684882,25000
29,0xcf69ab35bb6a87a68ce83571a174eef4f998baa7,1690158,90000
30,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1690199,307399.18075137
31,0x374139a05ac55917badd3f934f1b93f5c8623ded,1691232,17500
32,0xe82d5b10ad98d34df448b07a5a62c1affbef758f,1693763,98900
33,0xaf2ac7f7115e96eed2d7a992c6d9558275da55d4,1697247,400
34,0x8b78537055e83b79a68ef00d8ed78d3c09480067,1697276,100
35,0x67d6a8aa1bf8d6eaf7384e993dfdf10f0af68a61,1698403,19806.551818
36,0x231d94155dbcfe2a93a319b6171f63b20bd2b6fa,1699065,381995.051818
37,0x5992624c54cdec60a5ae938033af8be0c50cbb0a,1699098,362167.651818
38,0x2dd2951b955a805f9e1e5204c2f420df6a74995d,1699123,1e-16
39,0x883a78aeabaa50d8ddd8570bcd34265f14b19363,1699141,387994.951818
40,0xf8c3879ee8dde81f074abca79b2270eab9942ec1,1701591,2
41,0x0f935781046701897c9e0d9876fb5c82d89d53be,1701640,100
42,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1703092,311546.00029172003
43,0x5accb9f69bb0c04465d6701bdce4d8bd0198d0f6,1704529,500
44,0xd68ba7734753e2ee54103116323aba2d94c78dc5,1704540,285000.07800000004
45,0x4a719061f5285495b37b9d7ef8a51b07d6e6acac,1704686,146979.831818
46,0x065f074f1e93a215a9a05b2c92059ca44a4827eb,1707213,0.99
47,0x42b8a09e46e6e367ed0135d3cd7fbdce777e0873,1709070,1527.604
48,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1710310,167069.04039553
49,0x547389052a8dc86365c46641b5184956ec22749d,1713216,1095687.54708443
50,0xf6175d230b6fc1398c3cd5fd3054366cd1e193cb,1713223,1973982.13583881
51,0x208e4a03118380b4f63cf056ecbfe0a241a41b46,1713572,500
52,0x65c407ffea9fcff194fe9d3335d2b78416226056,1714399,10
53,0x9a9d6a470fc8034085ee8e509623e2f742da6625,1715645,100000
54,0x46664c1e2ddd896a3e0c2b3d502842f261b9e62f,1718201,1.41384222
5815,0x4b595e2328b73a7f4e4cb65b506a74d836bbd7f9,1719077,118000.00000001
12138,0x4b595e2328b73a7f4e4cb65b506a74d836bbd7f9,1719710,33647.948106920005
12429,0xc914fe094086017d0596869f8fb31621f93bde14,1719742,9000.00000001
12662,0x4b595e2328b73a7f4e4cb65b506a74d836bbd7f9,1719778,9999.99
12895,0x4853143d0f5524df67a0a5bdd2fb63c76c7693f6,1719809,1000
13302,0xb45614546c57d8fd106091095e06de0f10a86035,1719946,199500
13738,0x53cec6c88092f756efe56f7db11228a2db45b122,1720084,238999.99000000002
13855,0xc914fe094086017d0596869f8fb31621f93bde14,1720133,10.238061
13914,0x7b0aed10c3b86738f96cbd4fb0933085e0e1ddca,1720156,40465
13944,0x38b16b208a94ee3516d2d3977ebddcc027fb70ca,1720158,40000
14119,0x653a92d29da111e0912b4c01ed453c2e2de73170,1720223,2500099.8369998
14120,0x5b5d8c8eed6c85ac215661de026676823faa0a0c,1720223,200000
14179,0x1502447aadf5979e7a842709cd6c4f60afb0a281,1720256,1
14180,0x835ad98ab8af27814f6563b3117d6b0ab897f83b,1720256,149900
14181,0x96dade6c87e483acb081e9f669b4fc029a440e8b,1720319,99700
14182,0x4e0494181464ce213089eb86b8195ed135eb4d48,1720648,136306.34604707002
14183,0xa4084616dac89e5fd7b81c30e73deb7bcbcc8716,1720726,100000
14184,0x3065a8444787f076bff10e5df3ec66606e3c8b68,1720794,10
14185,0xf3b7a623e833331db177484ec75e1ca522d8d780,1720850,15000
14186,0x5accb9f69bb0c04465d6701bdce4d8bd0198d0f6,1720941,84339.01838214
14187,0xc111bfcb7f36dbbbd07222a44d2c151ce6e8a2cc,1720983,44417.816687743805
14188,0x7892e574caddbb5e9491de9f26c1f2747f442eee,1721041,10000
14189,0x0d70592f27ec3d8996b4317150b3ed8c0cd57e38,1721044,108445.261
14190,0xe3d788da2861b258b2d3f61ed8d8a699bda06ed6,1721046,4000
14191,0xabe6d3b3b88277e5d9d58318be0d66896d806d92,1721050,200000
14192,0x9999d6102715ac273c8d89bb7c219571f80a80c1,1721075,662.87305153
14193,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1722391,900
14194,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1722428,132570.44771255
14195,0xc914fe094086017d0596869f8fb31621f93bde14,1722488,5000
14196,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1722565,36500
14197,0x556b2b8d4c0da3433544756c237503ccf51b2df4,1722667,4983.2928
14198,0xf8f9fc62a19c87c657a06febd184f068c0fc9cae,1723074,16086.67311529
14199,0x547389052a8dc86365c46641b5184956ec22749d,1723509,3.3158869
14200,0x547389052a8dc86365c46641b5184956ec22749d,1723627,3.40679797
14201,0x7b0aed10c3b86738f96cbd4fb0933085e0e1ddca,1724036,11516.00337837
14202,0xf71571246613349c0d5e9aedc88c8366cc20d08b,1724345,55936.990000000005
14203,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1724434,61492.09406702001
14204,0x65c407ffea9fcff194fe9d3335d2b78416226056,1724566,10
14205,0x65c407ffea9fcff194fe9d3335d2b78416226056,1724636,30
