What Is DAO? DAO Hack Explained

/What Is DAO? DAO Hack Explained

What Is DAO? DAO Hack Explained 2018-06-19T08:32:25+00:00
What Is DAO? DAO Hack Explained

DAO (Decentralized Autonomous Organization): Full Analysis

Quick inner navigation:

  1. What is DAO?
  2. How does DAO work?
  3. Issues with Dao
  4. Security
  5. The DAO Hack

Digital currencies are slowly gaining ground into the traditional market system. There are a few platforms that have now been developed to enable those that are not tech savvy to get into the system.

DAO made a concerted effort to develop such a system, by creating a platform that was to decentralize the corporate world completely. Stakeholders would have complete control of the system, eliminating the need to have traditional levels of autocracy. DAO’s idea was met with enthusiasm and hope. Its crowd sale was one of the most successful in this industry raising about $150 million or about 12 million ETH.

This idea, however, did not go on so well as the system was hacked and 3.5 million ETH redirected to the hacker’s account leading to the Ethereum fork to recover the funds. The funds were recovered, but DAO system collapsed. Developers learned that it is still early to incorporate the none tech savvy population into the blockchain but will take a few years of development.

What is DAO?

DAO is a system that seeks to eliminate the hierarchical management of organizations. DAO was developed by Christoph Jentzsch and Simon Jentzsch. They released it on GitHub and launched it on 30 April 2016. By 21 May 2016, its ICO had raised over $150 million. It will enable companies to run much in the same manner as they do today, with all the rules but with no order of hierarchy to enforce those rules. These rules will be digitally enforced. Dao is basically a set of contracts on the Ethereum blockchain. It was designed in such a manner that it removes power from directors and places it directly on the owners, thus preventing redirecting and mismanagement of funds.

It can also be described as a hub that disperses funds to projects through a voting system. The proposal that gets the most support receives the funds for implementation. The system never holds investors funds.

The Dao was a decentralized autonomous organization. This means that it was under no central authority or state. It was completely in the hands of its owners. One became a stakeholder by buying DAO tokens. There were various security issues with the Dao. Being an open source code, the Dao blockchain faced possible attacks from hackers and programming errors. Anyone could access and edit the source code, exposing the system to attacks and errors. Dao coin was completely decentralized.

There was no clear guideline on how governments and legal institutions could approach or regulate the contracts made on the Dao platform. There was also the issue of lack of a corporate veil which meant that investors had no form of protection from the developers of the Dao Ethereum platform. It was also possible to create projects showing fraudulent projections of profitability, putting shareholders investments at risk.

The issue of converting Dao coins to fiat currency was also a subject of concern. People had invested in Ether, the Ethereum blockchain currency. Due to unclear guidelines and regulations, the price of ether was being suppressed especially after the Dao hack.

What problems is DAO trying to solve?

DAO is trying to enforce democracy in organizations. Participants will have a fair chance of voting to change, add and enforce rules in any organization. They will also vote to decide when to remove a member from an organization instead of leaving such a decision to a few individuals. DAO will eliminate the need to have people in the governing and decision making of companies like these will be decided on the platform by the participants.

Dao crypto or Decentralized Autonomous Organization is an organization that is run using rules encoded into computer programs. These programs are called smart contracts. It is also known as Decentralized Autonomous Corporation (DAC).

The idea behind this crypto is to eliminate the hierarchy nature of companies and forms and place the power vested on higher tier offices on the actual stakeholders. The system codifies decision making processes and rules in an organization doing away with the need to use offices and documents. A decentralized structure is created in place of a hierarchical one.

How does DAO work?

The platform allows participants to acquire DAO tokens, then vote on the most viable project to fund in the platform. The platform uses smart contracts in which rules and regulations are created and enforced digitally. The smart contracts are self-executing programs that dole funds and determine whether any particular project has received enough votes to get the required funds.

Dao smart contracts emulate and run on the Ethereum network in which contributors have an ultimate say instead of just a few individuals at the top. Everyone with a stake contributes to the decision-making process. The system relies on ‘wisdom of crowds.’ By holding Dao tokens, participants have an opportunity in deciding which projects to fund within the system.

The smart contracts were programmed in such a manner that they can only release funds towards a given project if and only if certain preprogrammed rules are adhered to. The developers assert that the platform was to guarantee democracy in organizations. Participants must agree on any changes to be made including instituting new rules or amending existing ones.

All decisions regarding the development of the platform and funding of proposals put forward by the members were made through voting. Once a contractor presented their project, a group of volunteers called curators would check the identity of the contractors to confirm their legality and then list their projects. Members then vote for these projects with the project receiving the highest level of support getting allocated the funds if it meets all the requirements and regulations of the platform.

Here is a simple step by step process on how the system works

  • Developers write smart contracts on the platform. These are rules that will govern the system.
  • Participants fund the system and receive tokens in an Initial Coin Offering (ICO).
  • Participants with DAO tokens can now begin making proposals for various projects.
  • Members vote to decide which project is viable for funding.
  • The system releases the funds for the project that members approve and which is within the system’s rules and regulations.

Issues with Dao

Dao had the most popular and biggest crowd sale in the history of cryptocurrency crowd sales. It raised over $150m from approximately 11,000 participants surpassing the creators’ expectations.

Dao developed serious issues just a few months after its launch in 2016. Dao smart contracts were its own weakness. It was impossible for a participant to change a contract once it was embedded on the Ethereum blockchain. This essentially meant that observers or the developers could not eliminate a bug if it were to be introduced into the system.

