The DAO: What Was the DAO Hack? | Gemini
Remember The DAO? This contentious event early in the history of blockchain shook the Ethereum community to its core.
The DAO was a decentralized autonomous organization (DAO) that was launched in 2016 on the Ethereum blockchain. After raising $150 million USD worth of ether (ETH) through a token sale, The DAO was hacked due to vulnerabilities in its code base. The Ethereum blockchain was eventually hard forked to restore the stolen funds, but not all parties agreed with this decision, which resulted in the network splitting into two distinct blockchains: Ethereum and Ethereum Classic.
Origins of The DAO
Launched in 2016, The DAO was an early decentralized autonomous organization (DAO) intended to act as an investor-directed venture capital firm. Lauded as a revolutionary project, The DAO raised $150 million USD worth of ether (ETH) and was one of the earliest crowdfunding efforts and high-profile projects built on the Ethereum blockchain — which at the time was only one year old. Less than three months after its launch, The DAO was hacked and $60 million of ether was stolen. The Ethereum blockchain, on which The DAO was built, was later controversially forked to restore the stolen funds, which were returned to investors.
What Is a DAO?
A decentralized autonomous organization is a blockchain-based cooperative that is collectively owned by its members, with rules set and executed through code. DAOs replace centralized management structures with a techno-democratic approach wherein decisions are voted upon by investor-stakeholders. DAOs are built on top of blockchains (often Ethereum) and their transactions are visible on the underlying blockchain protocol. While The DAO was an early iteration of DAO governance, decentralized autonomous models remain highly influential in blockchain-related use, particularly amongst decentralized finance (DeFi) platforms.
After Ethereum protocol engineer Christoph Jentzsch released open source code for a collectivized, ETH-based investment organization, The DAO launched on April 30, 2016, with a token sale that distributed DAO tokens in exchange for ETH. These DAO tokens were designed to facilitate voting on the allocation of The DAO’s collectivized funds to entities, businesses, and technologies seeking investment. After approving funding proposals, stakeholders were meant to be in position to profit from their investments by reaping dividends or benefiting from a token price increased by representation in ownership of successful companies.
The DAO Hack
The token sale was set to last 28 days, during which the tokens were “locked up,” and after which the DAO would begin to operate. By three weeks into the token sale, The DAO had raised more than $150 million from more than 11,000 investors, making it one of the largest crowdfunding campaigns in history at the time. However, even before the token sale had concluded, several onlookers expressed concerns about vulnerabilities in The DAO’s code. More specifically, computer scientists were concerned that a bug in The DAO’s wallet smart contracts would allow them to be drained. While programmers attempted to fix the bug, an attacker exploited the vulnerability and began siphoning funds from The DAO.
In the meantime, the Ethereum community debated how to respond to the attack. The DAO’s failure would not only mean financial loss for investors, but it also bore dire repercussions for the nascent Ethereum network. The DAO had become such a heavily invested project that its contracts contained approximately 14% of all ether (ETH) in circulation at the time. At only one year old, the promising Ethereum technology and community was faced with a genuine existential threat.
The Response to The DAO Hack
Initially, Ethereum founder Vitalik Buterin proposed a soft fork of the Ethereum network, adding a snippet of code that would effectively blacklist the attacker and prevent them from moving the stolen funds. However, shortly thereafter, the attacker — or someone posing as the attacker; it has not been verified — published an open letter to the Ethereum community claiming that the funds had been obtained in a “legal” way in accordance with the rules set out in the smart contract. The attacker also said they would take legal action against anyone who attempted to seize the ether.
Shortly after, tensions were heightened yet again when the alleged attacker (or someone posing as them) claimed through an intermediary on The DAO Slack channel that they would attempt to thwart any soft fork by bribing Ethereum miners not to comply. The bribe comprised a collective reward of one million ether and 100 bitcoin, and it split the Ethereum network in two. The situation not only presented technical challenges, but questioned the moral and philosophical underpinnings of the technology — and the resilience of the Ethereum project’s leadership.
Before the Ethereum community could proceed with the soft fork, a bug was discovered in the update’s code, making it vulnerable to attack. A second solution — a hard fork — was proposed and eventually executed after much debate. The hard fork effectively rolled back the Ethereum network’s history to before The DAO attack and reallocated The DAO’s ether to a different smart contract so that investors could withdraw their funds. This was extremely controversial — after all, blockchains are supposed to be immutable and censorship-resistant.
It was initially unclear as to whether the fork would be executed. Though it was proposed by Ethereum developers, they did not have the unilateral power to implement the change. Miners, exchanges, and node operators also had to agree to update their software. After more heated debate in public forums, on July 20, 2016, at block 192,000, the Ethereum hard fork was implemented.
The DAO Hack Remedy Forks Ethereum
While the vast majority of stakeholders adopted the change and the fork was implemented, not everyone was on board. As a result, the hard fork resulted in two competing — and now separate — Ethereum blockchains. Those who refused to accept the hard fork that rolled back the blockchain’s history supported the pre-forked version — now known as Ethereum Classic (ETC). The blockchain presently known as Ethereum is the blockchain that implemented the hard fork and altered the blockchain’s history — and the history of blockchain as a whole.
Though the funds stolen from The DAO were restored to its investors, the attacker did not lose out entirely. The pilfered tokens still remained in their possession on the Ethereum Classic chain and were worth around $8.5 million in ETC in the months following the attack.
The DAO hack and subsequent Ethereum hard fork shook the Ethereum community to its core and highlighted major questions about the emerging technology. In retrospect, it’s clear that the decisions made by Vitalik Buterin, Etheruem developers, and the global community ensured the survival of the blockchain in its earliest days. Since The DAO hack, Ethereum has gone on to become an essential pillar of blockchain, cryptocurrency, and decentralized finance.