The DAO hack controversy was one of the biggest events that shook the newly-formed Ethereum community back in 2016. Here's how it happened.
Blockchain and smart contracts surely have brought many changes in our everyday lives. However, the path leading up to this point was not easy. Back in 2016, a project called "The DAO" quickly went from being one of the most successful crowdfunding to perhaps the biggest cataclysmic event in crypto history. Things were looking bright for a while until a hacker found a loophole in The DAO protocol and managed to steal no less than 60 million ETH via its faulty source code, which then raised questions among blockchain users.
While The DAO may have represented a bold new form of venture capital and could have been great for investors worldwide, the dream was not to last. Let's take a closer look at what went behind the controversy.
What is a DAO?
DAO stands for Decentralized Autonomous Organization. It was designed as a form of decentralized venture fund which is collectively owned by its members, with rules set and executed via codes. It was created on top of blockchains (often Ethereum), so their transactions are visible on the underlying blockchain protocol.
The goal is to codify an organization's rules and decision-making apparatus, thus eliminating the need for documents and people and governing as well as creating a structure with decentralized control of commercial and non-profit initiatives. Instead of getting power from owning shares in a traditional company, investors will gain control over the organization's collected assets based on how many governance tokens they own.
While a centralized venture typically has the traditional hierarchical organizational structure, a DAO has no CEO to command and run the business. Instead, it relies on smart contracts to get the job done. Owning governance tokens will allow the user to propose and vote on new rules, which will be executed automatically via a smart contract method call.
See Also: Top Bitcoin Scams You Should Watch For
To put it simply, here's how DAO actually works:
- A group of people writes smart contracts or programs that will run the organization.
- There will be a funding period in which people add funds to the DAO by purchasing tokens that represent ownership to give it the resources it needs.
- When the funding period is over, the DAO begins to operate.
- In the next period, token owners can make proposals to the DAO on how to spend the money, and other members can vote to either approve or reject these proposals.
Keep in mind that these tokens are not the same as equity shares. They are more like contributions that grant people the right to vote instead of ownership. Most of the time, a DAO is not owned by anyone as it is just the software that runs the business on the Ethereum network.
The Beginning of DAO Project
The infamous DAO project that we're specifically referring to is called "The DAO", which was created by a German startup company called Slock.it. The DAO was launched on 30 April 2016, with a 28-day funding period. As the first truly decentralized, autonomous, and community-run fund ever, the project quickly gained recognition and became a hot topic of discussion.
During the initial offering, the only requirement for being an investor in The DAO was to invest Ether into the system. In return, participants were given DAO tokens ($TheDAO); 100 tokens in exchange for 1 Ether. It then provided the buyers with voting rights to projects they would fund. Since launch day, The DAO got highly popular and has raised over 12.7 million Ether from over 11,000 members by the end of the funding period, equal to more than 150 million USD back then. This is quite a staggering success for a brand new project in the blockchain environment.
However, it didn't take long until some critical drawbacks suddenly came to light. Apparently, The DAO raised far more money than its creators anticipated. The project was highly over-hyped, and many people were just following the trend, hoping that the value will rise in the upcoming years. In reality, the project was not that flawless to begin with.
Even during the crowd sale period, many people had already expressed concerns, saying that the code was vulnerable to attacks. Bear in mind that such a project was still new, untested, and written in Solidity – Ethereum's main language code that was only a few months old. Once the funding period was over, there was a lot of discussion regarding the vulnerabilities of The DAO. On 16 June 2006, those concerns were officially confirmed because The DAO got hacked.
See Also: How to Mine Ethereum in 3 Different Ways
The DAO Hack
While programmers were still trying to solve minor issues and maturing the system, an unknown attacker started hacking The DAO and draining the collected Ether. Essentially, The DAO had a special ability called the split function, allowing members to submit a proposal and take their Ether into a new DAO.
This new DAO is called the "Child DAO" and had the exact same structure as The DAO itself. The purpose was to protect the minority and allow them to retrieve their funds when a proposal they don't want to be a part of gets approved despite their objection. Unfortunately, a hacker found a loophole in the system and managed to drain more than 3.6 million Ether into the Child DAO on 18 June 2016.