14206,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1725553,64736.291076919995
14207,0xf8f9fc62a19c87c657a06febd184f068c0fc9cae,1725674,14400.005001489999
14208,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1726584,13898.51109647
14209,0x65c407ffea9fcff194fe9d3335d2b78416226056,1726699,12560
14210,0x65c407ffea9fcff194fe9d3335d2b78416226056,1726771,113000
14211,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1727021,1999.99
14212,0xde013d0fb1b41ea3c86bb335487c52acc8484bf2,1727467,102500
14213,0xb97da70585d77f3a54fc213efd0adb6f07158bd8,1727501,2e-16
14214,0xf5200578ee1147886b55cfdc3e7798557dfaa1b4,1727512,102500
14215,0x534206b24e54e1edd4940cf465e5b66db0ad73b6,1727528,120095.13098016
14216,0xb97da70585d77f3a54fc213efd0adb6f07158bd8,1727529,2e-16
14217,0x26bdce6e4ea9afd060049993ed11f153eb1e322f,1727535,102500
14218,0x286635c294b61bf10f416bbb7b579a0035379d33,1727540,410000
14219,0x5553b4f0e2ce499930b79c3b48bd6c13a0571c34,1727548,150000
14220,0xf8f9fc62a19c87c657a06febd184f068c0fc9cae,1727693,8177.390000010001
14221,0x7b0aed10c3b86738f96cbd4fb0933085e0e1ddca,1727918,16567.13716853
14222,0xaf496a1083a3a7c7edb831f2e9a31eb065f5a228,1728600,4
14223,0x7d799e7f1ed991a8cc7be2e24c4abf8775317538,1728724,115.665
14224,0xda2384f1a7d80ca65469576228d268a5cacbfbe7,1728771,210.56135662
14225,0x56bcc40e5e76c658fad956ee32e4250bf97468a1,1729108,9.84281477
14226,0x68bbe7b8ea5c6435c427e1423d2b35da29eb148a,1730795,24900
14227,0x10ed2372778da1b9d96782c894b752d8a647deb8,1730874,151.735
14228,0xf8f9fc62a19c87c657a06febd184f068c0fc9cae,1731788,2795.79
14229,0xab9acc3c451e43e18dd61ab11048c07b74c99eee,1732408,123
14230,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732448,124
14231,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732448,124
14232,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732448,124
14233,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732448,124
14234,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732448,124
14235,0x374139a05ac55917badd3f934f1b93f5c8623ded,1732460,3000.61667718
14236,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14237,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14238,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14239,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14240,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14241,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14242,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14243,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14244,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14245,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14246,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14247,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14248,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14249,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14250,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14251,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14252,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14253,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14254,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14255,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14256,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14257,0x7727b2afc5a6816452a455e65a6a7dd01d03af4b,1732829,101.904674
14258,0x36786c2ef40834810a6513f48a7ff497cda5f3af,1732902,406.474050294275
14259,0x56bcc40e5e76c658fad956ee32e4250bf97468a1,1733443,3000
14260,0xb3f27731bfe38848694930b3a4db9a973df1560a,1733709,4000
14261,0xf68d23ee23703a99d8374a71a92ec0678354498e,1733738,8000
14262,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735080,81.21739093
14263,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735080,81.21739093
14264,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735080,81.21739093
14265,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735235,60
14266,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735485,1
14267,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735485,1
14268,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735485,1
14269,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735506,1
14270,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735506,1
14271,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735506,1
14272,0xb3f27731bfe38848694930b3a4db9a973df1560a,1737170,8000

