CoinDesk Turns 10: How The DAO Hack Altered the Landscape of Ethereum and Cryptocurrency

Bitcoin Languishes as ETF Optimism Subsides; PEPE Takes the Lead in Altcoin Profits

Donald Trump Possesses Crypto Holdings Valued Up to $500K

Coinbase's Highly Anticipated New Core Blockchain Attracts Modest $10M Inflows Upon Launch

While it's common to feel a sense of relief upon waking up from a terrifying nightmare, Christoph Jentzch's experience on June 17, 2016 was far from typical-he found himself still trapped inside the nightmare upon waking up.

“I was sleeping. My brother called me, so my wife woke me up. She said, ‘[Your brother] says something is wrong,’” he recalls. “I saw that it was a hack. The withdrawal was regular and repeated.”

“At that moment, I realized immediately: The DAO is over.”

As part of our "CoinDesk Turns 10" series, where we reflect on pivotal moments in the history of cryptocurrency, we have chosen the "DAO Hack" as the most significant story of 2016.

Nowadays, there might be some confusion when referring to "The DAO" in singular form. In 2023, Decentralized Autonomous Organizations (DAOs) have become ubiquitous, or at the very least, the term has. Nevertheless, there remains only one true "The DAO."

Back in 2016, not long after the smart-contract platform Ethereum had made its debut, Christoph Jentzsch and his team embarked on an ambitious project to showcase the platform's capabilities. The result was The DAO, a revolutionary investment fund that utilized Ethereum technology to enable investors from all corners of the world to pool their resources and vote on how best to allocate them. This was a landmark achievement, as it marked the world's first global investment fund that was open to anyone with an interest in participating.

However, on that fateful morning in June, the dream of The DAO was shattered. A devastating hack drained as much as $60 million worth of Ether from the fund, which equated to roughly one-third of the total funds contributed by would-be DAO participants. Despite attempts to counterattack the hack, the stolen funds ultimately amounted to around 5% of all the Ethereum tokens in circulation at the time.

"As one insider put it, The DAO’s collapse 'created Ethereum as it is today'"

One of the most contentious decisions in Ethereum's history was the coordinated hard fork that ensued. Often described as an "irregular state change," this action involved altering the Ethereum ledger to reclaim the funds from the hacker. The fork sparked intense and significant debates on the concept of "immutability" in blockchain technology, both prior to and following the event. Some apprehended that it would set a precedent and diminish the reliability of the system.

Ethereum's most contentious decision to date was the coordinated hard fork that took place. This "irregular state change" involved rewriting the Ethereum ledger to reclaim the funds stolen by the hacker. The fork sparked intense debates on the concept of "immutability" in blockchains, both before and after its implementation. Many feared that it would set a dangerous precedent and erode trust in the system.

The DAO incident was a dark period for the Ethereum community, but for Jentzch and others closely involved, it now represents a formative moment in the platform's evolution. They view it as a pivotal event that helped shape Ethereum into what it is today. In hindsight, it could be compared to the Mt. Gox hack's impact on Bitcoin, as both incidents served as stress tests that brought the community to the brink of destruction but ultimately resulted in stronger bonds and the establishment of critical precedents that contributed to their respective successes.

The impact of The DAO incident went beyond just Ethereum's history. It played a significant role in shaping the development of DAOs as a whole. PleasrDAO, for example, operates under an investment-fund model that closely resembles The DAO's original structure. MakerDAO, on the other hand, uses similar governance models to control monetary policy rather than investments. However, it is worth noting that some projects may adopt the "DAO" designation more for its trendy appeal than for the actual operating principles. Overall, The DAO incident helped pave the way for the development of DAOs as a major pillar of decentralized finance.

As someone who covered The DAO hack firsthand for Fortune, I was able to witness its dire consequences. However, in retrospect, insiders have highlighted another significant outcome of The DAO incident that I had never considered before. The failure of The DAO compelled projects to explore alternative funding mechanisms, which ultimately led to the ICO boom of 2017 and 2018. This, in turn, led to the proliferation of real and fake project tokens traded on exchanges worldwide today. The DAO's collapse ultimately had a far-reaching impact on the cryptocurrency space and the way projects sought to fund their endeavors.

