Pages

Feature from Tech The $55M Hack That Almost Brought Ethereum Down



Bloomberg News reporter Mathew Leising's new book, "Out of the Ether: The Amazing Story of Ethereum and the $55 Million Heist That Almost Destroyed It All", tells the story of the infamous DAO hack that almost brought down the world's second-largest blockchain.

In June 2016, a here-to-now unknown assailant (or assailants) began syphoning off funds from Ethereum's first decentralized autonomous organization, or DAO, a bit of software that functions like a corporation. Weeks earlier the DAO went live, following a $150 million crowd sale.

"[T]he DAO had a huge part to play in the early history of Ethereum," Leising writes. "It's not overstating it to say that the DAO made Ethereum." That's because it was one of the earliest examples that Ethereum's network of computers was resilient enough to support complex applications.

While the attack never broke Ethereum's code – it merely exploited a loophole in The DAO's smart contract – it cast doubt over the viability of a blockchain-based "world computer." It was also the beginning of Ethereum's two Ethereums.

Leising, who has been covering the crypto industry for the better half of a decade, had called out sick from work the day a hacker absconded with $55 million in stolen ETH. But he didn't let the story die. Over the past four years he has been reporting out the story told in the book, examining blockchain data, following through on cryptic tips and ultimately tracing a path towards his leading suspect.

In the excerpt below, readers find themselves in eastern Germany along with Christoph Jentzsch, one of The DAO's principle architects, who woke up to realize the project he has spent months building is being robbed "at the rate of about $8 million an hour."

A religious family man, Jentzsch takes this extemporaneous moment to reflect on the challenges that faced the DAO's creation – from securities worries that still plague token projects to the critical opinions of the early Ethereum community – before taking action. – Dan Kuhn

Chapter 7
The town of Mittweida in the state of Saxony in Germany escaped being bombed in the Second World War. In the middle of town, old stone streets divide rows of brightly colored buildings. If you leave the town square and walk for about 10 minutes you'll come to a quiet street with a police station; next door is a mint-green house with brown trim and shutters. On Friday, June 17, 2016, just after 8 a.m., Christoph Jentzsch lay on the beige carpet of the first-floor office inside. He tried to still his breathing, to take deep breaths, to not let the world get away from him. Thieves were inside the DAO, his creation, robbing it at the rate of about $8 million an hour.

One of the first things Christoph felt was relief: finally the DAO saga would come to an end. It had overtaken his life for the past six months.

He'd battled anxiety and depression and exhaustion; he'd neglected his wife and five kids. There had been moments when he froze at the thought of releasing the DAO code, because once it was out in the world it couldn't be changed. There could be a bug in the software, or maybe terrorists could figure out how to use it to fund an attack he'd be power- less to stop. The pressure made him physically ill several times. He'd puked under the strain. God, please, let this be the end of all that.

But Christoph also felt a strong sense of responsibility. It shook him that he'd messed up so badly and that people were losing money because of it. He believed in the ideas underpinning DAOs. (The language gets a bit confusing here as there were other DAOs around at this point, MakerDAO among them. DAO is a generic term for the structure that smart contracts fit into, but because of its eventual size and high profile, Jentzsch's DAO became the DAO.)

THERE WERE SO MANY FEARS," GRIFF SAID."DOES THIS DESTROY ETHEREUM? DOES THIS DESTROY DAOS? WHAT'S GOING TO HAPPEN TO ALL THIS MONEY?

A DAO is what got him into Ethereum in the first place, the moment he realized its potential. Vitalik's white paper had outlined a vision for how DAOs could democratize corporate structures to replace owners, employees, and investors with users who directly managed the firm's affairs with smart contracts encoded on the blockchain. That breakthrough is what made Christoph pause his PhD studies and start working for Ethereum in 2015. And then, improbably, he built one: the biggest DAO ever built, in fact, which made it a fat target. After all the security checks, Christoph couldn't understand why no one had found the right bug in time.

He got up from the floor of the office and went back to his IBM ThinkPad laptop. Christoph knew the cops next door couldn't help him. No, this was his mess and he'd have to clean it up.

In one sense, if toasters and door locks were allowed to have bank accounts the DAO never would have happened.