An Analysis of the DAO Hack
On June 17, 2016, the DAO is under attack. We’re not talking about some esoteric spiritual concept. We’re talking about the Decentralized Autonomous Organization (DAO), a business model which utilizes a blockchain to manage contracts between people as a means of replacing most parts of a company’s management structure. And it just got hacked.
Between 8:45am and 10:30am GMT, two million Ethereum tokens went missing. A token is the means by which the value of a particular block of work has been valuated. The system releases the when both parties agree that it has been completed, or neither happens.
For those wondering, the account scooping all of this together is (or at least was) here:
As of the publication of this article (12 hours later), the number is almost double that, and appears to have stopped increasing. However, the account has been frozen, and there is a counterattack underway to siphon the funds away.
A lot of people are spreading the fear, uncertainty and doubt (FUD) that either the system is untrustworthy, or it’s not decentralized; or that its vulnerabilities are more detrimental than beneficial. However, the issues mounting in both political and digital spheres of influence seem to paint a different picture for the future of cryptocurrencies. Perhaps the FUD isn’t completely unfounded, but nobody seems to think this is actually a death knell just yet.
Stephen Tual, an employee of Slock.it (the company that wrote the code for the DAO, though they don’t have a formal controlling role in its operation) has proposed a solution on that company’s website: “The community needs to spam the network so that it can mount a counterattack.”
Tual also confirmed that the Ethereum Foundation had in fact changed the code slightly to allow for the account to be frozen. This allows the funds to be retrieved over time.
But harsh criticisms of this solution have surfaced. Michael Long, a stock day trader who also trades in Ethereum and Bitcoin using the US-centric Coinbase-owned Global Digital Asset Exchange, said: “In a system touted as more secure, it’s going to erode trust, and eventually some government is going to step in and try to control it. This solution hurts everyone.”
However, when asked why human beings shouldn’t help fix a problem created by humans in the first place, he replied: “Your question kind of misses the point.”
Long went on to explain that the integrity of the system requires a high degree of technical security that simply requires a lot of oversight in order to maintain. And when there is a problem, people need to remember that panic is what causes the real loss. The hack itself drained value from the network.
In a meeting with a US politician affiliated with FinCEN who spoke on the condition of anonymity, Sebfor also learned that the US Department of the Treasury took an interest in this, and will be monitoring it in order to discover if any US-based citizens were involved. If so, it could mean filing criminal charges, the politician said.
When asked if he believed this could simply be a price manipulation, he said: “I think that scenario is probably the case.”
EDIT: We have just received the conversation between Vitalik and the exchanges: http://pastebin.com/aMKwQcHR