In April 2016, a group of Ethereum developers launched one of the most ambitious experiments in blockchain history: The DAO (Decentralized Autonomous Organization). The DAO was designed to be a venture capital fund controlled entirely by smart contracts on the Ethereum blockchain. Token holders would propose investments, vote on them, and the smart contracts would automatically distribute funds to approved proposals. No partners, no lawyers, no human middlemen — just code.
The fundraising period for The DAO was extraordinary. Over 28 days, participants sent ether to The DAO’s smart contract in exchange for DAO tokens. By the end of the token sale, The DAO had raised approximately 12 million ether — worth around $150 million at the time. It was the largest crowdfunding event in history, surpassing the Ethereum ICO itself. Over 11,000 participants became DAO token holders.
The DAO captured imaginations beyond the crypto community. Here was a fully autonomous organization, controlled by token holders, that would make investment decisions algorithmically. It was the embodiment of the “code is law” philosophy. Media coverage was enthusiastic. Legal scholars debated what The DAO meant for corporate law. Governance researchers studied its voting mechanisms. For a few weeks in mid-2016, The DAO seemed like the future.
Then disaster struck. On June 17, 2016, an attacker exploited a bug in The DAO’s smart contract code. The bug was in a function called “splitDAO,” which allowed token holders to split off from the main DAO and create their own mini-DAO. Due to the way the code was written, the attacker could repeatedly call the split function while withdrawing ether, effectively draining funds faster than the contract could update its records. Over several hours, the attacker siphoned 3.6 million ether — worth about $50 million.
The hack shocked the Ethereum community. The stolen funds were safely in a “child DAO” that couldn’t be accessed for 28 days due to the contract’s time lock. This gave Ethereum developers a window to respond. But what to do? Reversing transactions on a blockchain was supposed to be impossible — that was the whole point. Yet letting the attacker walk away with $50 million seemed intolerable. The community faced a choice that would define Ethereum for years to come: stick with “code is law,” or intervene to save the users. The answer would split the community forever.
Leave a Reply