trust3.org
pl
All articles
IntermediateCase Studies

The DAO Hack: The Attack That Split Ethereum

June 2016. $60 million drained. Ethereum splits in two. The story of crypto's most consequential hack and the birth of Ethereum Classic.

August 28, 2025
6 min read
The DAO Hack: The Attack That Split Ethereum meme

Dive Deeper with AI

Click → prompt copied → paste in AI chat

This is the story of the hack that nearly killed Ethereum.

Not because of the $60 million stolen. But because of what happened next.

A community split. A blockchain forked. And the question that still haunts crypto: is code really law?

What was The DAO?

April 2016. Ethereum is less than a year old. Smart contracts are the hot new thing.

Someone has an idea: what if we created a decentralized venture fund? No VCs. No partners. Just code and token holders.

They call it The DAO - The Decentralized Autonomous Organization.

The concept:

  • Anyone can buy DAO tokens with ETH
  • Token holders vote on which projects to fund
  • Funded projects return profits to the DAO
  • Everything runs on smart contracts

It's a radical experiment in decentralized governance.

And it works. Kind of.

$150 million flows in during the crowdsale. 14% of all ETH in existence. Largest crowdfund ever at the time.

The future is here.

The vulnerability

One feature of The DAO: you can "split" - leave The DAO and take your ETH with you. Democratic exit.

The split function works like this:

function splitDAO(uint _proposalID) {
    // Check if split is allowed
    // ...

    // Calculate user's share
    uint fundsToBeMoved = (balances[msg.sender] * address(this).balance) / totalSupply;

    // Send ETH to user
    msg.sender.call.value(fundsToBeMoved)();

    // Update user's balance
    balances[msg.sender] = 0;
}

See the problem?

ETH is sent before the balance is updated.

This is textbook reentrancy.

The attack

June 17, 2016. 3:34 AM UTC.

An unknown attacker starts draining The DAO.

Here's what they did:

Step 1: Create a malicious contract that can receive ETH

Step 2: Call splitDAO() with that contract

Step 3: When The DAO sends ETH, the malicious contract's fallback function triggers

Step 4: The fallback function calls splitDAO() again

Step 5: The DAO checks the balance - still the original amount (not updated yet!)

Step 6: The DAO sends ETH again

Step 7: Repeat until drained

The attacker didn't do anything clever. They just called the same function over and over before the first call finished.

3.6 million ETH drained. $60 million at the time. Would be billions today.

Why wasn't this caught?

Good question. The DAO was audited. Multiple times.

But:

  • Reentrancy wasn't a well-known attack pattern yet
  • The code was complex (over 20 files)
  • The focus was on governance logic, not edge cases
  • "We audited it" created false confidence

A security researcher named Peter Vessenes actually warned about this exact vulnerability two weeks earlier. He was ignored.

The community response

The attack put Ethereum's founders in an impossible position.

Option 1: Do nothing. "Code is law." The attacker exploited a bug fairly. Tough luck.

Option 2: Soft fork. Blacklist the stolen funds. Attacker can't move them.

Option 3: Hard fork. Roll back the blockchain. Return funds to original owners.

Option 1 meant accepting that $60M was gone. And that The DAO's investors included Ethereum Foundation members.

Option 2 had technical problems (DOS attack vector discovered).

Option 3 meant breaking immutability. The whole point of blockchain.

Vitalik Buterin initially supported a soft fork. When that proved flawed, the community voted on a hard fork.

The fork

July 20, 2016. Block 1,920,000.

Ethereum hard forks. The stolen ETH is returned to original owners.

But not everyone agrees.

A minority of the community refuses to upgrade. "Code is law," they say. You can't just undo transactions you don't like.

They keep running the old chain.

Ethereum Classic is born.

One blockchain becomes two:

  • Ethereum (ETH) - The forked chain, funds returned
  • Ethereum Classic (ETC) - Original chain, attacker keeps funds

The attacker eventually cashed out some ETC. Millions of dollars. Legally, kind of.

The aftermath

The DAO hack changed everything.

For security:

  • "Checks-Effects-Interactions" becomes gospel
  • Reentrancy guards become standard
  • Smart contract security becomes a profession
  • Bug bounties become common

For governance:

  • Hard forks become a known tool
  • "Immutability" proves negotiable
  • Community governance gets stress-tested

For philosophy:

  • "Code is law" gets complicated
  • Social consensus trumps technical rules
  • Decentralization has limits when money is involved

Who was the attacker?

Unknown. Probably.

In 2022, journalist Laura Shin claimed to have identified the attacker as Toby Hoenisch, a programmer based in Austria. He denied it.

No prosecution. The attack exploited a bug in the code. Was it theft? Was it just using the software as written?

The legal system has no good answer.

Was the fork right?

This debate never dies.

For the fork:

  • $60M stolen from innocent people
  • The bug was clear, the intent was malicious
  • Community voted for it
  • Ethereum survived and thrived

Against the fork:

  • Sets precedent for intervention
  • "Immutability" becomes conditional
  • Who decides which hacks get rolled back?
  • Attacker followed the rules of the code

Both sides have points. Neither side convinces the other.

The fork happened. Ethereum is worth 100x what it was. But the question remains: was it a rescue or a violation of principles?

Lessons learned

1. Simple code matters. The DAO was complex. Complexity hides bugs. Prefer simplicity.

2. Audits aren't magic. Multiple audits missed this. Audits help but don't guarantee safety.

3. New patterns are risky. Reentrancy wasn't well-known yet. Early adopters take early risks.

4. Immutability is social. Technical immutability means nothing if the community agrees to change it.

5. Test failure modes. The DAO had no plan for a major hack. When it happened, chaos.

The DAO today

The DAO's code is still on Ethereum. A monument to a $60 million lesson.

Modern DAOs learned from it:

  • Simpler withdrawal mechanisms
  • Time locks on funds
  • Gradual releases
  • Emergency pause functions

The concept of DAOs survived. Became mainstream. But everyone remembers: this is how it started.

The DAO hack is the canonical example of reentrancy. If you want to understand the vulnerability in depth, see our technical breakdown.

Further reading:

  • The DAO Attack Recreation - See the code
  • "The History of The DAO and Lessons Learned" - Vitalik Buterin
  • "Thoughts on The DAO Hack" - Phil Daian

Liked this article? Follow me!

@t0tty3
#the-dao#reentrancy#hack#ethereum-classic#history

Dive Deeper with AI

Click → prompt copied → paste in AI chat

All articles