In 2016, The DAO, one of the first autonomous organisations (DAOs), garnered huge attention from crypto enthusiasts. A significant breach of The DAO resulted in a substantial financial loss in Ether for many participants, which was later reversed by a hard fork of the Ethereum blockchain.
The aftermath of The DAO hack raised many questions surrounding the security and resilience of DAOs and smart contracts. Let us delve into certain important facts about this attack and explore its major effects on the industry.
The Concept of DAO
A DAO is a blockchain-based autonomous cooperative that is built on smart contracts. It provides a mechanism for collective decision-making and resource distribution based on consensus. DAOs are established on ETH-like blockchain networks, facilitating value transactions and the execution of smart contracts.
The process ensues with a group of people creating smart contracts that govern the organisation autonomously without human intervention. There is an initial funding period in which individuals can buy tokens which represent ownership in the DAO. After this period ends, members can put forth proposals for fund allocation, upon which token holders can vote, thereby having a say in decision-making within the organisation.
Story of The DAO
Built to offer a decentralised version of Airbnb through “smart locks” technology, The DAO was brought to life on the ETH platform in 2016. It amassed over $100 million in funding from more than 11,000 members within its 28-day funding period in April 2016.
However, certain vulnerabilities in its code, which were not addressed until after the crowd sale, led to severe setbacks for The DAO.
In June 2016, a hacking incident drained approximately $70 million (3.6 million ETH) from the platform. A glitch in the system was exploited by the hacker to transfer ETH from The DAO into a “child DAO,” which resulted in an overnight fall of ETH price from over $20 to under $13.
Attempts to split The DAO failed to garner enough support quickly. Legal concerns pertaining to The DAO’s compliance with securities laws across various countries and potential liabilities for its creators and token holders started rising.
A new child DAO was created, bearing the same structure, constraints, and vulnerabilities as the parent DAO, but its funds could not be accessed for 28 days.
Laura Shin, a journalist for Forbes, reported that Toby Henish, former TenX co-founder, was linked to the hack. The connection was established by blockchain analytics enterprise Chainalysis. Despite the allegations by Forbes, Henish denied any association with the hacking incident.
A Lesson for the Industry
To prevent future attacks, a proposed soft fork aimed to blacklist the attacker. However, the hacker declared their actions as lawful and threatened lawsuits against any attempts to seize the funds. The community got divided, and the attacker even proposed a collective reward to bribe Ethereum miners not to comply with the proposed soft fork.
As an answer, the community pursued a hard fork to reverse the Ethereum network‘s history before the attack and shift the DAO’s funds to a different smart contract.
The decision ignited controversy, with many claiming it violated the principles of decentralisation and immutability. Others, however, felt it showed the community’s adaptability and swift resolution of intricate issues.
On July 20, 2016, the hard fork was executed. A majority chose to adopt the latest version of Ethereum, and a minority stuck with the original Ethereum Classic (ETC).
The DAO hack underscored the necessity for security and regulation in decentralised finance, revealing the vulnerabilities of smart contracts and prompting concerns about regulatory compliance in crowdfunding and token offerings.
What’s Next?
Today’s smart contract auditing and validation services have greatly improved security, minimising potential weak points and ensuring the protection of users’ assets. Ethereum has risen to prominence as a go-to platform for dApps and DeFi protocols. The insights harvested from the DAO incident have led to a more pronounced emphasis on regulatory compliance within the blockchain sector.
