Who Made DAO? The Inside Story of $50 Million Ethereum’s Infamous Hacker Attack
Introduction
In the world of cryptocurrency and blockchain technology, few events have captured the public imagination like the rise and fall of The DAO. Short for Decentralized Autonomous Organization, The DAO was envisioned as a revolutionary experiment in decentralized governance and venture capital. It quickly became one of the largest crowdfunding projects in history, amassing over $150 million in investor funds. However, it all came crashing down when The DAO was hacked, leading to heated debates about immutability, hard forks, and the philosophy underpinning blockchain-based systems.
To truly understand The DAO, we have to go back to its origins and the people who conceived it. This story spans blockchain idealism, coding oversight, regulator uncertainty, and thorny questions about human bias in supposedly impartial systems. While The DAO ended in catastrophe, it offers important lessons about the promises and limitations of decentralization. This article will examine who made The DAO, how it worked, the hack that exploited it, and the contentious hard fork that followed.
Who Made The DAO?
The DAO was created by the German startup Slock.it, led by co-founders Simon Jentzsch and Christoph Jentzsch. Slock.it specialized in building blockchain-based solutions for the sharing economy, such as smart locks and autonomous vehicles.
The Jentzsch brothers were proponents of Decentralized Autonomous Organizations, or DAOs – blockchain-based entities that could automate governance and decision-making through open source code rather than traditional corporate structures. A DAO would be collectively owned and controlled by stakeholders through transparent rules encoded on the blockchain.
To demonstrate the potential of DAOs, Slock.it developed The DAO concept throughout 2015 and 2016, releasing a whitepaper in early 2016 authored by Simon Jentzsch. The goal was to create a decentralized venture capital fund, where investors could pool funds and vote on projects to support. This would hypothetically avoid problems with opaque decision-making and misaligned incentives seen in traditional VC firms.
Though Slock.it spearheaded development, The DAO was intended to be independent from its creators after launch. Its governance was not controlled by any centralized entity, but rather by the DAO’s own code and Ethereum smart contracts. In theory, this meant it would be decentralized and democratized. However, as we’ll see, the execution did not quite live up to the lofty ideals.
How The DAO Worked
The DAO’s structure and mechanisms for investor voting were complex, as they had to be codified in smart contracts on the Ethereum blockchain. Here’s a simplified overview of how it functioned:
- DAO tokens were sold in an initial crowdsale or “Creation Period” to raise funds.
- These funds could then be used to invest in Ethereum-based projects selected by DAO token holders.
- To invest in a project, token holders had to vote on proposals.
- If a proposal received sufficient votes, The DAO would release funds to the project automatically via its code.
- Profits from investments would provide returns to DAO token holders.
To participate in The DAO, users had to purchase DAO tokens with Ether cryptocurrency. Each token entitled holders to voting rights, ownership of DAO funds, and potential investment returns.
The initial token sale raised over $150 million worth of Ether in May 2016 – a record-breaking figure at the time. This demonstrated tremendous enthusiasm for The DAO concept among the Ethereum community. It also substantially increased the value of Ether, which benefitted the Ethereum Foundation.
After the sale, DAO token holders could submit funding proposals through a smart contract oracle. If a proposal received a 20% minimum threshold of votes, it would be added to a slate to be voted on.
Proposals required a majority vote to get funded, at which point the required Ether would be transferred automatically to the requestor. Token holders who did not support the proposal could redeem their tokens and exit The DAO.
This governance model aimed to decentralize power and ensure democracy through transparent voting. However, skeptics argued that allowing token holders to vote on investments created plutocracy, not democracy, as large investors had disproportional control. We’ll return to the implications of this later.
The Hack Heard ‘Round the World
In June 2016, just weeks after its launch, The DAO was infamously hacked, with 3.6 million Ether siphoned away by the attacker. This was around $50 million at the time, making it one of the largest heists in history.
The hacker exploited a “recursive call” vulnerability in The DAO’s underlying code to repeatedly request funds from The DAO in a loop. This diverted Ether into a “child DAO” that the attacker controlled.
The flaw was first identified by Peter Vessenes, founder of the Bitcoin Foundation, who published it to various Ethereum community forums. But the loophole was not addressed quickly enough to prevent the hack, as altering The DAO required majority votes.
The stolen funds became immobilized in the child DAO as the Ethereum community grappled with response options. The attacker identified themselves in an open letter as a “white hat hacker” who had done it for “the greater good” to expose issues. However, their intentions remained dubious, as they could still possibly withdraw funds later.
