A few hours after my meeting with the Swiss man I was back in the room in the apartment I was renting in Zürich. It was a modern building in a quiet part of the city and had a good view of the street three stories below. It was raining that evening.
I remember the pause in the conversation while the man read the encrypted message. I'd stopped taking notes, but my digital recorder was on.
He said he'd never seen the message before. When I asked him if the address the message was sent from belonged to him, he said he couldn't remember all the things they were doing back then. Fair enough: it had been over three years. And yet he didn't strongly deny that he had something to do with the message and the theft. I was accusing him of stealing a rather large amount of ether and at first he mostly seemed reticent. Like he didn't want to say something wrong.
He began to warm up a bit when he said I really should be looking into some of the people in the Robin Hood Group. They knew more than anyone about the DAO and the attack. This was a suspicion I'd heard from many people, that the DAO was an inside job. It had to be, right? Look how complicated it was. Surely the guys at slock.it or their associates planted the bug. It was on line 666, for Pete's sake: that can't be a coincidence.
I'd always rejected this theory and had never come across any evidence to make me think it was true. But he was talking a bit more now, so I listened.
“I actually feel humbled that you give me so much credit,” he said. He thanked me for thinking he could pull off such a sophisticated attack. He asked to see all the information I had gathered, and I said I'd email it to him. Then, he left.
I didn't know what I'd learned, to be honest. It seemed like a weak denial at best. As I stared out the window of my room on the Zürich street below, I noticed a man standing outside of the Italian restaurant across the street. He looked like the man I'd interviewed earlier that day. I went to the living room, which led to an outdoor terrace, and looked from that vantage. It could be him, I thought. He had a common Swiss build for an older man. Stout is the term, I believe. And he wasn't going into the restaurant but standing under its awning to get out of the rain, just looking across the street.
I'd been warned that there were some unsavory characters linked to the DAO attack. One of my sources told me that there were a few people who held enormous sums of DAO tokens, but said it would be dangerous to name them. Their money came from scary and shady places, I was told.
I went back to my room and turned off the light. Hoping to see better in the dark, I still couldn't tell if the man across the street was the same man that I'd accused of being the ether thief. I had to go and see for myself.
Once at street level, I could see from across the way that it wasn't him. I crossed the street and walked right past the person, just to be absolutely sure, and because I was hungry and wanted to get dinner.
I'd been wrong about the man, just as I was wrong about the person I'd interviewed earlier that day at the Bloomberg bureau. In the coming weeks I learned that he wasn't actually associated with the Ethereum address that had sent the encrypted message. While this happens from time to time in journalism, it's still devastating. My source had gotten it wrong, and only after looking at a fuller transaction history in 2019 did my source see how the mistake had been made. There were many more links between accounts as ether or other crypto was moved around both before and during the DAO attack. What had looked simple in 2016 was now significantly more complicated. The capability of blockchain forensics was significantly less advanced in 2016, and so I had questioned an innocent man.
But just because I'd been wrong didn't mean I stopped looking. With better data comes better clues, and the original ether thief, the one who stole $55 million, and the copycats, were still unknown.