The DAO hack of 2016
Recreation of historic events in pictorial form using $HASH by Proof of Beauty Studios
Primer: The DAO hack of 2016 is one of the major events in Ethereum history. Lauded as a revolutionary project, The DAO raised an amount equivalent to 14% of all ETH in circulation at the time. The DAO was hacked and eventually hard forked into ETH and ETC. Transactions were rolled back but the sanctity of the immutability of the blockchain was sacrificed in order for Ethereum to survive. All these events are recreated in pictorial form using $HASH by Proof of Beauty Studios.
The very first DAO
The concept of a Decentralised Autonomous Organization (DAO) was first ideated in 2015 by a team called Slock.it
They built a crowdfunding smart contract to raise funds for various Web 3.0 projects and startups
Programmed in actual voting rights and ownership
People investing ETH in Slock.it would receive TheDAO token that represents their stake for dividends and also proportional ownership of the fund's total Ether
It represents the first decentralised, autonomous and community-run fund
TheDAO token sale is to last 28 days
Investors in The DAO will have to deposit Ether to TheDAO smart contract to get some TheDAO tokens at a rate of 1 Ether to 100 TheDAO tokens
Technology is not mature yet
Ethereum's genesis block was mined into existence on 30th Jul 2015
Solidity - the language for writing smart contracts in Ethereum - was first proposed in Aug 2014, but really only used as a language for a few months
TheDAO smart contract was the first of its kind, written in Solidity and therefore by definition, untested
All these technologies are not mature yet and had not been battle-tested
Why is the DAO attack historically important?
At one point, The DAO held about 14% of the Ether supply that is in circulation, which means a bailout is necessary because it becomes too big to fail
A failure of this size might erode the confidence of developers who are building interesting applications on the Ethereum blockchain
Fading interest from investors can lead to a vicious cycle, eventually leading to the stagnation and death of the Ethereum community
This event also opens up the debate for several philosophical and ethical issues surrounding the ideals of the crypto space, such as the immutability of the blockchain and code-is-law ethos
Timeline of The DAO attack
The first DAO is born
30th Apr 2016
The DAO is live
28-day crowd sale to exchange Ether for DAO token
01:42:58 AM +UTC on Block 1428757 
10th May 2016
Raised over US$34 mil
12th May 2016
Raised over US50 mil
15th May 2016
Raised over US$100 mil
21st May 2016
More than US$150 mil raised in total
The amount of Ether deposited is nearly 14% of all Ether tokens supply
Beginning of the End
8th Jun 2016
Hacker's malicious proposal #59, aka "Lonely, so Lonely" was launched
05:38:01 AM +UTC on Block 1664614 
The DAO Proposal #59 has the title "Lonely, so Lonely" and the hacker had to wait a week for the proposal to be approved14th Jun 2016
Shapeshift is used to cover tracks in order to send 52 Ether into the account used by Hacker to drain the DAO
Before the malicious contract can be created, Ether is needed to fund it
09:05:22 PM +UTC on Block 1704765 
15th Jun 2016
Hacker votes for proposal 59
04:26:02 AM +UTC on Block 1706618 
First blood by the hacker
17th Jun 2016
The DAO is attacked using the split function
Split function/recursive calls - Uses an inbuilt split function to withdraw Ether from the DAO and transfer it out - The split function was used to permit the withdrawal of Ether and return the tokens owned in the event of someone wanting to leave the DAO - Hacker repeatedly called the split function, each time starting a new request before the end of the previous one. Due to the error, the function could not detect that the sum had already been withdrawn by the preceding split function - This allows the hacker to withdraw more Ether than entitled, based on the amount of TheDAO token heldUses an inbuilt split function to withdraw Ether from the DAO and transfer it out
The split function was used to permit the withdrawal of Ether and return the tokens owned in the event of someone wanting to leave the DAO
Hacker repeatedly called the split function, each time starting a new request before the end of the previous one. Due to the error, the function could not detect that the sum had already been withdrawn by the preceding split function
This allows the hacker to withdraw more Ether than entitled, based on the amount of TheDAO token held
Hacker withdrew 3.6 million Ether worth US$50 million at that time, about 30% of the total 11.5 mil Ether committed to The DAO
The hacker stops draining after reaching 30%. Nobody knows why
Funds were put into an account subject to a 28-day holding period, so the hacker got the funds but it is frozen for now
03:34:48 AM +UTC on Block 1718497 
A counterattack by the white hats
17th Jun 2016
Robin Hood group - white hat hackers - devised a plan to drain the remaining funds from the DAO
Key players of the white hat hackers Robin Hood group: 1) Griff Green - community manager at Slock.it 2) Alex Van de Sander - Ethereum developer 3) Christoph Jentzch - lead at Slock.it 4) Robin Hood group creates the exploit contract on this dateEssentially to steal the remaining money in a bank that had been robbed so that the robbers can't steal more money from the bank
To withdraw a larger amount of ETH in the fastest possible time, the Robin Hood Group began stockpiling TheDAO tokens, and they intend to use the same split function used by the hacker to withdraw more Ether than they are entitled to.
