A History of ‘The DAO’ Hack
Crypto Basics

A History of ‘The DAO’ Hack

Good hacker, bad hacker, worse hacker, worst hacker.

A History of ‘The DAO’ Hack

Table of Contents

What Is a DAO?

A decentralized autonomous organization (DAO) is basically a decentralized venture fund. 
Rather than the control that owning shares gives an investor in a traditional company, in a DAO, you have control over the organization's collected assets based on how many governance tokens you own. 

But a DAO differs from traditional financial funds in more ways than just tokens vs. shares.

A centralized venture fund will usually have the traditional hierarchical organizational structure that we all know: one person at the top as CEO in charge of making executive decisions, a CTO, a COO, a UFO (kidding). 

A regular company structure vs. a DAO's structure

In a DAO, owning governance tokens gives you the ability to propose and vote on new rules, which are then executed automatically via a smart contract method call — there is no CEO passing executives orders down the line, DAO’s rely just on smart contracts to get the job done.

Most crypto projects are headed in the direction of lacing this type of governance utility into their tokenomics — just like stock represents ownership over a 2.0 company, tokens represent ownership over a 3.0 DAO. More on DAO technicals here.

Join us in showcasing the cryptocurrency revolution, one newsletter at a time. Subscribe now to get daily news and market updates right to your inbox, along with our millions of other subscribers (that’s right, millions love us!) — what are you waiting for?

The Decentralized Autonomous Organization Is Born


The concept of a DAO was first ideated in 2015 by a team called Slock.it. In order to raise funds for various Web 3.0 projects and startups, the team built a crowdfunding smart contract  —  but they took it one step further by programming in actual voting rights and ownership. 
Now, people investing ETH in Slock.it would receive a token representative of not just their initial investment for traditional dividends, trading and appreciation/depreciation, but that token amount equal in proportional ownership of the fund’s total Ether. 
DAOs represented a revolutionary piece of fintech powered by Ethereum — remember, there was no way to decentralize your organization in a manner that was globally accessible, non-hierarchical and inter-operable pre-Ethereum.

‘The DAO’ Hack Part 1: Setup


Launched in July 2015, Ethereum was then an infant technology and the community was barely starting to gain a hold in terms of building out functional utility infrastructure  —  ETH was really only “numbah go up” technology until teams like Slock.it started to innovate and tinker with the the “P” (programmability) component of ETH. 
Launched just under a year later in May 2016, “The DAO” was an extremely hot topic. It was, after all, the first truly decentralized, autonomous and community-run fund ever! People were rightfully excited… and ready to invest.
TheDAO ($TheDAO) token sale/ICO was meant to last an unassuming four weeks. It was simple: deposit some Ether to TheDAO smart contract and get some $TheDAO tokens in return @ 1 ETH = 100 TheDAO. 
As the days of the sale passed by, heads started to turn; something was happening that no one expected. The crowdsale was attracting investment figures in the tens of millions, way past expectations  —  more and more Ether kept flooding in. The flow of investment continued till by the end of the four week initial coin offering, a staggering 12 million Ether ($150 million based on ETH value in June 2016 and a staggering $33.3 billion based on today’s valuation) was deposited in the TheDAO smart contract.

It’s important to note that the TheDAO smart contract was the first of its kind, grievously untested and written in Solidity, Ethereum’s main method of writing code, a language only a few months old.

The setup takes the cake as to the most obviously naive part of everything that went down. The project was extremely over-hyped and investor FOMO was at an all-time high. 

To clarify, similar to a traditional company, investors were putting money into TheDao with the hope that their TheDAO tokens would appreciate in value. 

As a token holder in a DAO (if you own any reputable ERC-20 token, you are most certainly part of a DAO with active governance proposals), you can then draft any type of proposal to which the rest of the DAO’s community will vote on. 

An investment proposal could be as simple as: “Proposal to loan 100 ETH from the DAO’s treasury to [insert promising new startup here], to be paid back 110 ETH in 6 months...”  A governance proposal could look something like: “Proposal to create incentives, such as a farm, to encourage users to become liquidity providers on Uniswap…” A cool one a contemporary DAO recently executed was to buy a pricey NFT then flip it and distribute profits/re-invest into the treasury. 

DAO tokens represent direct ownership — thus it is the case that amassing large amounts of a DAO’s token supply gives a holder greater influence over decisions by increasing their proportional vote share. The value of a DAO’s token is not just derived from its community’s investment prowess, but by how valuable governance decisions become to large and small holders.

Again, it’s key to remember that there was simply no way to set up this type of globally-accessible decentralized venture fund before Ethereum came around, so the investor hype for $TheDAO did seem appropriate. The problem was that Ethereum and Solidity — the two foundational blocks of TheDAO — were just too early in technological maturity. 

On various chat boards, many programmers around the world had raised concerns about code vulnerabilities in the TheDAO smart contract and how they could potentially be exploited so as to drain the funds collected  —  these warnings were not heeded quickly enough.

‘The DAO’ Hack Part 2: The Exploit

Imagine you walk up to an ATM and withdraw $200. You get $200, yet you notice your balance didn’t change… you go ahead and withdraw another $200… no change in the balance! 