In essence, it can be argued that the cryptocurrency landscape we know today would not exist were it not for The DAO and its subsequent collapse.

Ethereum co-founder Vitalik Buterin in 2016

The DAO's Origins

The genesis of the situation was the depletion of funds at the Ethereum Foundation, the non-profit organization responsible for overseeing blockchain development.

Cristoph Jentzch became deeply involved in the early development of Ethereum after discovering the whitepaper in 2014. He quickly joined the Ethereum Foundation, where he made significant contributions as a coder and tester for the C++ version of the Ethereum client. Jentzch worked closely alongside Vitalik Buterin, who was simultaneously building the Python client. Their collaboration was crucial to the successful launch of the Ethereum platform.

By the summer of 2015, the C++ version of the Ethereum client had been completed, but the Ethereum Foundation was experiencing a shortage of funds. As a result, many contributors opted to leave and pursue other related projects. Among them, Ethereum co-founder Gavin Wood departed to establish Parity Technologies (which later developed the Polkadot network), while Cristoph Jentzch founded Slock.it, a smart-contract development firm. Slock.it's main focus was on creating "The Universal Sharing Network," a decentralized sharing economy built on the Ethereum blockchain, often described as a "decentralized Uber."

Cristoph Jentzsch and his team initially conceptualized The DAO as a means of raising funds for Slock.it. Their objective was to solicit around $5 to $10 million from the Ethereum community.

However, as often happened during the subsequent era of initial coin offerings (ICOs), things quickly spiraled out of control as excitement around The DAO gained momentum. The project exceeded its funding objectives by a significant margin.

This necessitated a complete overhaul of their plans.

“After it raised $20 or 30 million,” says Jentzsch, “everyone was saying, this isn’t just for Slock.it or the USN. The narrative changed from Slock.it funding to … let’s fund every app on Ethereum with it.” Ultimately, the DAO would raise a stunning $150 million.

That, Jentszch says, was far more than he bargained for. Even before the hack, he felt The DAO had attracted too much money, and too much hype.

“Before the hack, this was the only time in my life I was actually totally burned out,” Jentzsch reflects now. “I was just walking in the woods for hours a day. My energy was at minus-10. I was getting worried about the DAO, because I wanted $5-10 million, not $150m and 15% of all ETH. That was crazy… I was giving birth to this project that could get out of my control, and become something really bad in the world.”

The hack

Jentzch was not the only person in a state of panic when the hack began to unfold. The entire DAO team sprang into action.

“Everything started going red, my phone and my computer,” says one member of the DAO support team. He wishes to remain anonymous, so we’ll call him ‘Igor.’

“Griff [Green, later cofounder of Giveth.io] was like, look what’s going on here. He was sending me Etherscan links,” Igor recounts. “I’m not the most technical person, so I was like, ‘Guys, this doesn’t look good, right?’ And they were like, no, it doesn’t look good.”

Upon further investigation, it was revealed that the assailant had executed a sophisticated "reentrancy attack" by exploiting the "fallback" function present in Solidity, the pioneering programming language used by Ethereum. In a matter of weeks, the hacker succeeded in siphoning off nearly the entirety of the $150 million worth of ETH held by The DAO.

Following the incident, leaders from not just the Ethereum community but also prominent figures within the broader crypto space joined forces to seek a remedy. Even Vitalik Buterin, who was not directly affiliated with The DAO, became involved in the bailout initiative. It was somewhat unexpected to see some ardent Bitcoin proponents also lending their support.

As it transpired, the attack had a silver lining - it was bidirectional in nature.

The DAO's emergency response team comprised of "white hat" Ethereum hackers who employed the identical exploit against the perpetrator, as per Igor's account. These white hats, who later became known as the Robin Hood group, "were draining the ETH as fast as they could before the hacker could get to it... And then they went on the offensive," Igor notes. "They were absolute geniuses, I must say."

