The DAO Hack

The DAO Hack

YOGYAKARTA – Last month, a decentralized venture capital fund called The DAO, or Decentralized Autonomous Organization, closed a $160 million funding round. Investors from around the world sent either to a specific address, with the intent that the cryptocurrency would be held and then distributed to various projects via smart contracts and decentralized member voting. The idea is that rather than leave decisions to a handful of partners, anyone who invests would have a say in which startups to fund.

However, the mechanism and code for this project were poorly designed and contained a fatal flaw – which was exposed last weekend when someone exploited the code and stole $60 million from the DAO.

Built on Ethereum, a system designed for developing decentralized applications, the DAO was set up in a way to rely completely on code via smart contracts. In fact, in its terms and conditions, there is a stipulation that states that anything which contradicts the code would be considered null and void. The hacker who took the $60 million essentially exploited the code to create a “child” DAO and used the “Send” function within Ethereum to receive the money. However, the DAO’s smart contract as it is coded allows for the creation of a child DAO. And since the smart contract is the DAO’s only legal contract, this makes the hacker’s actions legal!

The hacker himself has also rejected the characterization of his actions as theft. In a letter to the Ethereum community, he thanked them for the incentive to “rightfully claim” the $60 million.

Obviously, a lot of people stand to lose their money, even though the thief still has several weeks to go before he can withdraw from the child DAO. As such, Ethereum’s developers, namely lead developer Vitalik Buterin, are looking for ways to mitigate the loss.

There is a lot of talk about whether Ethereum should be “hard forked” to roll back the amounts of ether in each wallet to a state before the theft took place. This would effectively void the theft transaction (and all other transactions from the time of the attack until present).

But doing so would have potentially damaging implications. The network would have colluded to defend the interests of a few people, thereby possibly creating a “too big to fail” system that sounds oddly like the real-world financial systems it is designed to replace! While it is true that a decision to roll back the state of the network would be made not by one person, but by Ethereum’s miners collectively, a critical fork in the road has been reached. Rolling back the theft transaction would demonstrate that under certain circumstances, the network can and will collude to reach a certain result. Such central control would be damaging to the DAO’s reputation because it means the system is no longer truly immutable.

It may be a good thing that the network is able to collude to reverse a rogue transaction. But this raises the question: when does a system become too big to fail? This is an interesting question to pose to a community of anonymous libertarians who are skeptical of financial systems.

If Ethereum rolls back the transaction, then they are hypocrites. They will have averted short-term disaster, but in doing so created questions as to the underlying motivation and philosophy of the token, as well as their fearless leader.

If they don’t roll back, a lot of people will lose a lot of money, and the Ethereum community will have to learn an expensive lesson – that code cannot be entirely relied upon. You need laws to back it up. And sometimes, especially when you are dealing with storage, transfer, and deployment of hundreds of millions of dollars, the law isn’t all that bad of a thing.

NOTICE:The contents of this article are not to be considered as a legal opinion or tax advice and should not be relied upon as such. Far Horizon Capital Inc does not hold itself out as a legal or tax advisor. If you wish to receive a legal opinion or tax advice on the matter(s) in this article please contact our offices and we will refer you to an appropriate legal practitioner. Use of our website is subject to our terms and conditions.

residency in indonesia

Permanent Residency in Indonesia

How to get Permanent Residency in Indonesia Think of one country in Southeast Asia where private... (Read more)

KYC and Good Customer Experience

KYC and Good Customer Experience I’ve been a customer of Amazon for over seven years. Every... (Read more)
kyc good customer experience