Person Who Stole 3.6m ETH Possibly Identified

For years, the crypto community has wondered who was behind the infamous 2016 hack of Ethereum’s decentralized fund known as ‘TheDAO’. In 2016, the 3.6 million ETH stolen was worth just over $45 million. Now, that would be worth $11 billion.

This hack resulted in a hard fork of Ethereum, resulting in the Ethereum Classic (ETC) token being created. 

Six years have gone by and the identity of the hacker has never been found. That was until former Senior Editor of Forbes, Laura Shin, released an article, book, and podcast revealing who she and her sources believe to be behind the attack.

Shin points to Toby Hoenisch as the man responsible for the mess. After growing up in Austria, he co-founded TenX — which raised $80 million in an initial coin offering. The project aimed to create a crypto debit card… but they failed.

Hoenisch has denied the accusation saying: “[Shin’s] statement and conclusion is factually inaccurate.” Despite this, he failed to co-operate with the writer when she asked for evidence that would prove his innocence.

How was he found?

Shin was writing her book ‘The Cryptopians‘, after four years of writing, she was about to publish her final copy when one of her sources approached with a new lead. 

The source was involved in an investigation looking into TheDAO and wanted to prove their innocence. They got their hands on a report and passed it over to Shin. The report detailed the string of wallets involved in the hack. Laura used this information to figure out how the hacker was trying to cash out.

As you would expect, the hacker was trying to withdraw the money by using an exchange that didn’t take customer details — otherwise known as KYC (Know-Your-Customer). This meant that Shin couldn’t just approach the exchange asking what name was on the account, obscuring the path slightly.

The hacker was attempting to swap the stolen ETH for Bitcoin before cashing out. However, this trend ended three months after the coins were stolen.

Shin then approached the blockchain surveillance firm Chainalysis to follow the path further. 

It was found that the Ethereum was swapped for Bitcoin then entered into a Wasabi Wallet. This wallet is a mixer, meaning it sends the coins from one wallet to another then another, combining it with other coins, thus obscuring the path. Just like a magician with a ball under a cup.

It was previously thought to be an impossible trail to follow. However, using a previously undisclosed mixer cracking forensics tool, Chainalysis managed to find four exchanges the money was transferred to. 

A source at one of these exchanges then revealed that the Bitcoin was swapped for a privacy token by the name of GRiN. Which was then withdrawn to a GRiN node.

Shockingly, for a privacy coin, the node the money was sent to had a readable URL of ‘’. Toby AI is an online alias that Toby Hoenisch likes to use — such as on Twitter.

After looking up the IP address the node was hosted on, it was revealed that other nodes were being hosted at the same address. One of them being a Bitcoin Lighting node named TenX, the same name as the company that Toby Hoenisch founded.

How confident can we be that this is the man behind one of the biggest hacks in cryptocurrency history? 

Laura Shin says: “that is my opinion based on the research. The evidence is extremely good. The people who were working with me on this do a lot of investigations and they said the evidence is never this good. They also felt extremely, extremely confident.”