$55M DAO Attack: What Did Ethereum Learn From It?

The smart contract and blockchain were interlinked ideas. In Vitalik Buterin’s early writings detailing the network of computers that would become Ethereum, the world’s second-largest by blockchain by market cap but largest by developer activity, he put forward the idea of fully decentralized, autonomous corporations or organizations (or, DACs and DAOs). 

The DAO, which got that name for being the first encoded version of the concept, was the proving ground that the disruptive world of venture capitalism could itself be disrupted. Approximately $150 million in ether was contributed to the project, and more than 50 projects were teed up to possibly be funded by a smart contract that no one person owned.

In his latest book, “Out of the Ether: The Amazing Story of Ethereum and the $55 Million Heist That Almost Destroyed It All,” Leising traces the events leading up to and following the pivotal moment (excerpt here). CoinDesk caught up with him to discuss The DAO’s legacy and what Leising thinks will come next in the blockchain. 

When you’re dealing with other people’s money – you have to be careful. I wish I could say these lessons were learned, I don’t think they have. I think we’re seeing the same mistakes made in DeFi now. The money sloshing around is just insane. It’s even worse in some respects, with people announcing they haven’t audited the code. 

I want to make clear that there were several different DAO attacks, which is a point that not many people realize. The $55 million Friday attack is probably what people think of when they’re talking about the DAO attack. 

Then there was an attack on the following Tuesday. That’s where I was able to get some leads, do some reporting and track down somebody I think was involved. I believe it was a copycat. The code for the attack contract was already circulated.

They were sloppy enough for me to trace them. That to me says they weren’t very careful, whereas the Friday attacker covered their tracks really well. You should see the ways he scrambled the ether and bitcoin. They knew what they were doing and were very careful. 

I’m moving the ball forward here a little bit, but I wasn’t able to get very far with identifying anyone involved in the $55 million theft. 

If anything, the frequency and scope of attacks has only picked up – but they’ve seemingly become less and less important. Do you think the industry has accepted that attacks are just one of the risks we have to live with?

If you’re talking about people losing significant amounts of their money, I think people are just as concerned today as in 2016. I can’t speak for the industry, but given the frequency at which these things happen, it does seem like there’s a part of the industry that downplays security. 

Everyone who is trading crypto at this point should know not to leave your coins on an exchange – that’s the dumbest thing you can do.

That promise will propel this forward. It almost seems like a return to something the internet had at the beginning. Andreas Antonopoulos says we need to decentralize the web – that feels like what’s happening here. Google isn’t going away, but I want an alternative.