[nneonneo]

Ah, I see: the money isn't missing, it's just gone to an unknown party (the hacker) - so we're practically watching a bank heist in progress, where the "good guys" are trying to slow down the robber's getaway vehicle (by flooding the transaction network).

I looked into this a bit more, and it seems very likely that the attackers are exploiting a recursive call - from https://live.ether.camp/account/304a554a310c7e546dfe434669c6..., I can see that most of the transactions are internal, with the API reporting monotonically increasing call-depth values. It seems like there are three recursive calls involved here: one call in the DAO, a second call to transfer money to the attacker, and a third "dummy" call which appears to transfer nothing (but presumably kicks off the next recursion into the DAO).

The scary thing, to me, is that someone else could figure out the bug right now and start exploiting it - presumably, all the relevant code is open source.

[makomk]

I'm not sure someone else could start exploiting the bug - I suspect that they need to have DAO tokens and successfully vote to split their share off into a new sub-DAO they control first, and if I recall correctly there's a minimum voting period that has to elapse for that to happen.