Skip to main content

The DAO Was Not Hacked | Mt. Gox 2.0

Blockchain - The DAO Was Not Hacked | Mt. Gox 2.0

Editor's note: This is a guest post by Steve Patterson and the opinions offered are those of the author alone.

Until recently, I’ve remained undecided about the DAO failure. Should Ethereum soft fork, hard fork or do nothing? I have a tentative conclusion: the best reaction is to do nothing. Let me explain why.

First, we have to lay out the facts. Ethereum and the DAO are two separate things. Ethereum is the underlying computer protocol, with its own unique blockchain. It exists for one purpose: to allow code to be executed across a gigantic network of computers.

The DAO is one of the first programs to run on the Ethereum network. “DAO” stands for “Decentralized Autonomous Organization” – it’s a new type of company, specifically designed to be run as an “autonomous organization.”

This is crucial: the DAOis a company. It’s a company without humans. That’s the point. No part of the DAO exists outside of the code. The company is the code. Investors can choose to fund the company by sending it money.

The DAO was not hacked. It simply executed its code, and by doing so, it went bankrupt. It was a bad business model. The DAO was only a failure from the standpoint of its investors. From a technical standpoint, the DAO worked seamlessly.

Mt. Gox 2.0

The DAO bankruptcy most closely resembles the Mt. Gox bankruptcy. Within the Bitcoin community, everybody knows how the media misunderstood the failure of Mt. Gox. The headlines read, “Bitcoin Goes Bankrupt!” or “Bitcoin Hacked!” But of course that wasn’t true. Mt. Gox was a company working “on top of” the Bitcoin protocol.

People trusted Mt. Gox, the company, and unfortunately it went bankrupt. Those participants lost a lot of money. It’s a shame. A lot was learned from that failure, but, in the long run, it was probably a good thing.

The same is true of the DAO. People trusted it without investigation. They put their money in the hands of a company, and that company went bankrupt. The underlying Ethereum code had nothing to do with it (as far as I understand.)

Therefore it seems inappropriate for the Ethereum community to entertain the idea of a hard fork. Or even a soft fork, for that matter.

Yes, a lot of money was lost. But not because of a technical problem with Ethereum. It would have been inappropriate to hard fork Bitcoin just because Mt. Gox went bankrupt and people lost a lot of money.

What strikes me as even more off-putting is the fact that Ethereum developers had money invested in the DAO. Imagine if a Bitcoin company went bankrupt, and then the developers planned a hard fork to get their money back – because they are personally invested in the company! Even though the code was fine and everything executed as it should, they lost out – and it seems odd to permit a hard fork because of it. It’s a dangerous precedent.

A New 51 Percent Attack

Ultimately, it’s not the developers who decide if Ethereum will fork. It’s the miners. That’s a good thing. However, we’re witnessing a new type of attack on blockchain technology – the internal 51 percent attack.

People discussing a hard fork aren’t talking about fixing a glitch. They are talking about recouping lost funds that came from an ugly bankruptcy. They invested in a company; that company went bankrupt; and now they are seeking out their money in the blockchain to take it back by force.

Again, that seems like a dangerous precedent. Yes, it’s democratic, but that’s not always a good thing.

Stock Glitch Versus Bankruptcy

Let’s say you open a Scottrade account and deposit $1,000. Now, imagine two scenarios:

1) Scottrade has a technical glitch where you lose your money.

2) A company you bought stock in has a technical glitch; they go bankrupt because of it; and you lose all your money.

In Scenario 1, it makes sense that Scottrade would ameliorate the problem – i.e. they would “hard fork” their own software and return your funds.

In Scenario 2, it does not make sense that Scottrade would ameliorate the problem. It would be outrageous if they “hard forked” their software to make it appear as if you didn’t invest money in the first place!

Scottrade is responsible for technical glitches on their end. Ethereum is responsible for technical glitches on their end. Neither should change their code to erase their customers’ bad bets.

Contracts, Codes, Knocks on the Door

One more analogy, more related to the technical failure of the DAO.

Imagine you voluntarily enter into a contract. The contract reads, “Every time your neighbor knocks on the door, your bank account will automatically send $5 from your account to his.”

Immediately after signing the contract, everything seems fine. Until your neighbor keeps knocking on the door. You wake up the next day, and your bank account is empty. Who’s responsible? Did your neighbor steal from you? Did he hack the system?

From my understanding, that’s essentially what happened with the DAO. The company gave out money for “splitting,” and one person kept splitting until the bank account was empty. That’s a bad business model, demonstrated by their bankruptcy.

Does it seem reasonable, then, to fork the Ethereum code to blacklist his address – or even more extreme, to erase part of the blockchain to take the money back? I’m not saying the guy was morally innocent. But given the point of autonomous organizations and smart contracts, I don’t think it was criminal.

On the Other Hand

I don’t want to imply this issue is simple. It’s not. It does make sense that – given the extreme newness of the technology – big mistakes could be erased by the community. It’s a dangerous precedent, yes, but Ethereum is still extremely small-scale. Hard forking because of a bum contract would be completely inappropriate in the future, but right now, it seems less damaging to the credibility of the community. I don’t support it, but it probably wouldn’t be a death sentence.

Frankly, it would be much easier if the bug came from the Ethereum code itself. But that’s not the circumstance.

I hope that a few good principles will come from this failure. First, in the future, it’s a very bad idea to invest a huge amount of money into something so radically experimental. Second, if the Ethereum community decides to recover their own funds via hard fork, I hope they commit to this being a once-in-a-lifetime event. Their credibility relies on it.