The DAO was a decentralized autonomous organization launched on the Ethereum blockchain in spring 2016 as an investor-led capital fund. One of the largest crowdfunding campaigns in history, The DAO raised $150 million in Ether before being hacked due to vulnerabilities in the code base, with the attacker siphoning millions out of the project.
Ethereum was only a year old at the time and a promising new crypto venture. With a growing fear that the hack would change Ethereum’s perception for the worse, many in the crypto community, including Ethereum’s co-founder Vitalik Buterin and several Bitcoin developers, rallied to find a solution.
The community eventually decided on a hard fork of the Ethereum network, meaning that the network would split into two branches. One branch, now known as Ethereum, returned the funds to the affected users, while the other, known as Ethereum Classic, accepted the hack as a part of its history. The hard fork was highly controversial within the crypto community, as immutability (the inability to be changed) is often considered a key feature of a blockchain.
The DAO hack helped to shape the Ethereum ecosystem into what it is today. Similar to the impact of Mt. Gox on the Bitcoin community, it set forth processes and debate that enhanced blockchain security and changed how projects raise funds.
What is a DAO?
DAO is an acronym for a decentralized autonomous organization, a digital entity that has no centralized authority. Instead, members purchase tokens that allow them to participate in the management and decision making of the organization, as well as vote on the deployment of its funds.
DAOs are blockchain-based collectives where the rules and processes are run through smart contract code, and all transactions are visible on the blockchain protocol’s ledger. DAOs were meant to replace the leadership and oversight of a central entity or corporation by using a democratic approach to governance.
Note that the term ‘DAO’ is typically used when talking about any decentralized autonomous organizations. ‘The DAO’ refers to the specific decentralized autonomous organization that was exploited in the hack.
The DAO creation
Blockchain developer Christoph Jentzsch released the open-source code for The DAO in April 2016. Jentzsch had been involved in the early development of Ethereum, building the C++ version of the Ethereum client.
The DAO was created as a community-based investment fund where users purchased DAO tokens using Ether. Jentzsch’s vision was for The DAO to be a fundraising mechanism for another blockchain project, and his goal was to raise $5 - $10 million.
However, the project gained traction and attracted far more attention than Jentzsch anticipated. Excitement grew as users wanted The DAO to go beyond Jentzsch’s specific project, to funding every app on Ethereum. The DAO eventually raised $150 million in funds from over 11,000 investors, representing around 14% of all Ether in circulation at the time.
The hack
Prior to the hack, several users had expressed concern about vulnerabilities in The DAO’s codebase.
The DAO’s smart contract was written in Solidity, Ethereum’s main programming language, which was only a few months old at the time. Due to this, the novel project was not thoroughly tested and grew quicker than its creators anticipated. In early June, programmers proposed fixes to the vulnerabilities and were awaiting approval from DAO members before deploying the code.
On June 17, a few weeks after The DAO’s launch and before the fixes could be enacted, Jentzsch and others noticed that a hacker was siphoning funds from the project. Known as a “reentrancy attack,” the hacker was able to exploit a specific Solidity vulnerability by calling the contract’s withdraw() function in a continuous loop. The hacker was able to drain around 3.6 million ETH out of the DAO, equivalent to $70 million at the time.
Response
Figures from across the crypto community debated how to respond to the hack. The DAO was a truly decentralized entity, and any decision would have to be agreed on by the majority of the Ethereum community.
Vitalik Buterin, who had not been personally involved with The DAO, suggested a soft fork of the Ethereum blockchain, which would have added a snippet of code to blacklist the hacker and freeze the funds.
The hacker (or a person posing as the hacker), however, messaged the Ethereum DAO Slack channel noting that they would offer a reward to miners who did not comply with the proposed soft fork.
Hard fork
Members of the community proposed a hard fork, which would move the funds to another smart contract, from which affected users could withdraw their Ether. The move essentially returned the funds to the users by restoring a digital backup.
The solution was controversial and highly debated (more on that below). Due to the network’s decentralized nature, the majority of Ethereum miners, exchanges, and operators had to agree to the hard fork. On July 20, a consensus was reached, and the hard fork was implemented.
The fork resulted in two competing blockchains: Ethereum, which implemented the hard fork, and Ethereum Classic, which left the Ethereum blockchain untouched.
The perpetrator of the attack has never been identified.
Impact on the cryptocurrency community
The DAO hack had profound implications on Ethereum and the wider crypto community. Ethereum was seen as a young technology with huge potential, and programmers and investors worried about the reputational damage the event would have on the network.
Due to the immutable and secure nature of blockchains, critics felt that the hard fork tampered with the blockchain and went against the core tenants of decentralization and independence from a central authority. These are core principles that Ethereum and many cryptocurrencies are founded on, and they were concerned that the hard fork would set a dangerous precedent.
Proponents, however, offered a more pragmatic perspective. The amount of money hacked was significant and they wanted to return the funds back to the users to prevent any more damage and distrust of the network.
While hacks can happen in decentralized networks, the Ethereum hard fork is a unique event in the history of cryptocurrency. Further, The DAO is often seen as the event that made blockchain security a priority, especially with new DeFi projects, a concept that wasn’t taken seriously until the hack.
Jentzsch, the creator of The DAO, believes that the hack helped shift blockchain project funding away from digital organizations to ICOs (initial coin offerings), which might have contributed to the ICO boom the following year.
The DAO hack essentials
The DAO was a decentralized autonomous organization launched on the Ethereum network in spring of 2016.
The DAO raised $150 million worth of Ether and was one of the largest crowdfunding campaigns in history when it was hacked with millions siphoned out of the fund.
The community responded by enacting a hard fork of Ethereum, splitting the network into two separate blockchains with their own coins.