Most of us have heaved a desperate sigh of relief on waking from a terrifying nightmare. On June 17, 2016, Christoph Jentzch instead awoke inside of one.
“I was sleeping. My brother called me, so my wife woke me up. She said, ‘[Your brother] says something is wrong,’” he recalls. “I saw that it was a hack. The withdrawal was regular and repeated.”
“At that moment, I realized immediately: The DAO is over.”
This feature is part of our “CoinDesk Turns 10” series looking back at seminal stories from crypto history. The “DAO Hack” is our choice for the most important story of 2016.
These days, some may be confused by reference to “The DAO,” singular. In 2023, Decentralized Autonomous Organizations are everywhere – or at least, the label is. But there is only one “The DAO.”
In 2016, just months after the debut of the smart-contract platform Ethereum, Jentzsch and others launched an ambitious demonstration of what it could accomplish. The DAO would use Ethereum tech to let investors from around the world pool their funds, then vote on how to deploy it. It was likely the first global investment fund in human history open to anyone with a pulse.
On that June morning, though, the dream of The DAO died. The massive hack would go on to drain as much as $60 million worth of Ether, or one-third of the funds contributed by would-be DAO participants. Even after a white-hat counterattack, the stolen funds would ultimately amount to around 5% of all the Ethereum tokens in existence at the time.
This led to what may still be the most controversial decision in Ethereum’s history: a coordinated hard fork. Sometimes wryly referred to as an “irregular state change,” the fork simply took the money back from the hacker by rewriting the Ethereum ledger. Both before and after the fork, this move triggered huge and important debates over so-called “immutability” in blockchains. Some feared it would become a precedent, making the system less trustworthy.
All in all, the episode was a dark one for many in Ethereum. But Jentzch and others close to the situation now see it less as a tragedy than as a formative moment. As one insider put it, The DAO’s collapse “created Ethereum as it is today.” It could be considered a parallel to the impact of the Mt. Gox hack on Bitcoin: a stress test that pushed the community to the brink of destruction, but formed bonds and set precedents that helped create the success we see today.
That includes helping make DAOs a major pillar of Ethereum. Collectives like PleasrDAO now operate on something quite close to that initial investment-fund model, while projects like MakerDAO use similar governance models to accomplish different ends – in Maker’s case, setting monetary policy rather than guiding investments. (And of course, plenty of projects have also adopted the “DAO” designation more because it sounds cool than because of how they actually operate.)
I was around for The DAO hack myself, covering the dire events for Fortune. But in revisiting the episode, insiders pointed out another consequence of The DAO that I’d never thought about before. Its failure forced projects to seek funding through different mechanisms. That led directly to the ICO boom of 2017 and 2018 – and to the plethora of real and fake project tokens traded on exchanges around the world now.
In other words, without The DAO and its failure, much of crypto as we know it today wouldn’t exist.
The DAO's Origins
It all started because the Ethereum Foundation, the non-profit that oversees development on the blockchain, was running low on funds.
Cristoph Jentzch had been deeply involved in the early development of Ethereum, after discovering the whitepaper in 2014. He quickly joined the Ethereum Foundation and served as a coder and tester for the C++ version of the Ethereum client. Jentzch says he worked in parallel with Vitalik Buterin, then building the Python client.
By the summer of 2015, though, the C++ work was done, while Foundation funding was low. So many of those contributors soon left to pursue related projects. Ethereum co-founder Gavin Wood split to create Parity (and later Polkadot), while Jentzsch founded a smart-contract developer called Slock.it. Slock.it was partly focused on building “The Universal Sharing Network,” a “sharing economy” on Ether sometimes summarized as “decentralized Uber.”
Jentszch and his team initially conceived of The DAO as a fundraising mechanism specifically for Slock.it. He says now the goal was to raise something like $5 to $10 million from Ethereum users.
But – in a phenomenon that would replay itself during the subsequent ICO era – things got out of hand quickly as buzz about The DAO accelerated. The project blew well past its funding goals.
Read more: CoinDesk Turns 10 – The Legacy of Mt. Gox: Why Bitcoin’s Greatest Hack Still Matters
That required a fundamental rethink.
That, Jentszch says, was far more than he bargained for. Even before the hack, he felt The DAO had attracted too much money, and too much hype.
