Dao Fork Hack: When Gods of Ethereum Bent Blockchain Rules
Photo by Clifford Photography on Unsplash
An overview of the Dao Fork scam when the cryptocurrency community came together to reverse an immutable $70 million in transaction value.
Being a fairly new technology, cryptocurrency is riddled with its complexities. One of the key milestones in the history of the digital currency was in 2016, when a smart contract concept fell prey to malicious hackers, compelling its creators’ community to step in and restore balance.
Like any traditional currency, cryptocurrency lets you pay for goods and services. However, it is a digital currency, which means there’s no ‘printing’ or ‘minting’ happening, and it can only be used online.
Then how does it work exactly?
For cryptocurrency to work, a decentralized technology called blockchain is used. Consider it as a public ledger that is distributed. With the immense security on offer, comes a few shortcomings. For one, anything written on this public ledger can’t be reversed. Essentially, there’s no coming back from a transaction, unless the receiving party wants to. So how did the community bent the rules?
The DAO hack
The Decentralized Autonomous Organization (The DAO), as a cryptocurrency management concept, had been designed with an aim to eliminate the need for hierarchical management and operate as a venture capital fund in the cryptocurrency business.
Members of the Ethereum community, which is an open-source, public blockchain-based distributed computing platform and operating system, announced the inception of The DAO at the beginning of 2016 as a smart contract on the Ethereum blockchain. While the creation period was successful and managed to raise 12.7 Ether worth around $150 million at that time, several bugs were overlooked.
Recursive Call Exploit
It was on 18th June 2016 an anonymous hacker lent a big blow to Ethereum’s reputation and The DAO concept. Not only did the hacker manage to extract funds from The DAO, in the first few hours alone, a total of 3.6m Ether, worth around $70 million at the time, were drained. The security loophole was found related to the splitting function, known as recursive call exploit.
As described by the Ethereum Foundation, using recursive calling vulnerability, the attacker called the “split” function, and then called the split function recursively inside of the split, thereby collecting ether many times over in a single transaction. To put it simply, the hacker managed to extract funds from The DAO into a ‘child DAO’ which copied the original’s structure. Given the irreversible nature of the ledger, the Ethereum community was split into two: to intervene or not to intervene and let malicious hackers take control of the loopholes for the years to come.
To intervene or not to intervene
The Ethereum community presented two proposals to stop the attacker from draining The DAO. First, a soft-fork was proposed to prevent the hacker from withdrawing funds from the child DAO after the 27-day window. However, a few hours before its implementation, a bug was discovered which could have allowed attackers to launch a DoS attack.
Now, the community had to make a tough call of releasing the hard fork which would return all the Ether taken from The DAO to a refund smart contract using its
withdraw function. The DAO token holders could request to be sent 1 Ether for every 100 DAO, the investors who paid more than that could request the difference from the original address. That would mean bending the rules and the non-supporters in the community were not ready for it.
Those against the hard fork listed down arguments including how bending the rules for one contract would mean doing it for others and more importantly, how using hard fork would reduce the value of Ether.
Eventually, the hard fork proposal got the upvote and the community members stepped in with the 1920000th block, about a month later on 20th July 2016, to reverse the transactions.
The DAO hack may have divided the Ethereum community over “Code is law”, but it did throw light on the weaknesses of the smart contract concepts, and how it may have been averted with thorough testing of the code before implementation.
DAO Fork Hack; A Lesson
As a data engineer, I work on cryptocurrencies these days and the DAO Fork Hack is one of the biggest reminders for our community about the sheer vulnerability of nascent concepts such as the DAO along with platforms like Ethereum which are equally prone to unethical activities; pretty much like the internet. Securing and safeguarding the technology lies in the hands of the humans, even as novel concepts like DAO aim at eliminating human-interference.