To put it simply, the white hats ended up expropriating the thief. Although these methods managed to retrieve a significant chunk of the pilfered funds, they were unable to recover all of it. However, the bigger issue was that The DAO was genuinely decentralized, unlike many of its successors. There was no straightforward way to completely "shut it down," which meant that the funds would remain vulnerable indefinitely.

"The DAO was quickly becoming a triple-threat to Ethereum"

Coupled with the fact that the reentrancy attack was easily repeatable from both ends, this implied that even after the success of the white hat hackers, there seemed to be no end in sight. “The way we saw it back then was that this was going to go on forever – just hacking back and forth,” Jentzsch comments.

The DAO was rapidly emerging as a triple threat to Ethereum, presenting a confluence of risks that could prove costly in multiple ways. Beyond the potential financial losses and reputational damage, the project was also drawing valuable developer attention away from more pressing priorities related to advancing the platform.

“It was two months of attention of the entire Ethereum ecosystem on this,” says Jentzch. “So there was an idea, we need to get past this. A hard fork was just a very clean-cut ending to this phase.”

The Ethereum hard fork

After a while, a revolutionary proposal surfaced: What if the most effective strategy to defeat the hacker was to alter the game's regulations?

A complete "Hard Fork" of the Ethereum blockchain was suggested, which would not only address the bug that caused The DAO's collapse, but also involve a more revolutionary approach: an "irregular state change." This term, despite its formal tone, is quite striking because it implies something straightforward yet startling: the hard fork would entail confiscating a user's funds.

In essence, the suggested hard fork involved retrieving all the stolen funds and restoring them to their lawful owners. It was as though a wand had been waved, and a bank vault had been instantaneously transported from a thief's hideaway back into the bank.

Initially, this proposal seemed extraordinary, but the repercussions in the long run were considerably intricate. A cautionary message was disseminated to the Ethereum community, partly through Bitcoin enthusiasts.

“Initially because most of the people were investors [in the DAO], they were like yeah, ‘I want my money back,’” says Igor. “But later Vitalik came in [to the discussion], and some Bitcoiners. And there were fascinating discussions about [whether the hard fork] was the way to go.”

Before long, a divide reminiscent of the block size argument in Bitcoin emerged regarding the issue of hard forking Ethereum, with two staunchly ideological factions taking sides.

On one side of the debate were the pragmatic individuals, which encompassed not only investors who sought the return of their funds, but also influential personalities within the Ethereum community who perceived a more extensive threat to their long-term objectives. Despite the Robin Hood team's attempts, the hacker still held around $40 million worth of Ether, equivalent to roughly 5% of the system's total market capitalization at the time. If the hacker retained control of the stolen funds, they would have a permanent dominant position in the ecosystem, making it arduous to take Ethereum seriously in the future.

“I think the people from the [Ethereum] Foundation were not happy with what was going on at the DAO, even prior to the hack,” says Igor. “Because they thought it was way too early. And that was one of the main reasons for the rollback – it was very early.” Shockingly early, in fact: The DAO had been proposed, launched, funded, and hacked by June of 2016, less than a year after Ethereum went live.

However, there was a forceful opposition to this pragmatic approach, partially influenced by outspoken Bitcoin enthusiasts. To them, the "irregular state change" was not only a form of cheating but also a fundamental betrayal of the core purpose of a blockchain. Some vehemently adhered to the "code is law" principle, which was still prevalent at the time - the concept that blockchains should supplant courts and nation-states as the adjudicators of fairness. According to certain interpretations of this principle, if you were able to steal money through hacking or exploiting a blockchain, you had legitimately earned it.

However, the crux of the issue boiled down to a matter of trustworthiness. If Ethereum could be altered to seize a user's funds - regardless of whether that user was a hacker or not - it created the potential for the same scenario to occur to anyone. Wouldn't that pose a greater threat to the credibility of Ethereum than allowing a hacker to possess 5% of the network, as argued by those who opposed the hard fork?

