Not even Wasabi Wallet could hide the identity of the hacker who stole USD 11 billion

Key facts:
  • A Forbes investigation revealed who is the possible hacker who stole USD 11 billion.

  • A secret function of the Chainalysis data explorer identified alleged private transactions.

Forbes magazine published an investigation revealing that Austrian programmer Toby Hoenisch is the alleged hacker of one of the largest heists in Ethereum (ETH) history. The finding was made by reporter Laura Shin with the help of other cryptocurrency specialists and a secret tool from the Chainalysis explorer that evidences private bitcoin (BTC) transactions from Wasabi Wallet.

The report made by Laura Shin would indicate that The CoinJoin mixer used by Wasabi Wallet, the bitcoin wallet used by the hacker for the DAO heist, did little to hide his identity. This draws attention because CoinJoin is a protocol that allows mixing cryptocurrencies to improve the level of privacy and anonymity of users, protecting their identities from blockchain analysis tools.

The reporter’s investigation revealed that a secret tool from the blockchain explorer Chainalysis was able to identify the hacker’s movements in Wasabi Wallet, which puts the operation of CoinJoin in doubt, giving the possible identity of the hacker.


The theft in question was in 2016 by hacking part of the financing that the venture capital fund The DAO had obtained. The hacker took advantage of a network failure to repeatedly transfer ethers from the organization. He then he traded them to ETC, the Ethereum Classic token, and then to bitcoins, which today are equivalent to more than USD 11 billion.

Chainalysis and the tracking of mixed bitcoins

Laura Shin stated that her sources and “a secret tool” from Chainalysis traced the hacker’s transactions back to his identity. Their report notes that the attacker moved the funds to a new wallet that remained dormant until the end of October. Then he started trying to use an exchange called ShapeShift to change the money into bitcoin.

Because ShapeShift at the time did not take personally identifiable information, the hacker’s identity was not known, even though all of his blockchain movements were visible. Over the next two months, the hacker managed to obtain 282 bitcoins, which was then equal to $232,000 and is now more than $11 billion.

The researcher mentioned that ShapeShift then frequently blocked her exchange attempts because it identified the funds as being from The DAO hacker. For this reason, the user was unable to continue exchanging cryptocurrencies and left behind 3.4 million ETC. At the time, that figure represented USD 3.2 million, which would now be more than USD 100 million.

Cryptocurrency reporter Laura Shin claims to have found the alleged hacker
who stole $11 billion from The DAO. Source: Forbes /

The report goes on to state that Based on the analysis of Coinfirm, the blockchain analysis company Chainalysis, the alleged attacker had sent 50 bitcoins to a Wasabi wallet. On that, the reporter mentioned: “Using a capability that is revealed here for the first time, Chainalysis demixed Wasabi’s transactions and traced their output to four exchanges.”

This tracking is something that draws special attention because Wasabi is a Bitcoin wallet that aims to anonymize transactions through CoinJoin. Its function is to complicate the trail of said transactions. In this way, transaction inputs cannot be easily linked to their corresponding outputs.

CriptoNoticias contacted Lucas Ontario, one of the Argentine developers of Wasabi Wallet, to ask him about the case, who replied that they have no evidence of the secret Chainalysis tool that identified his bitcoin transactions.according to the investigation of the robbery of The DAO published in Forbes.

Lucas Ontario told us: “Unfortunately we don’t have much more information, nor have we been able to access any evidence from Chainalysis.” On Chainalysis’s “secret tool” mentioned in The DAO theft investigation, the developer of Wasabi Wallet rhetorically asked, “Will there be such a thing?”

The investigation published in Forbes also mentions that, in a final and crucial step, an employee of one of the exchanges confirmed to one of their sources that the funds were exchanged for the privacy coin Grin and withdrawn to a Grin node called grin. He also clarified that due to the exchange’s privacy policies, such customer information is not normally disclosed.

Anonymity in Crypto is Ending, DAO Heist Investigator Believes

In response to the alleged findings, Laura Shin said: “One of the first uses of cryptocurrencies as an anonymity shield is fading.” She estimated that this is due to regulatory pressure and the fact that transactions on public blockchains are traceable.

The reporter also stated that anonymity in cryptocurrency transactions will continue to decline as new applications emerge. He said, “The story of The DAO and the six-year quest to identify the hacker shows a lot about how far the crypto world and the technology to track transactions have come since the first crypto craze.”

Another research case that suggests identifying private Wasabi Wallet transactions is that of the alleged PlusToken Ponzi scheme. CriptoNoticias, which followed up on the case in September 2019, reported that the organization managed to erase the trail of the bitcoins that they would have stolen from their victims using wallet transaction mixers such as Wasabi.

Various privacy vulnerabilities have since been reported in the Wasabi Bitcoin wallet. Although in October 2020, his team updated it to fix a bug that affected their bitcoin mixing service. Something that is now called into question with the alleged secret Chainalysis data tracker tool revealed by Laura Shin in The DAO robbery investigation.