“Before the hack, this was the only time in my life I was actually totally burned out,” Jentzsch reflects now. “I was just walking in the woods for hours a day. My energy was at minus-10. I was getting worried about the DAO, because I wanted $5-10 million, not $150m and 15% of all ETH. That was crazy… I was giving birth to this project that could get out of my control, and become something really bad in the world.”
Jentzch wasn’t the only one panicking when the hack started unfolding. The entire DAO team activated.
“Everything started going red, my phone and my computer,” says one member of the DAO support team. He wishes to remain anonymous, so we’ll call him ‘Igor.’
“Griff [Green, later cofounder of Giveth.io] was like, look what’s going on here. He was sending me Etherscan links,” Igor recounts. “I’m not the most technical person, so I was like, ‘Guys, this doesn’t look good, right?’ And they were like, no, it doesn’t look good.”
The attacker, it later became clear, used what’s now known as a “reentrancy attack” that exploited a so-called “fallback” function native to Ethereum’s then-novel coding language, Solidity. Over the course of a few weeks, the hacker would almost entirely drain the $150 million worth of ETH controlled by The DAO.
In response, not just Ethereum leaders, but figures from across the crypto space rallied to look for a solution. Vitalik Buterin himself, who had not been directly involved with The DAO, became part of the bailout effort. Perhaps surprisingly, so did some die-hard Bitcoiners.
It turned out the attack had one saving grace – it worked both ways.
The DAO’s crisis squad included “white hat” Ethereum hackers who “started using the same exploit” against the hacker, Igor recounts. The white hats, who came to be known as the Robin Hood group, “were pulling as much as possible before the hacker got it … And after that they attacked him [back],” says Igor. “They were really geniuses, you know.”
In other words, the white hats found themselves stealing from a bank robber. These tactics were able to recover a large portion of the hacked funds, but far from all of it. And there was a bigger problem: The DAO was (unlike too many of its progeny) truly decentralized. There was no easy way to entirely “pull the plug,” so to speak, meaning funds would be at risk indefinitely.
This, plus the repeatability of the reentrancy attack in both directions, meant that even after the white-hat victories, there was no true end in sight. “The way we saw it back then was that this was going to go on forever – just hacking back and forth,” says Jentzch.
At the same time, The DAO was quickly becoming a triple-threat to Ethereum. There was the money that could be lost, and the reputational damage. But it had also taken over the badly-needed attention of developers trying to move things forward.
“It was two months of attention of the entire Ethereum ecosystem on this,” says Jentzch. “So there was an idea, we need to get past this. A hard fork was just a very clean-cut ending to this phase.”
The Ethereum hard fork
Eventually, a radical solution was proposed: What if the only way to really beat the hacker was to change the rules of the game?
A “Hard Fork” of the entire Ethereum blockchain would not only include a fix for the bug that crippled The DAO, but something much more radical: a so-called “irregular state change.” This is one of the funniest phrases ever coined in crypto, because beneath its stiff abstraction, it means something simple and shocking: the hard fork would take away a user’s money.
Specifically, the proposed hard fork simply took all the hacked funds and returned them, ultimately, to their rightful owners. The fork was like waving a magic wand and teleporting a bank vault from a robber’s hideout back into the bank.
On its face, this sounded fantastic. But the long-term implications were far more complicated – a warning that reached the Ethereum community, in part, through Bitcoiners.
“Initially because most of the people were investors [in the DAO], they were like yeah, ‘I want my money back,’” says Igor. “But later Vitalik came in [to the discussion], and some Bitcoiners. And there were fascinating discussions about [whether the hard fork] was the way to go.”
Soon, in an echo of the block size dispute in Bitcoin, two strongly ideological sides formed on the question of hard forking Ethereum.
On one side were those who might be termed pragmatists. This included not just investors who wanted their money back, but figures in the Ethereum ecosystem who saw a much broader threat to their long-term goals. Even after the efforts of the Robin Hood team, the hacker still controlled $40 million worth of Ether – which at the time amounted to roughly 5% of the system’s entire market cap. So if the hacker retained control of the hacked funds, they would have a permanent dominant position in the ecosystem. That would have made it hard to ever truly take Ethereum seriously again.
