This was not a drill. A week before the Brexit panic, panic gripped users and developers of the Ethereum blockchain when flagship application “The Dao” came under attack.
The Dao is an example of a DAO: Decentralised Autonomous Organisation, a business whose rules are specified in a program running on the Ethereum blockchain, which can own crypto currency and assets, and make decisions about how it will operate. The autonomy and transparency of these organisations are unique and attractive features but any problems in the program are difficult to handle.
The Dao was launched in May immediately attracting huge publicity. Security concerns were raised, and a moratorium suggested, but the project went ahead. The crowdfunding became the largest ever, raising over $150 million in the form of a crypto currency Ether, all of which was owned and controlled by the program running The Dao. Given the size of this fund it is no surprise that it became a tempting target for attackers.
The attack started early on the morning of Friday 17th June with $50 million being syphoned from the main fund into an account controlled by an unknown attacker. The actions carried out by this attacker were all valid actions according to the code running The Dao. It is important to understand that there was no flaw in the Ethereum platform, it was The Dao application that behaved in a way that its developers didn’t intend.
A few days later the Ethereum community, considering a response, had their hands forced by signs of another impending attack, and so struck back in what was termed a ‘white hat attack’, draining the remaining at risk funds from The Dao into friendly accounts. This was mostly successful, though it is possible the attacker may have interfered with the process and some funds may still be at risk.
To fork or not to fork
Although the episode is far from over, it is believed that the initial attack stopped when a hard fork of Ethereum was proposed. A hard fork could rollback the malicious transaction, returning the stolen funds, but this requires outside interference to change the blockchain and goes against the principles that the blockchain is immutable and censorship free.
Many in the Ethereum community feel that such a move would set a bad precedent. The majority view however is that a hard fork should be performed before the attacker has a chance to moves his funds to an exchange. If this view forms a consensus in the Ethereum community then after a hard fork The Dao is likely to shutdown returning its funds to the investors.
When developing applications in the future the blockchain should be seen as an unforgiving environment, and I hope that this episode will lead to more careful development and rigorous testing. Rather than taking a big bang approach to application development it is safer to build large applications from tried and tested smaller components.
The attack and response have also illustrated that the Ethereum platform should be considered in a wider sense than just a blockchain and its applications. It also includes a community of users and developers, producing a system whose behaviour is less autonomous than initially thought.
Click here for a set of slides covering an introduction to Ethereum and the hack issue.