DAO Hack

From P2P Foundation
Jump to navigation Jump to search


Blockchain Technology and Polycentric Governance:

"The DAO was a decentralized autonomous organization governed through open-source smart contracts running on Ethereum designed to operate as a venture capital fund without a typical management structure or board of directors. Instead, decisions were to be made by its investors through a voting process. The DAO did not directly possess investor funds. Instead, investors held DAO tokens, granting them voting rights on prospective projects. Investors also had the option to withdraw their funds before casting their first vote. The DAO was launched in April 2016 and quickly became a massive crowdfunding success, raising over $150 million worth of Ether, around 14% of all Ether in circulation at the time, from thousands of investors (DuPont 2017).

In June 2016, an unknown attacker exploited a vulnerability in The DAO’s smart contract code. This vulnerability was related to the way Ethereum smart contracts handled recursive calls. The attacker was able to repeatedly withdraw Ether from The DAO into a “Child DAO” that they controlled. They did this by requesting to withdraw Ether before the transaction was completed, making the contract repeat the withdrawal multiple times. Approximately 3.6 million Ether, which was valued at around $50 million at the time, were drained by the hacker.

When the Ethereum community learned of the attack through an urgent Reddit post (thehighfiveghost 2016), they quickly gathered in a private Slack channel to devise response strategies. In the meantime, on June 18, a communication was shared, purportedly from the attacker, which stated: “I am disappointed by those who are characterizing the use of this intentional feature as ‘theft’. I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law” (The Attacker 2016). The message argued that the diverted funds should be considered a ‘reward’ for highlighting the system’s flaw, thus adhering to the ‘code is law’ principle. ‘Code is law’ is a phrase coined by Laurence Lessig (1999) to reference a type of regulation in which private entities can instill their own values into technological creations, thereby influencing and limiting our behaviors. In the blockchain ecosystem, it is used to describe that the code underpinning blockchain protocols and smart contract should be the definitive set of rules governing transactions or interactions (De Filippi & Hassan 2016). This ethos promotes blockchain’s technical features and values of immutability and autonomy: once deployed, the code (and thus the rules) cannot be easily altered, emphasizing these digital systems’ permanence and self-enforcing nature.

As reported by a variety of sources (Buterin 2016, Higgings 2016, Mehar et al. 2017), the Ethereum community embarked on one of its most crucial debates to decide how to resolve the crisis in a way that would minimize the damages to the investors and maintain the integrity of the Ethereum network. The first action was to convince major cryptocurrency exchanges to stop trading The DAO’s specific tokens. Following that, the community explored a variety of options. One of the initial proposals was to implement a soft fork, or a backward-compatible upgrade to the blockchain, which would blacklist the transactions involving the stolen Ether, effectively freezing the funds in the attacker’s account. This option would have prevented the attacker from withdrawing the stolen Ether but would not have recovered the funds. The more drastic option was a hard fork, a backward-incompatible upgrade to the blockchain. The proposed hard fork aimed to reverse the transactions that led to the theft, returning the stolen Ether to the original The DAO investors. This option was controversial because it went against the immutability principle that some consider central to blockchain technology. However, it was seen as a way to fully reverse the damage the attacker caused. Another option was to do nothing and accept the hack as a lesson in the risks and importance of security in smart contract development. This approach would uphold the principle of immutability but at the cost of significant financial loss for The DAO investors and potential damage to the credibility of the Ethereum platform. Some members of the community suggested taking legal action against the attacker. However, the anonymous nature of blockchain transactions and the decentralized structure of The DAO made it challenging to identify the attacker and enforce said legal action. Finally, a group of white hat hackers began using the same vulnerability to drain the remaining Ether from The DAO into a separate secure account to protect it from the attacker. This approach was a form of self-help, leading to the white hats to secure the remaining 8 million Ether. However, there was a catch: neither the attacker nor the white hats could access the funds in the “Child DAO” until 27 days had elapsed since the split. The DAO’s smart contract included a security mechanism that ‘locked’ the funds in the new DAO for about 27 days.

In July 2016, the Ethereum community voted to decide on the course of action to respond to The DAO hack. The community used a voting mechanism called carbonvote to gauge the opinion on whether to proceed with a hard fork to reverse the transactions resulting from the hack. Carbonvote was a simple, web-based platform that allowed Ethereum users to signal their preference by sending a 0 ETH transaction (a “vote”) from an Ether account. Ethereum holders sent these 0 ETH transactions to specific Ethereum addresses that represented yes or no to the hard fork. Approximately 85% of the participating Ethereum addresses voted for the hard fork. The vote led to the emergence of a separate blockchain called Ethereum Classic (ETC), which rejected the decision to reverse the attacker’s transactions and thus maintained the original Ethereum blockchain until the hack.

The split of the Ethereum community reflected a clash of visions between immutability on the one side and pragmatism on the other side. The Ethereum Classic community saw the handling of the “state of exception” as an introduction to “risks of centralization” (Ethereum Classic 2016). To date, its website invokes the mantra of “code is law” and “decentralism.” Another important aspect of The DAO hack is that it attracted the attention of “outsiders,” such as the United States’ Security and Exchange Commission (SEC). Its Enforcement Division inquired whether associated entities and individuals had “violated federal securities laws with unregistered offers and sales of DAO Tokens in exchange for ‘Ether,’ a virtual currency” (US SEC 2017).

In our previous academic work (De Filippi et al. forthcoming), we explored how the resolution of The DAO hack diverged from traditional “states of exception” encountered in other systems. Unlike the inhabitants of nation-states, individuals who disagreed with the majority’s decision in the blockchain context had the tangible option to continue on the original Ethereum blockchain or migrate to an alternative blockchain network. This capacity to operationalize dissent by choosing a different path highlights a unique aspect of blockchain systems. Consequently, even though the foundational principles of non-monocentricity might have been momentarily put to the test, the community within the blockchain system leveraged available tools to navigate and potentially overcome these challenges. "