The DAO hack

ACH1...kS9B
11 Apr 2026
66

In 2016, the world heard about "The DAO" – a project intended to be the ultimate proof that human honesty is unnecessary when one possesses perfect code. However, reality turned out to be a brutal lesson in humility, leading to the greatest split in the history of blockchain technology and raising the question: can code truly be law?

Money-Making Machine Without an Operator
Christoph Jentzsch, the creator of The DAO, based his project on Vitalik Buterin’s concept of "smart contracts." The vision was enticing: an investment fund managed by an algorithm, where every decision is made democratically by token holders, without the involvement of banks, CEOs, or lawyers.
Success exceeded the wildest expectations. In May 2016, the project raised over $150 million (12 million ETH), becoming the largest crowdfunding campaign in history. At the time, this represented 15% of the entire Ethereum network’s supply.

Race Against Time and the "Infinite Loop"
Despite the enthusiasm, dark clouds were gathering over the project. Peter Vessenes, a security researcher, warned on his blog about a "reentrancy" vulnerability. This flaw allowed for the repeated triggering of the funds withdrawal function before the smart contract could update the user's balance.
The creators of The DAO, believing in the solidity of their architecture, dismissed the warning. On June 17, 2016, an anonymous attacker launched a precision strike. Utilizing the bug Vessenes had described, they began "draining" Ether into a so-called "Child DAO" (a subsidiary contract). Within hours, approximately 3.6 million ETH-worth $50 million at the time was stolen.

"Code is Law" as a Weapon
The most controversial element of the story was a letter allegedly published by the hacker on the Pastebin service. The attacker did not apologize. On the contrary - they claimed their actions were entirely legal.
"I have made use of a feature available in the code. Since code is law, any operation it permits is consistent with the agreement," the argument read.
The hacker cleverly turned the creators' own ideology against them, forcing the Ethereum community to face an existential choice: stick to the principles of blockchain immutability, or break them to recover the money?

The Great Schism and the Birth of Ethereum Classic
Facing the potential collapse of the entire network, Vitalik Buterin proposed a forceful solution: a Hard Fork. This was an update that physically reversed the hacker's transactions and moved the funds to a new contract, allowing investors to get their money back.
Not everyone agreed. A segment of the community viewed this as a "bail-out" similar to those governments provided to banks in 2008. Thus, the Declaration of Independence of Ethereum Classic was born.

  • Ethereum (ETH): Followed the path of pragmatism and intervention, becoming today’s market leader.
  • Ethereum Classic (ETC): Remained with the original blockchain, believing that immutability is more important than stolen millions.

Who Pulled the Trigger? The Investigation Years Later
For years, the hacker's identity remained a mystery. A breakthrough occurred in 2022 thanks to an investigation by journalist Laura Shin. Using advanced blockchain analysis and transaction de-mixing, Shin pointed to Toby Hoenisch, an Austrian programmer. Although Hoenisch denied the allegations, the evidence linking his exchange activity to the IP address used during the attack is considered exceptionally strong.
Legacy: From Amateurism to Professional Audits
The attack on The DAO was the "ground zero" moment for blockchain security. This event forced the emergence of professional audit firms (such as OpenZeppelin or Trail of Bits). Today, no serious DeFi project launches without a security certificate, and developers utilize the "Checks-Effects-Interactions" pattern, designed specifically to prevent the type of error that sank Jentzsch’s project.
The story of The DAO remains a cautionary tale: in a world where code is law, the smallest syntax error becomes a legal way to steal a fortune.

Resources:
https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability
https://www.sec.gov/files/litigation/investreport/34-81207.pdf
https://www.theblock.co/post/135017/new-research-claims-to-identify-the-man-who-hacked-the-dao
https://ethereumclassic.org/blog/2016-08-13-declaration-of-independence
https://www.binance.com/en/square/post/23450560623162
https://www.gemini.com/cryptopedia/the-dao-hack-makerdao?_gl=1*ufn736*_ga*MTU3MTExNTI3OS4xNzcwMDY0NDEz*_ga_WC57KJ50ZZ*czE3NzU4OTc5ODEkbzE1OCRnMSR0MTc3NTkwMjAzMyRqNjAkbDAkaDA.
https://www.youtube.com/watch?v=8r2W1EkChWQ

BULB: The Future of Social Media in Web3

Learn more
Enjoy this blog? Subscribe to Domtom

0 Comments