You keep withdrawing in figures higher and higher until your cash in hand is greater than your total balance  —  and then you keep going! Only once you remove your card does your balance finally care to reflect what just happened: -$120,000, or $0 in the ideal case — yet you only had a total initial balance of $2,000. 



All you know is that you now have $100,000 cash-in-hand because the ATM kept withdrawing from your original balance without updating each of those withdrawals. Every time you selected “Withdraw $200,” the ATM checked that your balance was enough  —  saw your original $2,000  balance —  and withdrew from it… but then never updated it to $1,800! You just kept the ATM in a loop of withdrawing from the initial $2,000 indefinitely.

This is exactly what happened in “The DAO'' hack. A similar vulnerability in TheDAO’s smart contract code allowed a malicious he/she/they to drain funds above the allocation they were actually entitled to. This type of attack is called a reentrancy exploit  —  like in the ATM example above, the malicious hacker kept re-entering a transaction via a recursive call, and continuously executed withdrawals without the balance ever updating. 

The moving pieces of the setup were now in final position — the rising hype, excitement and purity of one of Ethereum’s first cornerstone projects was about to come to a chaotic climax. Everything had, against all odds, come together for a final screeching cacophonous bang.

June 17, 2016: on what was otherwise a normal day about a month after TheDAO’s launch, all of a sudden, Ether began to be rapidly drained from the “TheDAO” smart contract at a rate of 100 Ether per second

Thanks to rising Ether prices at the time, the contract then held a total of $250 million — and this sudden whirlwind of funds leaving the contract had a global community of Ethereum developers and stakeholders scrambling. Who was draining the contract and how could this be stopped? 

The hype of Slock.it’s crowdsale thus ended in painfully dramatic fashion. A project that was supposed to smoothly herald in a new age of decentralized financial engineering had begun to lose millions of investor dollars per minute. The vulnerability that had indeed been hinted at by various developers around the world was caught too little too late. The re-entrancy hack had been discovered… and not by a friendly.

‘The DAO’ Hack Part 3: Dagor Dagorath

Sindarin for J.R.R. Tolkien’s “Battle of all Battles,” Dagor Dagorath accurately describes the fallout scenario that ensued after the malicious hacker began the drain of TheDAO smart contract. 

Noble characters, consisting of TheDAO stakeholders, emerged to fight the evil. Key players in this battle include: Griff Green, community manager at Slock.it, Alex Van de Sander, an Ethereum developer and Christoph Jentzch, lead at Slock.it  —  these were key players of the newly formed “Robin Hood Group” soon mentioned below.

As millions of dollars worth of Ether continued to be drained minute-by-minute, the above embattled white hat hackers dealt with immense stress in coming up with a plan to resolve the situation. Ethereum developers around the world were effectively called to war and diverted all attention to this matter,  fearing TheDAO’s fallout would be radioactive enough to kill Ethereum permanently.

Replicating the attack and draining the money out from the main DAO in order to stop the hacker was a popular defense vector discussed in the community (furiously active through various messaging boards across the world).

A soft fork was proposed: have miners not process any transactions coming from “The DAO” contract.
A controversial hard fork was also proposed: in essence, it would simply move custody of the ETH currently in TheDAO smart contract to another safe haven contract where the funds would be secured. 


A spectrum based on two political endpoints emerged: in one corner, the code-is-law laissez-faire advocates shouted that no intervention should happen, the purity of blockchain immutability is too important.

On the opposing corner, there were advocates for greater intervention: action should be taken so as to minimize the effects of this one-of-a-kind catastrophe. Along with all the other viewpoints that fell in between the formed spectrum, a very slippery slope emerged — both sides had valid points.

In the midst of more ETH being drained, a group dubbed the “Robin Hood Group,” consisting of the above-mentioned key players, formed and was pivotal in the white hat  (good-intentioned hacking ) battle to regain funds before they were all completely stolen by the malicious attacker. 

On Day 1 of the attack, the thief had stolen around 30% of the total supply in “The DAO” smart contract — and had then mysteriously stopped, giving the RHG a few short hours to assess the situation. On Day 2, the attacker re-surfaced and began draining ETH once again. 

In the meantime, the Robin Hood Group had been busy stockpiling ammunition in the form of 300,000 $TheDAO tokens  —  more $TheDAO tokens available to deposit into the smart contract in exchange for ETH meant that the withdrawal amount became that much higher. Think back to the ATM example: the more tokens you have in your possession, the higher the amount you can withdraw against at a time, making for a more efficient attack. 

The Robin Hood Group had, with petitions to community and investors, amassed an impressive 6,000,000 $TheDAO tokens in donations. 

The Robin Hood Group would have to use the exact same technique the thief was using: steal from the smart contract using the same re-entrancy exploit, with the intention of providing the ETH a safe harbor to then return to original investors. This was the real-life equivalent of robbing a bank before the malicious bank-robbers and then returning the money back to the bank. There was much fear and angst from group-members; what were the legal ramifications of such a move? 