This weakness is what led to the Dao collapse. A hacker introduced a bug into the system and started draining funds from the system. Since the bug was technically following the set rules, the developers could do nothing about the hack.


  • Does not have a physical address or people in managerial positions.

Legal Liability

  • Lack of government regulation.
  • No corporate veil to protect investors.
  • Not clear what type of securities the DAO was selling.


  • Was hacked in 2016 and lost over $50 million worth of ether tokens.
  • Ethereum forked in Ethereum classic and Ethereum.
  • Complete transparency.
  • Autonomous governance.
  • Flexibility.
  • Curator control/failsafe.
  • Recursive call exploit.
  • Community review and external security audit.

The DAO Hack

Dao platform was hacked in July 2016 at block 1,920,000. Hackers exploited Dao’s vulnerability and transferred a third of the system’s funds to anonymous accounts.

Prior to the attack, Stephen Tual said on 12 June that they had found a “recursive call bug” but did not pose any threat to the system. Developers embarked on fixing this and other bugs to kick-start the Dao Ethereum system into operation. It is during the fixing process that an anonymous hacker simulated the developers’ approach and started draining DAO coins valued in ether from the system.

In a matter of just about six days, the hacker had managed to transfer more than 3.6 million worth of ether or about $60 million into a “child DAO” that had assumed a similar structure to the original platform. This led to the price of ether, Ethereum’s token to fall drastically from about $20 to $13.

Ethereum developers were forced to reverse the transaction history in the system to recover the funds, but this was against the agreed rules. This step brought about serious issues in the Dao community that led to an Ethereum hard fork. The original Ethereum network assumed the name Ethereum Classic while new crypto assumed the name Ethereum. Each network has its own cryptocurrency.

Dao developers created a very simple model to allow those creating decentralized organizations on the platform to have an easy time setting up their companies and managing their code. However, after its crowd sale, the system received a massive amount of ETH forcing the developers to improve the code.

How did the DAO hack happen?

The team began working on a proposed framework and improvement programs with the aim of strengthening and securing the system from hackers. Implementation of Dao Improvement Requests (DIR) could be initiated by anyone in the community as long as such a proposal had substantive community support.

As the developers were busy updating the code, loopholes began appearing in the system. On June 5, 2016, Christian Reitwiessner identified an antipattern in the solidity programing language that could allow attacks on smart contracts. A few days later, on June 12, Eththrowa discovered a similar antipattern in the Dao reward section. This antipattern was patched but the codebase deployed took time to get updated.

The Dao team worked relentlessly to seal the loopholes but had to endure the long voting process to approve the update. This process took about two weeks by which time the hackers had already siphoned 3.5 million ETH or $50 million to child Dao on the 17th of June. The team missed the antipattern in the splitter function.

The consequences the DAO hack

The team had to take drastic measures to recover the stolen funds. The initial plan suggested was to initiate a soft fork to prevent ETH from leaving the DAO ecosystem. This approach, though, despite being the popular strategy amongst this community was immediately called off as it led to a DoS vulnerability.

Ethereum developers reversed the transaction making the stolen ether valueless. This action brought about issues in the crypto community since any transaction on the blockchain should be irreversible. The fact that developers can reverse a transaction raises issues since white hat hackers can simply interfere with the system and steal people’s money and also defeats the idea of decentralization where no particular entity is in control of the blockchain.

The community opted for a hard fork to recover the funds that have been frozen in the child Dao due to the Dao’s failsafe feature that required funds to be held for 28 days before being transferred. The hacker, therefore, had to wait for that time to expire to transfer the stolen tokens. The developers now had to work round the clock to bit the expiry time. The hard fork was to transfer all the funds from the DAO system to a simple withdraw contract in which 1 ETH would be exchanged for 100 DAO tokens.

It was left to the community to decide whether to fork or remain with the original platform using a switch when initiating their client side. On July 20, the hard fork was implemented as the majority of the peers moved to the new version. This fork was at block 1,920,000.

A Robin Hood Group was also formed to work in parallel with the hard fork. This group worked to drain any remaining funds from the system to prevent further attacks. The plan was to return these funds to their owners later.

After the fork, the owners of the DAO tokens were now able to withdraw their ether as the signatories of the curator multisig began working on the edge cases. Ethereum community was now presented with two chains as Ethereum was split into two chains; the Ethereum classic and Ethereum. The old version (Ethereum classic) got more support and was listed in most exchanges as Ether Classic.

After the DAO attack, various exchanges such as Kraken and Poloniex de-listed DAO coin trading pairs.

Security has now been enhanced. For instance, there has been the rapid development of formal proof of verification features that could have prevented the attack in the first place.

Hard forking Ethereum to reverse the ether tokens was only carried out to suit the interests of influential players in the Ethereum community. Ideally, any transaction, whether it’s a crime or an unintentional glitch should not be reversible in any way. This debate is still going on in this community to try and understand why this reversal had to take place eroding the value of decentralization in the crypto industry.

In a Nutshell

Several lessons can be learned from the DAO scenario. One, it is clear that Ethereum blockchain is still not ready to incorporate full decentralized applications that ordinary people can use. More developments need to be put in place to increase the security level of the blockchain, and more education is needed to enlighten even those already familiar with the blockchain the importance of decentralization and complete autonomy.

Thank you for going through this review. We are glad that you’ve found it useful in your quest to understand the crypto industry. Please keep on checking our reviews for more informative articles.

Leave A CommentNo Comments on "What Is DAO? DAO Hack Explained"

We use cookies to give you the best experience on our website. Terms and Policies