Monday marked the eighth anniversary of the infamous “DAO Attack,” which wasn’t the first hack in the crypto industry but is perhaps the most consequential. It set the basis for much of the regulatory interpretation of the industry (through the Security and Exchange Commission’s “DAO Report”), and changed how the Ethereum ETH +0.86% community self-governs (through hard forks).

“It was a defining moment for Ethereum,” crypto legal expert and founder of the MetaLeX protocol, Gabriel Shapiro, told The Block in an interview. “Other chains have not really been similarly tested, or when tested have not responded to it in a way that solidified community, but rather divided it instead.”

In short, the DAO Attack on June 17, 2016, helped establish Ethereum’s “social layer,” what Ethereum co-creator Vitalik Buterin considers to be the collective group of network participants who uphold and define the network’s priorities. This was seen by the decision to hard fork the blockchain – a required update that is not ​​backward compatible – to recover nearly four million stolen ether (ETH), worth approximately $50 million at the time. 

How the attack happened

The DAO, the first version of a decentralized autonomous organization, was conceived and set up by the team behind German smart contract startup Slock.it as a new way to invest in crypto startups. 

More than $150 million worth of ether was raised, and more than 50 projects were expected to receive funding from this distributed investment vehicle controlled by a smart contract that none of its 11,000 backers owned. By the time the 28-day window to invest in the project closed, The DAO controlled approximately 15% of all circulating ETH. The attack itself slashed the price of ETH to $13 from $20 and ushered in a wave of cynicism.

Until it failed, The DAO represented that Ethereum's highest ideals could be encoded in a workable project and signaled a coming wave of innovation. 

The irony is that the vulnerability that ultimately brought The DAO down was well-known and about to be fixed. Several coders who independently audited its code found an issue with "recursive calls" that could drain funds from the smart contract. On June 14, just three days before the attack, a potential fix was proposed, but developers failed to implement it in time. 

By June 18, the attacker – alleged by author Laura Shin as former CEO of TenX Toby Hoenisch – had drained nearly a third of the project’s treasury into an account he controlled. Throughout the two-day attack, the Ethereum community considered ways to mitigate the damage and halt the exploit.  

The ideological battle

On the day of the attack, Vitalik Buterin proposed a potential solution to help assuage that fear. In what could be described as a one-time fix for a one-time event, Buterin suggested a “soft fork” update to Ethereum’s code that would’ve essentially blocked the attacker from accessing his funds but maintained the blockchain’s history.  

On the other side of the debate, however, were people like Slock.it’s Stephan Tual, who wanted to hard fork the Ethereum chain to recover all of the stolen funds. 

A third view, from the attacker himself in an open letter, argued that the attack itself was valid – as he merely used the code as it was written. Any attempt to roll back the chain or pause his funds was “theft” of his property and a “change” in the rules of the protocol, he wrote.

To some extent, both proposals – to either soft fork or hard fork Ethereum – challenged the idea of the blockchain’s immutability but represented diverging interests. Buterin’s plan, – and by extension the Ethereum Foundation’s essentially privileged the protocol over users while the hard fork was an attempt at full restitution for early adopters of a novel network.

In other words, serious questions were raised about whether a decentralized app should be bailed out at the expense of a community's founding ethos. But there was also a pragmatic argument to make, considering that Ethereum was still finding its footing at the time, and an attack of this magnitude could derail the project. 

Start your day with the most influential events and analysis happening across the digital asset ecosystem.

By signing-up you agree to our Terms of Service and Privacy Policy

Also receive The Scoop, The Funding, and our weekly Data & Insights newsletters

By signing-up you agree to our Terms of Service and Privacy Policy

Ultimately, on July 20, 2016, a hard fork proposal was put before ETH holders, which was passed with 85% of the vote. Ethereum would revert to a prior state before the DAO Attack. It was the first time a situation like this had ever happened and a challenge to the idea that code should determine how blockchain networks are governed.

“The DAO hack is important because it reveals a repressed truth about blockchain immutability. That in extreme situations the social layer can ultimately overturn the technical one, if there is strong enough consensus,” University of Dublin lecturer Paul Dylan-Ennis told The Block. 

Generative Ventures partner and former chief economist at Consensys Lex Sokolin echoed this point, saying the response to the DAO Attack highlighted that “technology is still a tool to be used by communities” and “subject to user demands and tribe agreement.”

Legal and regulatory consequences 

As the first operation of its kind, The DAO was at best operating in a gray area. That all changed following the attack. About a year to the day after Ethereum’s hard fork, the U.S. Securities and Exchange Commission (SEC) issued a report, now colloquially known as “The DAO Report,” confirming that the crowd sale fell afoul of securities laws. 

While the agency didn’t pursue an enforcement action at the time, this report has become the basis for much of the SEC’s interpretation of initial coin offerings and token launches. SEC Commissioner Hester Peirce, for instance, has said the DAO Report’s analysis at the time has set back the chance of passing specific crypto legislation by about a decade by granting the securities watchdog a wide remit to oversee the industry.

“My impression is that the DAO attack was pretty instrumental in shaping [SEC Chair Gary] Gensler’s belief that securities regulation of crypto is necessary,” University of Kentucky law professor Brian Frye told The Block. 

Still reverberating

Sokolin noted that it makes sense for decisions for how blockchain ecosystems develop to be in the hands of the community, given any “product without community is dead.” A key principle of the industry is “permissionlessness,” or the ability for anyone to access or fork a system. Ultimately, the successful projects are the ones that are adopted.

“Another evolution of this is Uniswap / SushiSwap and the vampire attack attempt in the early DeFi days. The ability to fork a protocol not in moral protest but economic protest has turned into a repeatable playbook,” Sokolin added, mentioning that Sushi started as an alternative version of Uniswap equipped with a community-empowering governance token. 

Likewise, JokeRace founder David Phelps said the response to the DAO Attack helped establish that code is not always law in crypto. He mentioned data availability blockchain Celestia’s “focus on social consensus” and restaking platform Eigenlayer’s “intersubjectivity” system, both ways of allowing the community to determine how the platforms develop.

However, not everyone is pleased with the current state of affairs. Perennial Crypto Twitter gadfly Gwart argued that the only true way to understand where the community’s opinion lies is by seeing where they invest. “A lot of people don’t really agree with the entire premise of a social layer,” he said. “Even if it objectively exists.”

Whether Ethereum should ultimately be governed by its code or its community is certainly up for debate. Either way, the DAO Attack raised the question.