By Virginia Valenzuela, Arts Editor
We all know the storyline of the stereotypical heist. A plan is hatched, a team is assembled, cool or comically bad costumes are put on, and one way or another, the robbers break in, grab the money, and run. Some culprits are caught, and others go on to try other schemes, hungry for the rush that only Vin Diesel and angsty teens using the five-finger discount know the taste of.
But in the age of blockchain, where there are no physical safes to crack, no galleries or galas to descend into via rope, heists become loftier, the robbers smarter, and their traces even harder to track. Add to this the fact that the blockchain is global, and therefore outside of any one government’s jurisdiction, that there is no court to enforce a lawsuit and no customer service rep to call when your digital vault is found empty, and you’ve got the best damn version of Ocean’s 11 ever written.
Like so many stories with a heist at the center of the plot, the history of the famous DAO project, the DAO, features greed, ambition, success, and a deadly blindspot that leads to an inevitable end. But did the founders of the DAO learn their lesson?
What is a DAO?
A decentralized autonomous organization, or DAO, is defined by Omid Malekan in his book The Story of the Blockchain as “a programmed entity that exists in the jurisdiction of a blockchain, issues tokens to stakeholders, and fulfills functions governed by smart contracts.” They are like corporations in that they represent a group of people and their interests, but they differ in three key ways.
1. Corporations are organized under bylaws that outline the group’s rules and regulations. These rules are carried out by officers and employees, and are meant to smooth out the day-to-day needs of the organization. Notably, these bylaws constitute a legal document and are thus enforceable by law. DAOs, on the other hand, are structured by smart contracts that carry out tasks in real time. Their rules are programmed into the contract’s code and, in turn, are not susceptible to human error or misconduct.
2. Instead of distributing shares that dictate ownership and voting rights to investors, DAOs distribute tokens.
3. DAOs exist on a blockchain, and thus are governed by the laws of code, rather than the laws of the land, unlike a corporation that has to follow the rules of the country it is registered in.
Another big difference is the leadership structure that governs each entity. The standard structure for a corporation is as follows: shareholders, board of directors, officers, employees. Shareholders rarely get involved in any meaningful way except to elect board members. Board members protect shareholders and make decisions on their behalf, and ensure that the officers are doing their jobs. Conversely, a DAO is designed to be run directly by its investors.
What is the DAO?
The DAO was a venture capital fund, founded in April of 2016, that ran as a DApp, or decentralized application, on the Ethereum blockchain network. Anyone could join by sending any amount of ether to the DAO’s smart contract. Then, they would receive tokens representing their amount of equity in return. Not only would these tokens allow investors to vote, but they could also be traded on the secondary market like a stock.
The way it was structured, new blockchain-based ventures could apply for funding, and token holders could vote on whether or not to fund those ventures. Once the vote passed, money would automatically be dispersed to the project from the community treasury. Once they made money, profits would automatically be sent back to the token holders. Each of these transactions would be executed via smart contracts, leading to an efficient exchange each and every time. New investors flocked to it, relishing this new technology that would allow them to see their money moving and growing in real time.
Within weeks, the DAO raised more than $150 million. This insane amount of money not only brought attention to the possibilities of crowdfunding on the blockchain, but it also increased the dollar value of ether by 50%, growing the worth of the funds in tandem. Once the DAO’s tokens were added to cryptocoin exchanges, they also began surging in value, making this one of the most successful and exciting moments of the blockchain era up until that point.
What went wrong?
In June of 2016, only two months into business, funds began disappearing from the DAO’s treasury. Investors watched as their ether slipped through their fingers in real time. Someone had found a flaw in the code, and had begun transferring millions of dollars of ether to their own blockchain address. The DAO tokens’ value plummeted. Ether lost one-third of its dollar value.
Using the same strategy, a group of Ethereum developers transferred the remaining ether into a secure wallet. Then, they had to figure out what to do next.
It is very difficult to rewrite history on a blockchain. In fact, one of the major features of blockchain technology is its decentralized ledger, which is stored on numerous machines around the world. To undo the heist of the DAO, every active validator would have to go back and alter their ledger. The Ethereum developers had a huge decision to make regarding this theft. Do they step in and change history, or let history run its course?
Ethereum’s core development team, led by founder Vitalik Buterin, were afraid that having such a large amount of ether in the hands of bad actors would be detrimental to the young Ethereum blockchain. So they implemented a hard fork, whereby the consensus rules of the blockchain would be amended in order to reclaim the stolen ether and put it back into the accounts of those who invested in the DAO.
In July of 2016, at block number 1,920,000, Ethereum’s hashing power, or the computing power used to validate blocks, forced a hard fork to rescue the DAO. The problem was, it wasn’t unanimous. A small number of validators withheld their hashing power because they did not believe in bailing out individual users who had failed to see the problems in their code. They believed that the design of the DAO was to blame, and that the blockchain should remain immutable. This resulted in two parallel blockchains: Ethereum (ETH), which is the one more widely used today and where the DAO disaster was undone, and Ethereum Classic (ETC), the one where there was no change to the original code, and where the stolen funds were never recovered, the heist left to run its course.
While the thief – or thieves – may have lost their Ethereum, they still got to keep their bounty on Ethereum Classic. The coins are worth less than they would be if they were still part of Ethereum, but a successful heist is still a successful heist. In this case, they got away with over $100 million worth of crypto, and have yet to be discovered.
What is the take away?
When it comes to smart contracts, the law is only as tight as the code that governs it. Security experts had warned the founding investors of the DAO that the smart contracts they were using were vulnerable to potential attacks. According to Omid Malekan:
“The bug that was exploited by the hacker was, appropriately enough, found on line 666 of the smart contract code of The DAO. It was later determined that if a capital T in a command on that line had been lowercase, the theft would not have been possible.”From “The Story of the Blockchain” by Omid Malekan
Additionally, Vitalik Buterin has since stated that he regretted the emergency hard fork that resulted in a split in the chain.
But the moral of the story is: Hackers are getting smarter every day, finding ways to get into the wallets of even the most careful crypto enthusiasts. So if you are looking into a big venture on the blockchain, make sure you check your work, then check it again. Remember that in times of crisis, you might want to have the flexibility, and the consensus needed to affect change. With great gains come the threat of even greater losses.