Basically, what happened was that the hacker performed an attack called the "reentrancy exploit" where they send a large number of ETH above the allocation that they were actually entitled to and then subsequently "asked" The DAO smart contract to give it back. The hacker repeated this question over and over again via a recursive call, causing the blockchain to double-spent multiple times before getting to the step where the code would check the balance.
Soon after, the Ethereum community noticed the abnormal transfer of Ether from The DAO. But before they even got the chance to do anything, someone who claimed himself as the attacker published an open letter addressed to the Ethereum community. The attacker basically admitted that he didn't do anything wrong, saying that the code controlled everything on The DAO and what he did was allowed by the code. Hence, he claimed that his actions were legitimate.
See Also: What are AML and KYC in Cryptocurrency?
Solving the Issue
In the wake of the hack and the letter, the Ethereum community debated on how to respond to the problem. After all, The DAO's failure would not only mean financial loss for participants but also harm the entire Ethereum network in general. This is because The DAO had approximately 15% of all Ether in total. The blockchain, which was only one year old at that time, must face a considerable existential threat.
Based on the distinct rule implemented in the smart contract, all transferred funds from The DAO have to be put in a holding account first, where it has to wait for about 28-days before being released. The measure was made in case certain deals went south and has to be revoked. That being said, the Ethereum community had 28-days to decide what to do next before the hacker could initiate a proposal to move the funds.
There were several options proposed by different groups of people as a response to The DAO hack. On one hand, people proposed that they shouldn't do anything and just leave the state as it is. Those who supported this idea strongly believe in the philosophical foundations of the Ethereum blockchain. They believed that the code was the law, so everything the code allowed was legitimate. Meanwhile, the rest of the community believed that they shouldn't just let stuff like this happen, so something had to be done.
The first option was to exercise a soft fork on the Ethereum blockchain in order to blacklist the attacker and prevent them from using the stolen funds. This action would require the help of miners to destroy the Child DAO along with the stolen Ethers in it by creating a rule that says any transaction that reduces the fund in the Child DAO is invalid.
Those who supported the soft fork option said that it would have effectively "locked" the stolen funds and make sure that it is unable to be used for any purpose. On 22 June, the voting started, and most of the participants agreed on the soft fork implementation, so the soft fork was scheduled to be activated on 30 June. However, a software bug was later discovered within the process, so the decision was never fully executed.
That brought them down to the next option, which was to exercise a hard fork on the Ethereum blockchain. The goal was to overwrite the history and restore the stolen Ethers. It would simply remove the funds in The DAO to another safe haven where the funds would be secured. In other words, this would reverse all transactions that happened after the starting point of the work.
The supporters basically argued that no one should be able to gain profits after plundering funds in blockchain and returning the lost funds would solve the issue as well as stabilize the price of Ether in the first instance. According to them, the hack was too big to let go, and the community should unite to find a solution to the matter.
While this suggestion seemed quite logical on the surface, it has sparked a huge debate in the community because it will go against the nature of blockchain in general. Specifically, those who were in the first group strongly opposed the idea of the hard fork, stating that the data on the blockchain was immutable and should be kept that way. If they were going to change it, then it would harm the Ethereum blockchain in the long term.
To resolve the issue, the final decision was finally put to a vote not long after. Most of the Ethereum community ended up voting in favor of the hard fork, so on 20 July 2016, the Ethereum hard fork was implemented and the blockchain was split into two chains: Ethereum Classic (the original blockchain) and Ethereum (the forked blockchain).
The DAO is perhaps the first big-scale application of Ethereum-based smart contracts which has brought significant implications to the blockchain development itself. We can even say that the event marked the beginning of a new era of Ethereum's public blockchain as a whole. However, it is undeniable that The DAO execution was quite controversial and problematic. The heist triggered a general suspicion against blockchain technology on its own and heated the debate on the requirement of regulations.
While at first glance it's easy to view this project as a failure, it is worth noting that the controversy managed to highlight the real risks of using unsafe or untested smart contracts as well as the challenges a successful DAO organization must face. Even though The DAO's governance may have failed on its first try, other DAOs are able to learn from it and make significant progress.
When it comes to market cap, Ethereum always comes in second to Bitcoin. But there are other altcoins to look for if you'd like to try investing in prospective cryptocurrencies. You can learn all about them in 10 Best Cryptocurrencies to Trade Other than Bitcoin.