Article on the DAO Ethereum Hack

This is good.

Posted on June 27, 2017 at 1:38 PM • 21 Comments


JudgeJune 27, 2017 2:21 PM

It's a good article, if you consider the whitewashing of a $150 million theft "good".

The program in question is called a "smart contract". The code is completely open for all participants to examine. Sending money to the contract is the equivalent of signing and agreeing to the terms of the contract.

This particular contract, TheDAO, just so happened to have a clause that essentially read "Anyone who executes this clause gets all the money held by this contract". Let's call it the "Exit Clause". Either no one noticed, or no one cared, but in any case, the Exit Clause was there.

Then people sent over $150 million worth of ether to this smart contract, thus agreeing to the terms, including the Exit Clause. One of these people who actually read the contract and understood what they were signing up for decided to execute the Exit Clause. Everyone else who sent money to the contract was shocked that someone would actually execute a clause that gives them all the money.

So what did these shocked participants do? They reneged on the contract in the most damaging way possible.

These contract participants colluded with a group called the "Ethereum Foundation" to release a version of the Ethereum software that essentially wiped TheDAO from the history of Ethereum's blockchain, taking the money that the Exit Clause executor earned from their participation in TheDAO with it. (This is after Ethereum marketed their blockchain as "immutable smart contracts with no possibility for third party interference" - can you say false advertising??)

The resulting fallout from this rewrite of the blockchain's history included a severe drop in the price of ether and a permanent chain split that has created two versions of Ethereum: Ethereum Classic (the original chain that did not rewrite history) and Ethereum (the "hard fork" that rewrote history and stole $150 million from TheDAO Exit Clause executor).

Do not trust your money with the Ethereum blockchain, or one day it may be your money that they decide to delete off their ledger.

ChrisJune 27, 2017 2:37 PM

The majority of a crypto forking to a new chain is not "theft" by any stretch of imagination. The original chain still exists, after all.

What's the alternative? Tell people they have to use whichever chain you personally approve of?

Jesse ThompsonJune 27, 2017 5:30 PM

Yeah, I'm with Chris. The person who "executed this exit clause" never took any step that involved enriching society with $150 million of value, so the word "earned" is absolutely inappropriate here.

Alternately, most countries have contract law that requires a meeting of minds in order for a contract to be considered valid.

People "agreeing" to a contract that allows somebody else to take all of their money while giving no value of any kind back in return based upon the original creditors not understanding some arcane implication is basically the textbook definition of what a scam is.

Potential greed or haste of the original creditors notwithstanding, it's really indistinguishable from selling some naive person "The Brooklyn Bridge" for a measly $100, without revealing that you're really selling them a sock with a hole in it that you just happen to have named "The Brooklyn Bridge".

These contract participants colluded with a group called the "Ethereum Foundation" to release a version of the Ethereum software that essentially wiped TheDAO from the history of Ethereum's blockchain

So the people who did not like the result of the contract worked with the people who originally made the open source notary software to make a new version that would fork a new chain that would correct what they perceived to be a mistake.

Effectively this action is on par to saying "so you tricked me out of all my dollars? Fine then, I won't trade in Dollars anymore I'm going to use Rubles".

And the dollars still exist but then suddenly so many people switch to trading rubles that they are no longer worth what they used to be worth.

I don't understand how no longer finding value in an asset that somebody appropriated from you without your consent — and having a large enough share of the rest of society share your lack of a sense of value — can be considered "stealing".

This is after Ethereum marketed their blockchain as "immutable smart contracts with no possibility for third party interference" - can you say false advertising??

Well, no third party interfered. The ETC that used to be worth $150MUSD is still held by that one person, and the collected effort of much of the remainder of the world that cared to begin with wasn't powerful enough to change that (and they knew as much and so never tried, to boot). So I'm sorry to report that your claim of false advertising is in turn false.

Do not trust your money with the Ethereum blockchain, or one day it may be your money that they decide to delete off their ledger.

Oh, off of their ledger?

Again, I'm sorry, but that is simply an unavoidable consequence of doing business with a cloud of people who are not all yourself (or your sub-sovereign subjects): you have to share a ledger with "them", and if everybody else combines to disagree with your assessment of something then you have no leg to stand on to force them to do everything your way instead.

I see absolutely no reason to avoid such a system, since anything farther in my favor than that would by definition be a dictatorship and I'm too lazy to helm one of those. :P

Psuedonymous_handleNo42June 27, 2017 6:10 PM

@Jesse Thompson:

Alternately, most countries have contract law that requires a meeting of minds in order for a contract to be considered valid.