The more TheDAO tokens they had, the faster they can drain out the remaining funds before the hacker strikes again
09:15:33 PM +UTC on Block 1722756 
21st Jun 2016
Robin Hood group starts draining the remaining 70% of funds out of the DAO
First draining by Robin Hood group
05:44:21 PM +UTC on Block 1745898 
The danger is not over yet
The hacker can still withdraw the 30% after the waiting period is over
The hacker can also sabotage the Robin Hood group from withdrawing the other recovered 70%
The DAO fork of Ethereum
20th Jul 2016
EIP-779 was proposed a few days earlier and scheduled to be implemented at Block 1920000
01:20:40 PM +UTC on Block 1920000 This is the first hard fork, also called the DAO fork, where the Ethereum blockchain splits up in order to rewrite history to the moments before The DAO was hacked
The original untampered blockchain is rebranded as Ethereum Classic (ETC), and the forked chain is the current Ethereum (ETH)
The funds recovered will be dispersed back to the holders
This is a controversial community vote because only 5.5% of the total Ether in circulation voted on the matter over a 12 day period
The decision was a hard one: to do a hard fork and roll back the transactions, thus sacrificing the sanctity of the immutability of the blockchain
OR to preserve the immutability of the blockchain but risk killing the Ethereum movement right where it stands
Controversial issues
Legitimate but unethical
Technically, the hacker did not do anything that is beyond what The DAO protocols and the smart contracts allow
This view was also reinforced by an open letter, possibly by the same group of hackers, that what they had done is legitimate
However, this action is ethically and morally reprehensible
One can also argue that the white hat hacker group, Robin Hood Group, that did the same act of exploiting the very loophole used by the hacker to drain the remaining 70% of the funds from The DAO, is equally wrong
So what makes their action more justifiable? Is it their good intentions? Who is to say that the hackers wouldn't do good deeds with the money after 'robbing' The DAO? Who gets to decide on such things?
A sacred cow is slaughtered
The hard fork also shakes the philosophical foundations of the blockchain, that the code was law and everything that the code allowed was legitimate
By doing a hard fork, transactions are rolled back and time was reversed as if the hack did not happen
Hence the immutability of the blockchain - THE sacred cow - is slaughtered and sacrificed in order for the young Ethereum movement to survive this existential crisis
The supporters of the immutability of the blockchain still live on in the original unaltered history of the Ethereum blockchain, now known as the Ethereum Classic (ETC).
It has a market cap of US $8,166,184,423 as of Aug 2021
Infographic
References
Special thanks to the folks at HistorianDAO for doing the bulk of the legwork for us, which includes the labour-intensive detective work of researching the block and transaction hashes of milestone events
A lot of materials are referenced from these links to piece together the narrative and to streamline the story into bullet form
Links to reference material:
https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee
https://www.gemini.com/cryptopedia/the-dao-hack-makerdao#section-the-dao-hack-remedy-forks-ethereum
https://coinmarketcap.com/alexandria/article/a-history-of-the-dao-hack
https://consensys.net/blog/blockchain-explained/a-short-history-of-ethereum/
All information presented above is for educational purposes only and should not be taken as investment advice. Summaries are prepared by The Reading Ape. While reasonable efforts are made to provide accurate content, any errors in interpreting and summarizing the source material are ours alone. We disclaim any liability associated with the use of our content.