“I think the people from the [Ethereum] Foundation were not happy with what was going on at the DAO, even prior to the hack,” says Igor. “Because they thought it was way too early. And that was one of the main reasons for the rollback – it was very early.” Shockingly early, in fact: The DAO had been proposed, launched, funded, and hacked by June of 2016, less than a year after Ethereum went live.
But, partly under the influence of vocal Bitcoiners, there was a robust opposition to this pragmatic move. To them, the “irregular state change” was not just a kind of cheating, but a deep betrayal of the entire point of a blockchain. Some vocally hewed to the “code is law” ethos still prominent at the time – the idea that blockchains should supersede courts and nation-states as arbiters of fairness. Under some versions of this idea, if you figured out a way to steal money via hacking or exploiting a blockchain, you had earned it fair and square.
But the deeper point was simple trustworthiness. If Ethereum could be patched to take away a user’s funds – even if that user was a hacker – it raised the possibility that the same thing could happen to anyone. Wouldn’t that, hard fork opponents argued, be even more harmful to the integrity of Ethereum than letting a hacker own 5% of the chain?
This “code is law” contingent would demonstrate the full scope of blockchain democracy by choosing to stick with the old chain after the fork. This chain – where the hacker still had much of their hoard – came to be known as Ethereum Classic. ETC enjoyed a lot of support in its early years, and still has adherents today, though it has inevitably lagged behind Ethereum in both market interest and technology.
What came after
Seven years later, the most remarkable thing about the DAO hack is that a similar hard fork has not been on the table since; it seems those worried about the moral hazard of bailout-like hard forks may have been overcautious. Most notably, there was never a serious proposal for a hard-fork fix of the late 2017 Parity wallet incident, when a catastrophic chain of accidents permanently locked around $150 million worth of Ether. Another hard fork could have given that money back, too, but it never happened.
Another remarkable fact about the DAO hack is that the culprit has still never been identified. The hack exploited bugs that had been identified by the DAO team; they were in the process of fixing those ahead of the planned distribution of funds. This timing may have contributed to rumors that the hack was an “inside job,” but that’s pure speculation.
One thing hasn’t changed: hacks of major crypto projects and exchanges have remained common in DeFi. But they’ve gotten much bigger than the roughly $60 million successfully drained from the DAO. Examples like last year’s Wormole hack ($325 million) and Ronin exploit ($625 million) spring easily to mind. According to Chainalysis, DeFi hacks accounted for 82% of all hacking thefts in 2022.
The bright side
But without the early cautionary example of The DAO, things might be even worse today. “In hindsight, the whole industry shifted entirely to security after [The DAO],” says Jentszch. “Before that, it was more of a move-fast [environment]… “The whole [blockchain] security industry basically started after The DAO.”
Jentzch believes that one of the worst outcomes of The DAO hack was shifting funding models in crypto away from collective organizations and towards direct-to-investor ICO sales. The DAO had proved you could raise money on-chain, but then it collapsed, leaving fund-seeking projects empty-handed.
“So a lot of projects who planned to raise money from the DAO ended up doing ICOs,” says Jentzch. “The good, the bad and the ugly.”
What was lost in the shift from DAO to ICOs was any sort of expert oversight or vetting, Jentzch argues. “The DAO was kind of a mix of the wisdom of the crowd and these mature investors who were doing due diligence, and know what they’re doing. Something like 50% [of investors] were retail and small holders, and roughly 50% was owned by 51 people. The idea was projects will go to the DAO, and they won’t just get a check, they’ll get a smart contract that sends money over time.”
“So yes, much more wisdom would have gone into it,” Jentzch says. “It would be harder to get money from the DAO than from doing your own ICO.” That might have helped more capital to go to legitimate projects, and less to outright scams, during the subsequent ICO mania.
More broadly, Jentzch laments the decline in the broader ethos that led to The DAO.
“The spirit of Ethereum at the time, the visionary way we viewed the world: it was very much similar to early bitcoiners,” he says now. “We still have some of it, but we’ve lost some. We haven’t followed through with the vision we had back then of building truly decentralized applications. And today we’re in much better shape when it comes to secure smart contracts.”
“We shouldn’t be too shy about trying big things again.”
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.