The DAO Hack

The DAO was a decentralized autonomous organization launched on April 30, 2016, built as a smart contract on the Ethereum blockchain by the team behind German startup Slock.it. It was designed to operate as a venture capital fund where investors could purchase DAO tokens with Ether and vote on funding proposals. The DAO raised approximately $150 million worth of Ether from over 11,000 investors, making it the largest crowdfunding campaign in history at the time. On June 17, 2016, an unknown attacker exploited a recursive calling vulnerability in the DAO's 'split' function, which allowed users to withdraw funds by creating child DAOs. The vulnerability occurred because the smart contract sent Ether before updating the user's balance, enabling the attacker to repeatedly call the withdrawal function and drain approximately 3.6 million Ether (worth $50-70 million) into a child DAO. The stolen funds were subject to a 28-day holding period, giving the Ethereum community time to respond. After extensive debate, the Ethereum community voted to implement a hard fork on July 20, 2016, which effectively reversed the attack and returned the funds to original investors. This controversial decision led to a permanent split in the Ethereum blockchain, creating Ethereum Classic (the unforked version) and Ethereum (the forked version).