From the listing above, the candidates are:

• 0xae8ad906948ef5ad5e95eed52990ff89312887d7 where you can see the recursive call transfers in 0x0f6994bd16df20f0d0992a607ab78e8be1a05cb07b411437fed2fec83be1bc9c and has netted 160.09485354 Ether ($1,807.47) in 0xfe24cdd8648121a43a7c86d289be4dd2951ed49f. This first attack was identified in reddit/r/ethereum - DAO is under attack again where 22 ETH was hacked at the time of writing.
• 0x1eb9bd9c2236649b15ee8be1961b40397a64a166 where you can see the recursive call transfers in 0xfa19dcc4af83627730f63ca92281a87d00e3c5d9f06b173d55e2ce5a47283440 and has netted 2.123311222 Ether ($23.84) in 0xf14c14075d6c4ed84b86798af0956deef67365b5.

Update 21/06/2016

A few more The DAO Transfer events that look suspicious, spaced apart over a few hours, either to test or to avoid detection:

1,0xf68d23ee23703a99d8374a71a92ec0678354498e,1743641,0.002
2,0xf68d23ee23703a99d8374a71a92ec0678354498e,1743641,0.002
3,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745366,5000
4,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745366,5000
5,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745402,1000
6,0xf68d23ee23703a99d8374a71a92ec0678354498e,1745408,1
7,0xf68d23ee23703a99d8374a71a92ec0678354498e,1745408,1
8,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745431,5500
9,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745434,5500
10,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745491,5500
11,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745517,6300
12,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745533,18800
13,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745559,18800
15,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745576,18800
15,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745602,18800

Split Proposal Id

To find which split proposal was used to mount the attack, browse the account and search for the input data for the first non-internal transaction after the contract creation. For example, take account 0xae8ad906948ef5ad5e95eed52990ff89312887d7. The second last transaction on the page in block 1732364 with txid 0x8445ab0d5738a1ddb06b461b733280ed7df1ce8ff34495e165d4905029eca8b8 has the following input data:

0x43902c87
000000000000000000000000bb9bc244d798123fde783fcc1c72d3bb8c189413
000000000000000000000000000000000000000000000000000000000000004a
0000000000000000000000001bc31e2e4f1bcc0a7dd9d849dfc57e66e59896ab
0000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000011355d6e217c0000

The 0...004a in the third line is the proposal id in hex format - proposal #74.

Accounts

0xbb9bc244d798123fde783fcc1c72d3bb8c189413 in the second line is The DAO account. 0x1bc31e2e4f1bcc0a7dd9d849dfc57e66e59896ab in the fourth line seems to be the splitDAO() created account that holds the ethers for 27 days.

The 17 June 2016 Attack Transfer Events

Here are a small part of the 14,112 17 June 2016 attack Transfer events (I just chose a small subset between blocks 1718497 and 1718504):

user@Kumquat:~$ ./getTheDAOTransferEvents 1718497 1718504
Searching for The DAO Transfer events to address 0x0000000000000000000000000000000000000000 between blocks 1718497 and 1718504
1,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
2,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
3,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
4,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
5,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
6,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
7,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
8,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
9,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
...
44,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718504,25805.6141471
45,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718504,25805.6141471
46,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718504,25805.6141471
47,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718504,25805.6141471