Contents
DAO Hack Explained: How a Vulnerability Split Ethereum
The DAO hack showed how one vulnerability siphoned 3.6 M ETH and reshaped Ethereum, sparking tighter audits and hard-fork safeguards. Read the history now.

Summary
The DAO was a decentralized autonomous organization (DAO) that was launched in 2016 on the Ethereum blockchain. After raising $150 million USD worth of ether (ETH) through a token sale, The DAO was hacked due to vulnerabilities in its code base. The Ethereum blockchain was eventually hard forked to restore the stolen funds, but not all parties agreed with this decision, which resulted in the network splitting into two distinct blockchains: Ethereum and Ethereum Classic.
Origins of The DAO
Launched in 2016,  was an early  intended to act as an investor-directed venture capital firm. Lauded as a revolutionary project, The DAO raised $150 million USD worth of  and was one of the earliest crowdfunding efforts and high-profile projects built on the  — which at the time was only one year old. Less than three months after its launch, The DAO was hacked and $60 million of ether was stolen. The Ethereum blockchain, on which The DAO was built, was later controversially  to restore the stolen funds, which were returned to investors.
Unlock the future of money on Gemini
Start your crypto journey in minutes on the trusted crypto-native finance platform
What Is a DAO?
A decentralized autonomous organization is a blockchain-based cooperative that is collectively owned by its members, with rules set and executed through code. DAOs replace centralized management structures with a techno-democratic approach wherein decisions are voted upon by investor-stakeholders. DAOs are built on top of blockchains (often Ethereum) and their transactions are visible on the underlying blockchain protocol. While The DAO was an early iteration of DAO governance, decentralized autonomous models remain highly influential in blockchain-related use, particularly amongst platforms.
After Ethereum protocol engineer Christoph Jentzsch released open source code for a collectivized, ETH-based investment organization, The DAO launched on April 30, 2016, with a token sale that distributed DAO tokens in exchange for ETH. These DAO tokens were designed to facilitate voting on the allocation of The DAO’s collectivized funds to entities, businesses, and technologies seeking investment. After approving funding proposals, stakeholders were meant to be in position to profit from their investments by reaping dividends or benefiting from a token price increased by representation in ownership of successful companies.
The DAO Hack
The token sale was set to last 28 days, during which the tokens were “locked up,” and after which the DAO would begin to operate. By the third week of its 2016 token sale, The DAO had raised over $150 million worth of ETH from more than 11,000 participants, marking one of the largest crowdfunding campaigns in history and significantly shaping early development and price dynamics. However, even before the token sale had concluded, several onlookers expressed concerns about vulnerabilities in The DAO’s code. More specifically, computer scientists were concerned that a bug in The DAO’s wallet would allow them to be drained. While programmers attempted to fix the bug, an attacker exploited the vulnerability and began siphoning funds from The DAO.
In the meantime, the Ethereum community debated how to respond to the attack. The DAO’s failure would not only mean financial loss for investors, but it also bore dire repercussions for the nascent Ethereum network. The DAO had become such a heavily invested project that its contracts contained approximately 14% of all ether (ETH) in circulation at the time. At only one year old, the promising Ethereum technology and community was faced with a genuine existential threat.
The Response to The DAO Hack
Initially, Ethereum founder proposed a of the Ethereum network, adding a snippet of code that would effectively blacklist the attacker and prevent them from moving the stolen funds. However, shortly thereafter, the attacker — or someone posing as the attacker; it has not been verified — published an open letter to the Ethereum community claiming that the funds had been obtained in a “legal” way in accordance with the rules set out in the smart contract. The attacker also said they would take legal action against anyone who attempted to seize the ether.
Shortly after, tensions were heightened yet again when the alleged attacker (or someone posing as them) claimed through an intermediary on The DAO Slack channel that they would attempt to thwart any soft fork by bribing Ethereum not to comply. The bribe comprised a collective reward of one million ether and 100 bitcoin, and it split the Ethereum network in two. The situation not only presented technical challenges, but questioned the moral and philosophical underpinnings of the technology — and the resilience of the Ethereum project’s leadership.
Before the Ethereum community could proceed with the soft fork, a bug was discovered in the update’s code, making it vulnerable to attack. A second solution — a — was proposed and eventually executed after much debate. The hard fork effectively rolled back the Ethereum network’s history to before The DAO attack and reallocated The DAO’s ether to a different smart contract so that investors could withdraw their funds. This was extremely controversial — after all, blockchains are supposed to be and censorship-resistant.
It was initially unclear as to whether the fork would be executed. Though it was proposed by Ethereum developers, they did not have the unilateral power to implement the change. Miners, exchanges, and operators also had to agree to update their software. After more heated debate in public forums, on July 20, 2016, at block 192,000, the Ethereum hard fork was implemented.
The DAO Hack Remedy Forks Ethereum
While the vast majority of stakeholders adopted the change and the fork was implemented, not everyone was on board. As a result, the hard fork resulted in two competing — and now separate — Ethereum blockchains. Those who refused to accept the hard fork that rolled back the blockchain’s history supported the pre-forked version — now known as . The blockchain presently known as Ethereum is the blockchain that implemented the hard fork and altered the blockchain’s history — and the history of blockchain as a whole.
Though the funds stolen from The DAO were restored to its investors, the attacker did not lose out entirely. The pilfered tokens still remained in their possession on the Ethereum Classic chain and were worth around $8.5 million in ETC in the months following the attack.
The DAO hack and subsequent Ethereum hard fork shook the Ethereum community to its core and highlighted major questions about the emerging technology. In retrospect, it’s clear that the decisions made by Vitalik Buterin, Etheruem developers, and the global community ensured the survival of the blockchain in its earliest days. Since The DAO hack, Ethereum has gone on to become an essential pillar of blockchain, cryptocurrency, and decentralized finance.

Author
Is this article helpful?