This raised thorny questions. Should Ethereum intervene to revert transactions, violating its core ethos of “code is law”? Or should it uphold immutability, even if it allowed the hacker to profit from a coding mistake?
To Fork or Not to Fork? The Aftermath
The Ethereum community fiercely debated whether to hard fork to undo the hack. A hard fork would roll back Ethereum’s transaction record and return the funds through a protocol update. This would alter Ethereum’s supposedly unalterable ledger.
Proponents argued that since The DAO was an independent entity, Ethereum itself was not hacked. Also, since investors didn’t expect security risks, restoring funds protected consumer rights. Furthermore, if Ethereum did nothing, it may implicitly endorse the hacker’s actions.
However, critics asserted that reversing transactions violated Ethereum’s core immutability premise. A blockchain ledger should never be changed retroactively, even to right a wrong. This would undermine trust in smart contracts and Ethereum as a system.
After extensive debate, Ethereum conducted a hard fork in July 2016, reversing The DAO transactions. This returned investments to token holders. However, it also set the precedent that Ethereum’s ledger was fallible to intervention.
The hard fork was activated through a controversial change to the Ethereum mining protocol. Miners unwilling to update could continue on the original unforked blockchain, but this would be incompatible with the official updated version. This led to a divisive split in the community between “Ethereum” (forked) and “Ethereum Classic” (unforked).
Key Lessons and Takeaways
While The DAO ended messily, it offers important insights that continue to shape blockchain governance and security:
- Smart contract code is not immune to bugs and errors. Serious “code is law” philosophy may lead to unjust outcomes. There should be flexibility to remedy clear coding mistakes.
- Rushed software can have disastrous consequences, despite good intentions. The DAO creators were overzealous and did not properly vet vulnerabilities.
- DAOs have democratic potential but also plutocratic risks. Token voting privileges the wealthiest, not the wisest. Careful design is needed to prevent “mob rule”.
- Hard forks should be used sparingly. Ethereum’s credibility depended on minimizing ledger alterations. The DAO fork did serious reputational damage.
- Regulation may be needed to protect consumers from risky and over-hyped investments like The DAO. Standards could prevent a “Wild West” atmosphere.
The DAO will remain one of blockchain’s most infamous episodes. But like any folly, we can study it closely to prevent history from repeating. Its legacy calls on us to keep striving to fulfill the promise of decentralized governance, while avoiding its pitfalls.
Frequently Asked Questions
Here are some common questions about The DAO hack:
Who was responsible for The DAO hack?
The hacker’s identity remains unknown. However, the “white hat hacker” label they claimed for themselves is dubious, since their intentions were likely selfish.
How was The DAO hack accomplished?
The hacker exploited a “recursive call” vulnerability in The DAO’s code to repeatedly request Ether funds be paid out to a child account they controlled.
Why couldn’t The DAO developers fix the code before the hack?
Altering The DAO required majority stakeholder votes. By the time the flaw was discovered, it was too late to organize an update in time.
Did the hacker get to keep the stolen Ether from The DAO?
No. After extensive debate, Ethereum conducted a hard fork that reversed the hacker’s transactions and returned the funds to investors.
How much Ether was stolen in The DAO hack?
Approximately 3.6 million Ether was drained, worth around $50 million at the time. This constituted about a third of The DAO’s total funds.
What was the main controversy around reversing The DAO hack?
Many argued that violating the blockchain’s transaction record undermined trust in Ethereum’s immutability and neutrality as a technology.
Conclusion
The DAO represented a landmark experiment in decentralized governance that ultimately failed dramatically. Its collapse showed that while blockchains have enormous potential to reshape organizations, they also carry great risks. Technical oversights can lead to large-scale disasters, and human biases can creep into supposedly impartial systems.
However, each failure is also an opportunity to learn. While The DAO could not deliver on its lofty vision, it pushed Ethereum and blockchain technology forward by revealing weak spots that needed reinforcement. The lessons around governance, security, regulation, and design that emerged from The DAO continue to guide development of blockchain.
Its legacy remains mixed. Many see it as a cautionary tale about blockchain’s limitations, while others consider it a pioneering first step on the path towards decentralized organizations. Regardless of how one interprets it, The DAO will remain one of the most formative episodes in blockchain history. By examining it closely, we can better fulfill the technology’s potential while avoiding past mistakes.