In 2016, the project attracted a lot of attention and held a highly successful ICO. However, soon the DAO was subjected to an attack, which resulted in the theft of a significant portion of funds received from investors. That was the reason for the project’s collapse.
The Project’s Start and Rise
The story begins in April 2016 with the founding of the startup by the Slock.it team in collaboration with Ethereum. The goal of the project was to create the first decentralized crowdfunding platform. According to the preliminary plan, for four weeks, anyone could send ETH coins to a unique wallet address, exchanging them for DAO tokens.
The development team planned to raise $20 million in investment, but the project raised over $107 million within two weeks. As a result, 12.7 million ETH had been raised by the end of the stated period. At the time, this amount was equivalent to $165 million. It was the most successful ICO and the largest crowdfunding project in history. At its peak, when ETH reached the $20 mark, the total investment in the DAO exceeded $250 million.
The Project’s Hack and Collapse
As the project soared in popularity, many experts declared the presence of severe vulnerabilities in the code—studying it was not a problem since the framework had an open-source code. However, Stephan Tual, co-founder and COO of Slock.it, who worked directly on the DAO investment project, stated that there were no bugs in the code and the system was highly secure.
Nevertheless, GitHub platform users and some investors buying DAO tokens started to sound the alarm, claiming that their wallets had been attacked. Tual himself began looking for a solution. He announced a series of software updates within a day, and the vulnerability was referred to as a “recursive call.” It was these bugs that caused the failure of the DAO project.
By 9 a.m. on June 17, 2016, the exchange rate of ETH dramatically “collapsed.” Just a couple of hours later, blockchain developers were able to identify the reason behind the drop in the token’s value: the servers of the DAO foundation were attacked. As a result, hackers stole $65 million worth of coins.
The blockchain community went into an absolute panic. Vitalik Buterin (as one of the founders of Ethereum) and the DAO founders were criticized by users. Many crypto experts and community members buried these projects. The culmination of the discussion was the appearance of a hacker who directly attacked the servers.
The hacker published a post on the Pastebin platform in which he openly admitted his crime and threatened to sue anyone who made attempts to deprive him of his loot. The thing is, that after a close examination of the DAO code, the hacker found bugs that allowed him to commit the hack “legally.”
The vulnerabilities in the code involved a feature that provided an additional ETH reward for multiple DAO splits with withdrawals to subsidiary wallets. Using this feature, he managed to get over 3.6 million ETH without breaking the law. This amounted to about $65 million at the time of the incident. The further fate of the hacker and his loot remains unknown. Some experts pointed out that the letter could be fake, as the cryptographic signature under the document is not related to any of the public keys involved in the attack.
The Recovery and Consequences
Vitalik Buterin proposed a hard fork in response to the events and the collapse of the DAO. The idea was that any DAO token (on “white” or “black” subsidiary or primary wallets) was frozen and sent to new contract addresses of specific holders, and only then they could be withdrawn. These assets were withdrawn to multi-signature addresses controlled by the DAO curators.
Despite criticism from some community members, the hard fork was successful and showed positive trends:
- Ethereum rose from 0.0174 to 0.0196 BTC;
- The DAO token rose from 0.000165 BTC to 0.0001869 BTC.
It took developers, miners, and node operators about three days to update the ecosystem and approximately nine days to write the code and release a new version of the client services. Such a high-speed response to the largest cryptocurrency theft in history demonstrates the professionalism of Ethereum creators and the community members, who managed to reach a consensus and unite to solve a problem.
For the first time, such a serious decision was made by means of blockchain voting, which became fully transparent, easily verifiable, and unchangeable. Today, the community is still in the midst of heated debates about how to make smart contracts more secure by eliminating the smallest vulnerabilities and preventing new attacks.
Some users have stayed on the former blockchain, now known as Ethereum Classic. The DAO project ceased to exist, but it started the ICO boom. Its idea was the basis for many other digital currencies, which are now quite successfully used for various purposes.