The Ethereum DAO Hack (2016)

In this series, I am exploring and analyzing some of the most spectacular bugs and exploits of the blockchain.

Summary

These days, some may be confused by referring to "The DAO" as singular since the Decentralized Autonomous Organizations are everywhere. However, there is only one "The DAO". At that point in 2016, the DAO had raised $150 million from more than 11,000 investors, making it one of the largest crowdfunding campaigns in history at the time. However, the project was hacked due to vulnerabilities in its code base, resulting in the loss of millions of dollars worth of ETH. This hack is notable in the crypto space as it led to a schism within the Ethereum community that resulted in a hard fork of the Ethereum network that created two separate blockchains, Ethereum (ETH) and Ethereum Classic (ETC).

Origins of (DAO) Decentralized Autonomous Organisation

A Decentralized Autonomous Organization (DAO) is a unique organizational structure that operates without a central authority. This is important. Instead, power is distributed among token holders who collectively make decisions via a voting system.

All activities and votes within a DAO are recorded on a blockchain, making them transparent and publicly visible. One of the pioneers of DAOs, "The DAO", was created by developers to automate decisions and streamline cryptocurrency transactions. Security is a critical aspect of DAOs as they can be vulnerable to exploits that could deplete their treasury. Despite the risks, DAOs have found applications in various sectors, including decentralized finance (DeFi), venture capital, and even social communities.

Ethereum Foundation

It all started because the Ethereum Foundation, the non-profit that oversees development on the blockchain, was running low on funds. There’s a narrative that’s grown up around Ethereum’s two most important co-founders, Joe Lubin and Vitalik Buterin, to explain how they went in different directions almost a decade ago.

It suggests the pair fell out over the blockchain’s future direction, with the idealistic 20-year-old Buterin determined to turn Ethereum into a nonprofit foundation, while Lubin and others wanted to commercialize the technology via a for-profit company.

The co-founders had gathered in Zug, Switzerland on June 7, 2014, to sign a document transforming Ethereum into a for-profit company. But instead of signing the contract, tensions boiled over Hoskinson’s management style and personality, Chetrit’s contribution to the project, Ethereum’s future direction and other internal political issues.

On that June morning the massive hack would go on to drain as much as one-third of the funds contributed by would-be DAO participants. Even after a white-hat counterattack, the stolen funds would ultimately amount to around 5% of all the Ethereum tokens in existence at the time.

As one insider put it, The DAO’s collapse created Ethereum as it is today.

This led to what may still be the most controversial decision in Ethereum’s history: a coordinated hard fork. Sometimes referred to as an irregular state change, the fork simply took the money back from the hacker by rewriting the Ethereum ledger.

Both before and after the fork, this move triggered huge and important debates over so-called “immutability” in blockchains. Some feared it would become a precedent, making the system less trustworthy.

The Hack

On the 18th of June 2016, a number of people started spotting that a significant number of Ether was being drained out of the contract. It was accounted that more than 3.5 million Ether got transferred that day (~$45 million ). The Ether price tanked from $20 to $13 in a matter of few hours.

The DAO hacker was able to exploit a non-trivial series of vulnerabilities, the most relevant of them was called reentrancy attack, a so-called “fallback” function native to Ethereum’s then-novel language, Solidity.

In computing, a computer program or subroutine is called reentrant if multiple invocations can safely run concurrently on a single processor system, where a reentrant procedure can be interrupted in the middle of its execution and then safely be called again ("re-entered") before its previous invocations complete execution.

Response

The Ethereum Hard Fork was a radical solution proposed to address the issue of a hacker exploiting a vulnerability in The DAO. At this point, the proposed solution involved a "hard fork" of the entire Ethereum blockchain, which would involve a significant change in the rules of the blockchain. Specifically, the hard fork would reverse the transactions made by the hacker, effectively returning the stolen funds to their rightful owners. While this seemed like a great solution initially, it raised complex long-term implications.

• What is a Hard Fork in the blockchain technology?

Complex Long-Term Implications

The Ethereum Hard Fork sparked philosophical divisions within the community. Some argued that a hard fork contradicted the fundamental principles of immutability and tamper resistance that underpin blockchain technology. Others believed it was a necessary intervention to rectify a critical flaw and protect the integrity of the Ethereum ecosystem. The hard fork resulted in a split in the Ethereum community. While Ethereum continued along the newly forged path, those who disagreed with the hard fork decision continued on the original chain,

creating Ethereum Classic (ETC). This schism underscored the challenge of achieving consensus in decentralized networks when faced with contentious decisions.

The Ethereum Hard Fork set a precedent for intervention in the blockchain space. The decision to alter the ledger for ethical reasons raised questions about the decentralized nature of blockchain technology. It prompted discussions about the balance between maintaining security and adhering to the core principles of a trustless and censorship-resistant system. The vulnerability exploited in The DAO was a result of a coding error, emphasizing the importance of thorough reviews to prevent such incidents in the future. This brought to the light the challenges associated with maintaining trust and security in blockchain networks. While the fork addressed the immediate issue, it underscored the complexities of balancing security concerns with the principles of decentralization.

The fork resulted in two competing blockchains: Ethereum, which implemented the hard fork, and Ethereum Classic, which left the Ethereum blockchain untouched.

In conclusion, the Ethereum Hard Fork, born out of necessity to rectify The DAO exploit, had profound and lasting implications for the Ethereum community. It ignited debates, split the community, and set a precedent for interventions in blockchain systems, prompting a reevaluation of the delicate balance between security and decentralization in the evolving landscape of blockchain technology.