The blockchain is an uncertain place. It is one of the most secure places where data can be stored and retrieved without any centralized entity. However, you might have heard about the DAO hack. It happened in 2016 where the hacker managed to delete $300 million.
What is DAO?
The full form of the DAO is decentralized autonomous organization. It got launched in 2016. Its goal is to give an organization the ability to code decision making and rules of the organization into decentralized control. This means any organization that uses DAO can automate by creating a decentralized control structure.
So, how does it work? Let’s list the steps below.
- First, a group of qualified people creates smart contracts. These smart contracts contain the program to run the organization.
- After it is created, a funding period is started. In this funding period, like-minded people add funds by buying the tokens. The tokens represent the ownership of the DAO. It is also known as initial coin offering(ICO)
- Once the funding is completed, the DAO goes live.
- Now the DAO evolves with new rules and regulations through a voting system.
Bitcoin was the first DAO. It works decentralized and is not owned by anymore. In this article, we will discuss “The DAO” which was created by Slock.it to run on Ethereum blockchain.
However, The DAO start losing their stance due to continuous hacks. They released their tokens for sale in May 2016. Soon they started to trade on different exchanges.
The DAO’s smart contracts were not perfect. This lead to multiple hacks over the span of just one year. The final hack or exploit that wiped away $300 million of ether, ensured that The DAO could never come back. It was done by a novice learner who deleted lines of code in the smart contract, making the ether left in The DAO’s smart contracts unaccessible. The hack killed The DAO completely. Learn more about “What is DAO”, here.
Enroll Now: Ethereum Development Fundamentals Course
What is the DAO Hack?
This is not the first time The DAO on Ethereum platform got hacked. Earlier, the decentralized autonomous investment fund (DAO) lost $50 million when it got hacked. In the same year, it again got hacked when a hacker exploited a bug in the parity wallets to steal $31M. The final nail in the coffin was done by the above hack of $300 million.
However, does it mean that these hacks mean that blockchain is insecure? Well, nope. It is not. There is a lot of things going on here, and we will try to explore it and understand it from a novice point of view.
Before we decide how it all happened, let’s try to understand how apps work on top of the blockchain.
Decentralized apps run on top of the blockchain. To facilitate it, the developers need to use smart contracts. Smart contracts are a special piece of code that can be used to automate tasks on the blockchain. The only difference between these two is that Dapps has an interface whereas smart contracts don’t. We covered how ethereum works recently, and advise you to read it to get a complete picture.
Is Blockchain Reliable?
Machines or technologies are less likely to make errors. They only do if they are built with loopholes. In this case, blockchain is perfect, and have no loopholes in it. However, the apps that are built on top of the blockchain are not that much reliable. They can contain issues which can be exploited by hackers. The smart contacts developed for The DAO were vulnerable from the start that let it its downfall.
In short, it is hard for developers to write smart contracts that meet a standard. To ensure that a standard is always meet, ERC20 is used. But, that too also doesn’t guarantee secure code.
The story of the novice learner
The first two initial hacks of $50 million and $31 million were huge. A lot of ether got stolen due to bugs or exploits in The DAO smart contracts and parity wallets. But, this was not the end.
A novice learner named Devops199 opened a new issue on their open source GitHub repository. He termed it as “anyone can kill your contract.” His aim to post is to let the Parity developers know about the bug.
The smart contract was a multi-signature contract. It is used by users to store their Ethereum. However, it’s not the end. The precise issue here is the bug lets anyone become the owner. The wallet’s bug allowed Devops199 become one of the owners. He then accidentally ran the kill command which killed the contract.
In layman’s terms, the funds left in the wallet is lost forever. He deleted the smart contracts function that lets the actual owners transfer ether. Once done, there is no looking back. Almost 300$ million ether was lost.
It’s not the blockchain, it is the apps and smart contracts
The blockchain is here to stay. It has revolutionized almost all the sectors by providing a decentralized digital ledger. The hacks related to The DAO are all because of poorly written smart contracts and bugs in parity wallets.
The Solution: The ETC-ETH fork
All these lead to the hard fork of the ethereum blockchain. It is hard forked into ethereum classic (ETC) and Ethereum (ETH). It was done to protect the normal users and make Ethereum platform better for the future. In short, DAO didn’t last long even with the best of intentions. There was also an option for the soft fork, but the community decided to with the hard fork. The hard fork ensured that new rules are followed. ETC is all about the original chain that was preserved. The new Ethereum blockchain is hard forked and follows new rules.
So, what do you think about the whole fiasco? Comment below and let us know.