A $50 Million Hack Just Showed That the DAO Was All Too Human | WIRED
Sometime in the wee hours Friday, a thief made off with $50 million of virtual currency.
The victims are investors in a strange fund called the DAO, or Decentralized Autonomous Organization, who poured more than $150 million of a bitcoin-style currency called Ether into the project.
Code was supposed to eliminate the need to trust humans. But humans, it turns out, are tough to take out of the equation.
The people who created the DAO saw it as a decentralized investment fund. Instead of leaving decisions to a few partners, anyone who invested would have a say in which companies to fund. The more you contributed, the more weight your vote carried. And the distributed structure meant no one could run off with the money.
That was the plan, anyway.
The DAO is built on Ethereum, a system designed for building decentralized applications. Its creators hoped to prove you can build a more democratic financial institution, one without centralized control or human fallibility. Instead, the DAO led to a heist that raises philosophical questions about the viability of such systems. Code was supposed to eliminate the need to trust humans. But humans, it turns out, are tough to take out of the equation.
A Never-Ending ATM
DAO developers and Ethereum enthusiasts are trying to figure out how they might reverse the theft. The good news is that time is on their side. The thief transferred the stolen funds into a clone of the DAO that likely includes code that, as in the original system, delays payouts for a few weeks.
Stephan Tual, the COO of Slock.it, the company that built the DAO, says the thief probably never expected to be able to spend the ether. Each unit of ether is unique and traceable. If the hacker tries to sell any of the stolen ether in a cryptocurrency market, the system will flag it.
“It’s like stealing the Mona Lisa,” he says. “Great, congratulations, but what do you do with it? You can’t sell it, it’s too big to be sold.”
The DAO is a piece of software known as a “smart contract”–essentially an agreement that enforces itself via code rather than courts. But like all software, smart contracts do exactly what their makers program them to do—and sometimes those programs have unintended consequences.
It’s not clear yet exactly how the hack worked, says Andrew Miller, a PhD student at the University of Maryland who studies smart contracts and helped audit Ethereum’s code last year. But he says the attacker probably exploited a programming mistake that’s exceedingly common in smart contracts.
Let’s say you have $50 in the bank and you want to withdraw that from an ATM. You insert your card, punch in your PIN number and then request that $50. Before the machine spits out the cash it will check your balance. Once it spits out the cash, it will debit $50 from that balance. Then the machine asks you if you’d like to process another transaction. You tap “yes” and try to take $50 again. But the ATM sees that your balance is now $0 and refuses. It asks you again if you want to process another transaction, so this time you say “no.” Your session ends.
Now imagine that the ATM didn’t record your new balance until you ended the session. You could keep requesting $50 again and again until you finally told the machine you didn’t want to process any more transactions—or the machine ran out of money.