Yeah, here is a thing. Under which countrys laws where this DAO contract written and subjected to? None were specified.

And I ask you this, is there a 'meeting of minds' when you buy a soda from a vending machine? when you stick a coin in a parking meter? when you use an EFT trading terminal to buy and sell stocks and securities?

That DAO contract is pretty much like any other vending machine that ate your coin and did not vend you an soda.

This is after Ethereum marketed their blockchain as "immutable smart contracts with no possibility for third party interference" - can you say false advertising??
Well, no third party interfered.

On the contrary that third party the Ethereum foundation, originators of the whole Ethereum specification. They basically sacrificed their credibility to save some persons that found, what Judge called exit clause, 'unfair' from their own folly.

This hard fork of theirs only gives support to the thought that they are pretty much an unprofessional 'fly by night' enterprise.

If I could, I would short ETHF.

DanielJune 27, 2017 7:03 PM

Since the legal angle has come to the fore I'll toss out the fact American Civil Law has a well-known concept called "unjust enrichment."

Further, a pre-existing contract does not automatically preclude a claim for unjust enrichment because unjust enrichment sounds in equity, not contracts.

The interesting question in this case is exactly /who/ was unjustly enriched? The people who did the hard fork or the people who did the "hack"? Based only on the limited facts in the article I would speculate that the group who did the hard fork have the stronger legal claim.

AndrewJune 27, 2017 8:33 PM

American Civil Law doesn't really come into it. No sovereign law can cover the use of global currencies and/or virtual contracts such as this.

The issue here is that the contract is _automatically_ applied. The contract was flawed, and right or wrong, many people signed up to this flawed contract and lost money as a result. You can't apply any manual judgement to an automatic process.

The DAO should have been left to fail. The lessons learned from this should be used to improve virtual contracts. Forking the currency sends the message that it is okay not to have well written virtual contracts or suitable scrutiny of these contracts.

Nick PJune 27, 2017 9:31 PM

@ Andrew

It can if money was lost in U.S. jurisdiction. Plus, are you seriously saying U.S. government can't go after international criminals after all the success of FinCEN up to and including getting the Swiss to block U.S. accounts? And everyone they've had extradited or extraordinarily renditioned? The only thing saving the thief is that neither the stash nor the theives matter to the major governments.

RyanJune 27, 2017 10:15 PM

The DAO was not designed to have an easy "update" function. In particular, at this moment, there seems to be no way to take The DAO from its current state, and reinstate it into a newer contract code, keeping its internal state intact. The "extraBalance" account, in particular, is not transferable through "newContract" upgrades. This means that the extraBalance amount, a few million dollars worth, is a writeoff.

AndrewJune 27, 2017 11:02 PM

@Nick P, sure. But welcome to the new digital world, where national jurisdictional boundaries are vague and difficult to prove. In any case, while this might seem like criminal conduct, it could be argued that they simply executed a clause of the contract that they were entitled to. I'm sure we will see more cases where the "criminality" of a particular activity is less clear-cut and we will need to rely on the wording (coding) of the contract.

I'm loving the hypocrisy here. Let's operate a digital currency which permits money laundering and other criminal activity to go underground. Wait, why isn't the FBI helping us when we screwed up and got ripped off?

The advantages of the digital economy come with disadvantages.

RachelJune 28, 2017 1:52 AM

Judge you made some valid points

I won't write beyond this on the legal components suffice to say its a complex and fascinating matter legally, as @Judge indicated the matter of the contract is primary. For those wishing to examine legally what really went down both in this instance, and to inform future endeavours into digital currencies it is essential to study the 10 Maxims of Commercial Law which underpin all commerical transactions for millenia. I'm sure this is relevant to the several thousand digital currency investors reading this.

one will find it widely available but here's a couple

note No 8. He whom leaves the field of battle first loses by default

We can observe which party or parties left the field of battle first!

4. Truth is expressed by means of an Affidavit.

An intriguing point is whether the the blockchain could legally be considered an Affidavit. The hard fork was the tendering of an Affidavit, subsequently unrebutted

sitaramJune 28, 2017 1:53 AM

Speaking purely as a "get off my lawn" kind of person, I was very happy to see the youthful arrogance of "the code is the contract" brought down by a bug in said code, eventually needing to be rescued by basically admitting that the code is NOT, in fact, the contract!

