The hack of The DAO.
The funding period for “The DAO” has started on April 30, 2016. It lasted for 28 days. Because “The DAO” was also a dao with means that like any other decentralized autonomous organization nobody could touch the funds during the initial 28 day funding period.
The sale of “The DAO” tokens has become extremely successful and has surpassed the expectations of everyone, including the founders of “The DAO.” By May 15th, in just over two weeks from the beginning, the project has raised over $100 million in funds. It became the largest crowdfunding event in the history of the Ethereum network. During the event, several software developers expressed concerns about the quality of the code of the project and the potential for attacks.
It is important to notice that a smart contract on a computer network is not a protection from a bad deal or from what is known on computer jargon as “garbage in, garbage out.” This means that while computers are fully capable of executing a code including smart contracts, they can’t tell whether the parties in the contracts have covered everything they needed to cover and whether the parties will be happy with the contracts in the long run. For example, let’s say that you have worked for several decades for a salary of $100,000 a year, but you have recently lost your job and are looking for any kind of temporary job. You find such a minimum wage job and start working thinking that you’ll stay there for a few weeks, yet a job has a provision in the employment contract that after a week the employer can choose to prolong the contract for up to a year and if you leave before the end of the year, you’ll have to pay double what the employer has paid you up-to-date. If your plan is not to work for the company for a long time, this contract is obviously a very bad deal for you. However, from the contractual perspective there is nothing wrong with the contract. If the contract were to become a smart contract and be placed on a blockchain network such as the Ethereum network, the network would execute the contract fully and it wouldn’t care that you think that the deal makes no sense for you.
The hack of “The DAO.”
A similar scenario has occurred during the hack of “The DAO.” The attackers were able to create a child project, which means that the project has the same exact structure as the original “The DAO” and were able to start funneling funds from the funding campaign into the child project. By June 18, 2016, they transferred over 3.5 million of Ether coins into the child project. Similarly to the example with an employment of highly skilled employee working for a minimum wage for a long period of time, there was nothing wrong with the Ethereum network itself. The network functioned the way it should. It is just that the attackers have discovered an option that nobody has thought of and took advantage of that option.
From the contractual perspective, scenarios like these are a reason why in many cases when dealing with smart contracts on computer networks it is a good idea to consult legal professionals and attorneys. A blockchain computer network will execute a contract, but it will not create a high-quality contract. This is something where highly qualified attorneys could still be of immense help.
Stolen funds and their inaccessibility
Several interesting things have happened when the hackers diverted the funds. First, everybody on the network could see the funds and the child “The DAO,” but nobody could do anything about it. This is something that can’t happen with the traditional banking system. If the authorities learn about the funds being stolen and funneled into an account, they can seize the account at any time. They may choose to monitor the account and not touch it for a period of time to collect evidence and learn more about the activity, but they still can gain access any time they want to. This was not what happened during the hack of “The DAO” because accessing the funds was not an option simply because the network is decentralized and there is no authority that can access somebody else’s funds.
Second, the funds for the “The DAO” were coming to just one Ether address. In practical terms, this means that the creators of the project were keeping “all eggs in one basket.” This is similar to not diversifying investments or keeping all the regular money in one place thinking that nothing will ever happen to that place, yet human history keeps showing over and over again that wherever people think that nothing can happen, bad things do happen. This example also shows that while blockchain technology can be superior in many ways, human mistakes can have a large impact that technology can’t solve.