The "code is law" faction showcased the complete extent of blockchain democracy by electing to remain with the original chain following the hard fork. This particular chain, where the hacker retained a significant portion of their stash, eventually became known as Ethereum Classic. During its initial years, ETC amassed a significant following and still retains loyalists to this day, although it has inevitably fallen behind Ethereum in terms of market interest and technological advancements.

What came after

Seven years have passed since the DAO hack, and what stands out most is the absence of a comparable hard fork in the intervening years. It appears that concerns about the moral hazard of using hard forks as a bailout mechanism may have been overly cautious. Notably, there was never a serious consideration of a hard fork solution for the Parity wallet incident in late 2017, which resulted in the permanent loss of approximately $150 million worth of Ether due to a chain of unfortunate events. Although another hard fork could have potentially recovered the lost funds, no such action was taken.

"One outcome of The DAO hack was shifting funding models away from
collective organizations and towards direct-to-investor ICO sales"

Another notable aspect of the DAO hack is that the responsible party has yet to be definitively identified. The attack took advantage of vulnerabilities that had already been identified by the DAO team, who were actively working to resolve them prior to the planned distribution of funds. Some have speculated that the timing of the hack suggests an "inside job," but this remains purely speculative.

Despite its association with the DAO hack, Slock.it remained an influential player in the field of smart contract development until it was acquired by Blockchains.com in mid-2019. Christoph Jentzch, the former CEO of Slock.it, has since taken on various roles, including that of venture investor.

While much has changed since the DAO hack, one unfortunate constant is the prevalence of major hacks targeting crypto projects and exchanges in the DeFi space. However, these incidents have grown significantly in scale compared to the roughly $60 million that was drained from the DAO. Recent examples such as the Wormhole hack ($325 million) and the Ronin exploit ($625 million) readily come to mind. According to Chainalysis, DeFi hacks accounted for a staggering 82% of all cryptocurrency thefts due to hacking in 2022.

The bright side

But without the early cautionary example of The DAO, things might be even worse today. “In hindsight, the whole industry shifted entirely to security after [The DAO],” says Jentszch. “Before that, it was more of a move-fast [environment]… “The whole [blockchain] security industry basically started after The DAO.”

Jentzch's assessment is that the aftermath of the DAO hack resulted in a significant shift away from funding models based on collective organizations in the cryptocurrency industry. Instead, there was a greater emphasis on direct-to-investor ICO sales. The DAO had previously demonstrated that it was possible to raise funds on-chain, but its failure and the subsequent fallout left many projects without access to funding. This shift in funding models has had a lasting impact on the crypto industry.

“So a lot of projects who planned to raise money from the DAO ended up doing ICOs,” says Jentzch. “The good, the bad and the ugly.”

What was lost in the shift from DAO to ICOs was any sort of expert oversight or vetting, Jentzch argues. “The DAO was kind of a mix of the wisdom of the crowd and these mature investors who were doing due diligence, and know what they’re doing. Something like 50% [of investors] were retail and small holders, and roughly 50% was owned by 51 people. The idea was projects will go to the DAO, and they won’t just get a check, they’ll get a smart contract that sends money over time.”

“So yes, much more wisdom would have gone into it,” Jentzch says. “It would be harder to get money from the DAO than from doing your own ICO.” That might have helped more capital to go to legitimate projects, and less to outright scams, during the subsequent ICO mania.

Jentzch is saddened by the decline of the values and principles that had motivated the creation of The DAO.

“The spirit of Ethereum at the time, the visionary way we viewed the world: it was very much similar to early bitcoiners,” he says now. “We still have some of it, but we’ve lost some. We haven’t followed through with the vision we had back then of building truly decentralized applications. And today we’re in much better shape when it comes to secure smart contracts.”

“We shouldn’t be too shy about trying big things again.”

Source Coindesk