New Vulnerability May Prevent Ethereum Soft Fork

One possible solution to the attack that led to the draining of funds from The DAO is now believed to include an exploit of its own.

AccessTimeIconJun 28, 2016 at 9:00 p.m. UTC
Updated Sep 11, 2021 at 12:21 p.m. UTC

The number of options available to the ethereum development community as it searches for a way to recover investor funds lost when The DAO was compromised is dwindling with news that a vulnerability in one of the more prominent solutions has been discovered.

As it turns out, a soft fork that would have sought to blacklist the ether address that holds the confiscated funds, preventing it from conducting any transactions, actually exposes a previously undetected attack vector.

In a post on the Ethereum Foundation blog, developer Felix Lange explains that the exploit would slow down mining and prevent the completion of legitimate transactions.

Lange wrote:

"Available options are being considered. The community can avoid any negative consequences of the soft fork by voting against it until a better solution has been found."

Launched earlier this year, The DAO was the first large-scale distributed autonomous organization (DAO) designed with a leaderless governance structure and with the intent to distribute ether donated by contributors to new ethereum projects.

After raising more than $150m worth of ether, a flaw in the software was exploited, letting a malicious member move a portion of the funds into another DAO under their control.

Due to the way The DAO was coded, it is widely believed that the siphoned funds won’t be accessible to the perpetrator until 14th July. But in Lange’s post today, he added that "there is no immediate urgency to block transactions while further proposals are being worked out".

The development comes as ethereum miners, or those validating transactions and competing to create blocks on the platform, have until this Thursday to vote for the soft fork patch, thus implementing the soft fork.

The fork in the road

While Lange proposed two temporary workarounds to the vulernabilty, lead distributed application developer at ethereum, Fabian Vogelsteller, was less optimistic on Twitter.

Vogelsteller wrote:

"With the soft fork being vulnerable there are two options left: a hardfork only affecting The DAOs, or doing nothing."

The hard fork option, which would essentially roll back the ethereum blockchain to erase the transactions, has been controversial to some members of the community who worry it might undermine future faith in the reliability of the network.

Doing nothing has also been controversial, as it would give the person who used The DAO’s code to move funds to a separate account the ability to profit at the expense of the 23,000 token-holding members of the organization.

Bent fork image via Shutterstock

Correction: This article has been updated to correct a misspelled surname. 


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.

Read more about