The DAO Chronology of a daring heist and its resolution The DAO | Chronology of a daring heist and its resolution “[the] Digital currency Ethereum is cratering because of a US$50 million hack” Business Insider on 17.06.2016 2 The DAO | Chronology of a daring heist and its resolution It has been the saga of the summer for anyone interested in digital currency and beyond. Within hours the value of the ETH plunged as a result of a hack which relieved the DAO, a massive blockchain-based crowdfunding project, of ETH worth US$50 million. The heist was covered by a number of mainstream journals which published the Decentralized Autonomous news with a varying amount of technical Organizations detail, mostly highlighting the risks A commonly accepted definition involved in dealing in digital currencies. of DAOs some times also referred to as DACs (Decentralized What happened was – of course – a Autonomous Companies) has not severe setback for one of the best-known yet evolved. Usually the terms blockchain-based business applications. refer to a more or less complex It is therefore important to understand interacting set of smart contracts exactly what happened and draw the being able to resemble the necessary consequences in order to fundamentals of organizations, improve the technology. interacting with individuals and dealing with some sort of In order to grasp the whole story about property. the hack of the DAO, it is important to understand what a DAO is and on what Smart contracts can be platform it was deployed: the blockchain seen as the simplest form of platform Ethereum. decentralized automation, following rules triggered by predefined conditions. 3 The DAO | Chronology of a daring heist and its resolution The Ethereum project and the DAO Ethereum is a decentralized ledger The only prerequisite was that network like the well-known digital participants needed to buy Ether tokens currency Bitcoin. However, unlike Bitcoin, (ETH: Ethereum currency). Each token it is not only a digital currency. Ethereum’s represented the right to vote in which main purpose is to serve as a platform investment proposals the fund should for running decentralized applications by invest its money. How much weight each using what are known as smart contracts. vote depended solely on the amount Smart contracts are computer protocols of tokens owned. As in an ordinary that facilitate, verify, or enforce the investment fund, the money collected was negotiation or performance of a contract, intended to be used to invest in different or that make a contractual clause projects, except in this case the decision unnecessary. was subjected to the votes of the token holders, thereby basically democratizing The combination of several smart investment. contracts can even replicate certain functions of a company. Maintained on The idea caught on not only with a blockchain, these combinations of blockchain enthusiasts, it received a broad replicated business functions are called media echo. Gathering approximately Decentralized Autonomous Organizations US$150mn within a few weeks, “the DAO” (DAOs). created the largest crowdfunding project ever. In May 2016, the German start-up Slock.it released a white paper going public with their idea to build a Decentralized Simplified overview of the participation process in the DAO Autonomous Organization (DAO) named “the DAO”. The idea was to create a The DAO Investors DAO that would basically work like an nest ther in investment fund in order to fund Slock. the O it and other projects. Anyone interested could participate and voting rights were available on the open Ethereum platform. Voting right holders could even float their eeie toen own funding proposals. aes inestent roosals toen holders ote for or against roosal Investment proposal 4 The DAO | Chronology of a daring heist and its resolution Chronology of a heist Three months later, on June 16, 2016, In the first days following the attack, the DAO was the object of an attack. The several actions and discussions took place attacker (it is still not known whether it to retrieve the stolen funds. was a single person or a group of people) used an inbuilt split function to withdraw In order to gain time, the first action was money from the DAO by transferring it to exploit the same function to transfer to a separate wallet. The split function the remaining funds into sub-accounts. used was originally created to permit the This resulted in two sub-accounts (called withdrawal of Ether and return the tokens child DAOs), both under (mainly) friendly owned in the event of someone wanting to control. Since the attacker succeeded in leave the DAO. taking part in at least one of those child DAOs, the Ether transferred were still not This particular function was the weak link. in safety. The hacker(s) could just restart the process, as long as they were still part The hacker spotted an error in the code of the DAO. and repeatedly called the split function, each time starting a new request before At this time, several solutions were the end of the previous one. Due to the discussed in the blockchain community. error, the function could not detect that the sum had already been withdrawn by The first, proposed by the founders of the preceding split function. Slock.it, was a soft fork, freezing the amount stolen before the attacker could Repeatedly abusing this inbuilt function, withdraw the money. This would have the hacker(s) withdrew Ether worth enabled the community to conduct a US$50mn at that time. The theft caused counter-attack and retrieve the Ether an outcry in the Ethereum community and from the hacker’s split DAO, now a massive crash in the value of the digital named “darkDAO”, and refund it to the currency. owners. Although the idea was initially well received by the community, its implementation was dropped, due to the associated risk for market security. h he DAO 3426 6626 2726 The DAO i live The DAO is Hard ork attacked completed 5526 7626 5 The DAO | Chronology of a daring heist and its resolution Evaluation of solutions The second major idea proposed to “… imagine that the ATM retrieve the stolen ETH was to conduct a hard fork. The hard fork would transfer didn’t record your new all Ether in the DAO, the child DAOs, and balance until you ended the “darkDAO” into a new smart contract. The original holders would then be able to the session. You could use this contract to exchange their DAO keep requesting $50 again tokens for Ether at a pre-defined exchange rate of 100 DAO tokens for 1 Ether. But and again until you finally to be able to do so, all users would have told the machine you to update their software to a new version which included this feature. didn’t want to process any more transactions – or the The third possibility was simply not to act at all. At first sight, this might seem harsh machine ran out of money.” and hard to understand for someone new The Wired – calling the DAO a never to crypto-currency, but two arguments ending ATM spoke in favor of this option: first of all, a fork is not free of risk, it can be difficult to implement due to the required consensus of the network participants, and its consequences are hard to predict (more details later). Simplified overview of the attack and the hard fork process The DAO DAO attack and counter attacs ”Dark DAO ”Child DAOs” 36 76 ETH ETH 2 ETH Investors Hard fork Withdrawal contract 6 The DAO | Chronology of a daring heist and its resolution Secondly, and more importantly, the initial After a pre-defined period of discussion idea of blockchain technology was not and despite the doubts of parts of the supposed to allow such actions. This can community, a hard fork was decided on be seen as a more philosophical point by 97% and was implemented before the of view and can best be summarized hacker could withdraw the stolen ETH by a comment from one community from the “darkDAO”. participant: As a result, all funds were transferred to "The involvement of the Ethereum the withdrawal contract and the original Foundation in the DAO has been and is a DAO token holders started to withdraw mistake. As I see it, Ethereum is supposed their ETH. to be the foundational infrastructure upon which a flurry of projects and experiments are supposed to blossom, and in order for them to blossom they need a foundation Miners, lottery players who that is strong, and that has integrity in the validate the system face of challenges. The hard fork proposal Miners on a blockchain are a is a compromise that ruins that integrity single person or group of persons and signals that projects like the DAO can who verify transactions and add influence the underlying foundation to them to the ledger. For this they their own advantage. To me that is totally use dedicated computers to unacceptable and is a departure from the resolve computationally difficult principles that drew me to Ethereum." puzzles. The first miner to find Reddit forum – Critical Update regarding the answer receives a reward DAO vulnerability in the form of a transaction fee. Due to their role, they were the ones who were able to carry out the hard fork on the DAO and transfer the funds back to their original holders. 7 The DAO | Chronology of a daring heist and its resolution Lessons learned and next steps • The attack clearly teaches an important In the long term, and considering the lesson for blockchain technology: the development of blockchain technology, system is stable in itself but the human the creation of a precedent every time being remains its weakest link.