Tremors echoed through the crypto markets early Friday morning as Reddit posts started indicating suspicious activity, soon confirmed to be an ‘attack’ on the DAO. The attack drained a total of approximately 3.6m ETHER from the DAO amounting to almost $60m (!).
The community was quickly divided about how this event should be classified. One school of thought was that this was ‘theft’. After all, the hacker drained almost $60m worth of ETH from the DAO that was not intended for him. The other school of thought, stood in admiration for the hacker’s ability to find a loophole in the smart-contract code and act on it. Many claimed, that by the code of the smart-contract the hacker had done nothing outside of what the smart-contract code had allowed him to do.
Legally, we are not sure…. mixed views all over the place. Given ‘smart-contracts’ are still so new and barely regulated, we are in totally new territory here. However, this event will surely play a role in carving out how laws are built around smart-contracts going forward.
The realisation it was happening looked something like this:
A Reddit user going by the name ‘ledgerwatch’ said,
“It actually looks very odd, almost like an attack. It drains the DAO in chunks of 258 Ether each time”.
However, another user ‘Morlaix’ replied,
“It is according to slack. Someone is stealing like $1.000.000 worth of ether a minute”.
The first reactions followed quickly. Griff Green (from Slock.it), quickly inserted some emergency instructions on the Slack chat of the DAO that looked like this:
“1. If anyone knows who has the split proposals Congo Split, Beer Split and FUN-SPLT-42, please contact @griff on The DAO’s Slack. We need their help!
2. If you have made a split proposal already and have the ability to split, please do so asap.
3. If your tokens are blocked vote yes on split proposals.
4. If your tokens are free, you have to make your best judgement call.
5. If you want to help spam the Network so Christoph Lefteris Vitalik Gustauv and all the other geniuses can mount the counter attack…”
Stephan Tual (founder of Slock.it), one of the coders of the smart-contracts and founder of the first company to apply to the DAO tweeted repeatedly calling for a fork the blockchain:
Stephan Tual also encouraged a spam of the network:
Friday 17/6–10:31 UK Time
“We’re seeing a strong mobilization of the entire community: experts in the field, the Ethereum Foundation, exchanges and miners are coming together to assess the situation and mitigate the attack.
If you’d like to help, please continue to spam the Ethereum network as per the instructions below.”
Vitalik was quick to react and post a suggested fix:
Gavin Wood (a previous curator of the DAO), was on the ball and quick to code and propose an actual real-life solution (extremely impressive):
“A soft-fork is a minor, temporary alteration to the protocol all remnants of which can eventually be removed from the protocol with no recourse for syncing the blocks that were introduced during the period that it was in effect. Basically, it requires only the acquiescence of implementors and miners and need have no long-term repercussions, neither in terms of the code-bases nor in terms of the protocol spec.
Parity already has such a soft-fork waiting which would lock the stolen funds, preventing them from being removed, exchanged or sold.
If Christoph et al can find a way of remedying the situation through their own “attack” (DAO wars), then all is well, but what about if that is impossible or impractical? Since the DAO has no internal governance mechanism to reverse the alterations that have already happened, any kind of intervention to recover the stolen funds would take the form of a hard-fork: an alteration of the core Ethereum protocol.”
To read more on this proposed solution: https://blog.ethcore.io/our-dao-response-2/
Ethereum also announced a request to exchanges to pause trading on ETH and DAO tokens until further notice. This was not completely necessary given Reddit, most of the exchanges and coinmarketcap.com were down anyway due to the huge volume of people that were all trying to access the site at once (!)
Meanwhile, the ETHDAO price was doing this (in US dollar terms ETH dropped from a high of $21 to below $10 in a couple of days):
The spread of DAO to ETH widened out to as much as 60% as the possibility of all funds being drained and no payback to DAO-token holders appeared less and less likely.
Many in the crypto community were outraged by the suggestions of a soft fork and saw it as bailing out the incompetence of the DAO. Intervening with a suggestion to fork could potentially disrupt the Ethereum project’s credibility many said. The hacker was even glorified by many as someone who should be rewarded for finding the bug in the first place.
“One investor in the DAO, Menno Pietersen, said he opposed the rescue and called the incident a “horrible mess.” The DAO’s creators “messed up” and didn’t take the time to build their product correctly, he said. He acknowledged that he himself didn’t vet the investment carefully enough, but said that as a backer of Ethereum, he was against any fix that would invalidate the goal of creating a decentralized platform. If trades can simply be erased, he asked, “what will they do next?””
“It was a risky investment,” he said. “You shouldn’t complain if you got burned.”
Hang on, actually the hacker himself even had a view…and we know this, because he published an open letter which looked something like this:
“To the DAO and the Ethereum community,
I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of “child DAOs”.
I am disappointed by those who are characterizing the use of this intentional feature as “theft”. I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:
“The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation.”
A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. Such fork would permanently and irrevocably ruin all confidence in not only Ethereum but also the in the field of smart contracts and blockchain technology. Many large Ethereum holders will dump their ether, and developers, researchers, and companies will leave Ethereum. Make no mistake: any fork, soft or hard, will further damage Ethereum and destroy its reputation and appeal.
I reserve all rights to take any and all legal action against any accomplices of illegitimate theft, freezing, or seizure of my legitimate ether, and am actively working with my law firm. Those accomplices will be receiving Cease and Desist notices in the mail shortly.
I hope this event becomes an valuable learning experience for the Ethereum community and wish you all the best of luck.
This letter prompted the second leg of the sell-off resulting in dozens of millions of dollars lost in market capitalisation of ETH and DAO tokens. And then… it turns out this might not actually be the hacker’s address. Or maybe it was… but we are still not 100% sure.
Did someone stand to gain by creating panic? So many unanswered questions.
Bottom line, what do we do now? A soft fork has been proposed. And as time passes, we will soon find out which miners will and won’t go along with the proposed fork. It is messy times for the space… Ethereum will undoubtedly come out of this a lot stronger.