ThothJune 28, 2017 4:44 AM

The DAO is not designed with security in mind nor even a semi-formal modelling. It should not be viewed as secure.

e1228June 28, 2017 8:32 AM


If you have a contract (and the code is the contract, as far as Ether goes), and people are allowed to read it and understand it, and people do agree with it, well, everything is good.

Considering that this isn't some kind of consumer relationship (one big co. that has a monopoly or a significant share of the market), so no one is obliged to sign it to receive something just because there is no other way of getting the product...

And considering that it isn't exactly the average Joe that knows how to contract with Ether, so that it can't be argued that "a normal person would be fooled by such clause"...

I think your point is perfect. People want freedom to come and go, people want freedom to use whatever substance they like, to drink and eat whatever they wish... and then, when they sign a contract that says "One can say 'exit!' and then get all the money you've put in the bowl", they begin to complain that the contract was unfair, that's a felony, and so on.

Grow up, people.

ab praeceptisJune 28, 2017 2:11 PM


Side note: Some months ago I was approached by a group who had developped a blockchain currency, that was supported and already in limited use by a rather big japanese bank. They wanted me to took at their stuff and to examine its safety and security and to make suggestions on how to repair any eventual weaknesses.

Result: After a relatively brief look I declined and told them that their whole design (and implementation) is so f*cked up that a detailed examination, let alone "minor repairs" didn't make any sense.

From what I've seen since then they're doing well and are on their way to become a regional standard.

Thanks, no more questions.

DMJune 28, 2017 3:59 PM

A paragraph in the article that immediate jumped out at me was where he mentions using a lower case "t" instead of "T" in Line 666. That would have prevented the hack.

If your computer language is so picky about simple character case causing massive semantic shifts in the logic, then I'd argue for going back to the 1980's with all UPPER CASE (or case indifferent) languages. Lisp anyone? Sheesh!

TJJune 28, 2017 6:55 PM

Even in Bitcoin and Zcash stuff like this happens with service providers all the time; those are the two best designed and developed systems. There is no PCI with crypto currency service providers..

Once you go in to these fly by night pre-mined alt-coin projects it's just a free for all, though..

Bloomberg was nice and helped them market their alt-coin by describing it as a revolution even though these are started up every six-months mostly by questionable investors and bottom-dollar-developers..

People will forget this happened in a matter of weeks.. It's not the first big "heist" like this in the crypto currency community..

A Nonny BunnyJune 30, 2017 2:42 PM


The DAO should have been left to fail.

I dunno, there's something to be said for being part of a (public-ledger-keeping) community that, in extreme cases, is willing to make an exception and set a mistake right.

Though it might be better if the blockchain had a mechanism for that built in. Like a majority-vote undo-transaction option. That would also be a way to address criminal activity - e.g. if you're a victim of ransomware and pay via crypto-currency to get the password, but then can go to the police/comunity and have the transaction (eventually) reverted, then criminals would have trouble profiting from it. (Though they have trouble doing anything with the funds now, because it's all public and law enforcement is just watching for it to emerge in the "real world" and pin it to a real person)

Anyway, (crypto)money is nothing more than a shared delusion. And most people prefer to share in the ETH delusion than the ETC one, which is why it's worth over ten times as much. And once the bubble bursts we can all have a good laugh about it.

sooth_sayerJune 30, 2017 10:07 PM

Judge is right.
When the story broke last years, hard fork was considered the end of trust.
It's really not a "fork" .. it's just another word to say .. forget about the original story .. let's start the game again because we didn't know what we were doing.

I have nothing against a 23 year old writing code -- but having the audacity to say that the core rationale for the EXISTENCE of the code can be violated shows the level of immaturity of the team.

But the currency still lives, it just means there are too many people with too much money that don't know how else to play with it .. they could have bought the tickets to that concert in Bahamans .. or buy Ether .. your pick!

NinjaGirlJuly 3, 2017 10:43 PM

Wasn't Ethereum working with Microsoft to make a blockchain app development framework?

I have some logic problems in my mind about blockchain, like the fact the security is also dependent on other mechanisms and non-industry standardization underlies much of its defense. If companies took methods from the same playbook, it would only provide a focal point for hackers. The concept looks at least DoS'able and client weak. It is like saying message integrity is cipher strength. A finalized transaction is one thing, such as a voting system; a persistent digital currency is another.

Bitcoin requires a criminal amount of resource for mining and persistence. The inventor hated that banks were investing client money, so he turned around and developed a system to do the same thing. There is nothing elegant about blockchain.

@Cool Question

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.