The seconds ticked by and millions of dollars worth of ETH continued to be drained… the group had no choice but to initiate a counter-attack. The group had to do what the thief was doing: deposit $TheDAO tokens to TheDAO smart contract in order to withdraw an equivalent ETH deposit and then recursively call the buggy function to withdraw more ETH than entitled to. The 6,000,000 tokens of ammunition, along with continuous refinement of the automated withdrawal bot built by the RHG, allowed the white-hat hackers to withdraw ~$30,000 every 5 seconds.

70% of funds were recovered by the Robin Hood Group. The effort had mainly helped stall the attacker as due to protocol rules, withdrawals from TheDAO smart contract required a waiting period of about a month to be cleared  —  this rule applied to anyone withdrawing from the smart contract. The RHG made efforts to return any donated $TheDAO to the community, but given the outcome mentioned in Part 4 and 5, this never really became an issue.

‍Something that is important to note is that $TheDAO still holds value! 1 $TheDAO = ~$27.8 as of date of publishing. If you are reading this and you were a $TheDAO holder/investor, your funds are not lost! Reach out if you need help recovering funds, it’s a little tricky.

The bloody Dagor Dagorath was over. 70% had been recovered by "the good guys" and 30% had been stolen. The malicious attack had been stopped in its tracks — at least temporarily.

The real blood of the battle came in its aftereffects. The thief had been stopped, but had fought with strength and savvy — even though the RHG had pulled a win by recovering the greater amount of ETH, the 70% of those funds recovered were still vulnerable to malfeasance due to how withdrawals from child TheDAOs worked. The thief still had direct control over 30% of funds, about 2 million ETH, and would still be able to withdraw them after the waiting period — the thief would also probably work to sabotage the withdrawal of the other recovered 70%. This was a problem.

‘The DAO’ Hack Part 4: To Fork or Not to Fork

With the malicious thief now temporarily stalled, something more permanent would need to be implemented before the wait period to withdraw ended. Due to possible denial-of-service attacks, the soft fork was not a valid option. The only options left were: do nothing or hard fork.

The “code is law” advocates had a point: how would a hard fork be any different than standard central banking procedures like “bail-outs”? The intervention of central developers into the monetary policy of Ethereum worried many. 

The “hard fork” advocates also had a point: if there is a way to reclaim the stolen funds for all the victims and hand the thief an L, why not do it?


Eventually, after a controversial community vote where only holders of 5.5% of the total Ether supply participated, the hard fork option was approved and set to happen at block number 1,920,000.

In the end, the extraordinary nature of the situation meant extreme measures had to be taken and thus the immutability of the chain sacrificed — just in this one instance. So: to fork.

‘The DAO’ Hack Part 5: or Not to Fork

The hard fork came and went pretty unceremoniously. Any block mined after block 1,920,000 on the original chain was no longer considered ETH. The parallel dimension caused by the hard fork was successful, and it effectively erased the effects of Dagor Dagorath. The ETH you use today lives in this parallel dimension.

To the surprise of many, users/miners revived the “dead chain” and continued to use it beyond block number 1,920,000. The original chain, the one that contains the unchanged fallout of the hack and the hacker directly controls a large portion of funds, thus became known as Ethereum Classic ($ETC), and the new chain (caused by the hardfork where the ETH in the TheDAO smart contract was safe-havened) moved forward as the main Ethereum ($ETH) chain. 
ETC can be basically considered a hardcore “code-is-law” version of Ethereum. Their Declaration of Independence states: 
We believe in a decentralized, censorship-resistant, permissionless blockchain. We believe in the original vision of Ethereum as a world computer that cannot be shut down, running irreversible smart contracts. We believe in a strong separation of concerns, where system forks of the codebase are only possible, when fixing protocol level vulnerabilities, bugs, or providing functionality upgrades. We believe in the original intent of building and maintaining a censorship-resistant, trust-less and immutable development platform.

So: not to fork… kinda.

Conclusion

The radioactivity of this series of events was undeniable. The DAO hack left the Ethereum community split and many stakeholders, as exemplified by ETC, flocked to other projects.

However, today, five years after Dagor Dagorath, billions and billions of dollars reside in multiple smart contracts across the Ethereum ecosystem. As highlighted by DeFi Pulse, the top three projects alone — Maker, AAVE and Compound — now hold ~$26.5 billion, or ~5.2 million ETH combined (as of date of publishing).

It is worth it to ask whether this early catastrophe was actually a blessing in disguise for Ethereum. 

Engineers and developers, pivotal to innovation and buidling, learned the real risks of designing and deploying unsafe/untested smart contracts. Stakeholders and investors, pivotal to keeping the space lush with cash flow and risk, learned the bloody effects of investing in unsafe/untested smart contracts.

Dagor Dagorath would be a puny event compared to the likes of the AAVE smart contract, containing almost $10 billion TVL, being hacked today.

It could well be said that these early events lit a fire under all stakeholders’ butts and thus was essential in further setting up a healthy ecosystem long-term, which now appears to be indeed thriving. Expect more investment to flood in.


This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.