What is Ethereum?
Ethereum is a variation of Bitcoin that uses a full programming language instead of a simple scripting language. The reason for this is that Ethereum supports smart contracts.
Let’s say that we want to organize a small conference. We need 100 people to sign up and pay/deposit money, so we can rent a hotel and such. But if not enough people sign up by a certain date, then the deposits need to be refunded. With Ethereum, we can write in a JavaScript-like language to code up this contract. It’ll guarantee that everyone will get a ticket to the conference, or everyone will get their money refunded, depending on how many sign up.
That’s a simple example. The possibilities are endless, which has got a lot of people really excited. Which, of course, makes the believers insufferable among non-believers in the system.
What is The DAO?
DAO stands for decentralized autonomous organization. It’s notionally like the example above for getting funds for a small conference, except that it includes much more. Members buy shares in the DAO, and according to the number of shares they have, can vote on things. The dreamers have the idea they’ll replace Democracy and run entire countries this way.
There are many types of DAOs on the Ethereum blockchain, but one in particular is TheDAO, which is some sort of DAO-based mutual-fund/investment-fund. You buy in, vote on which investments the fund should make, then reap the returns. It looks like a big organization, but it actually just runs as bits of code and data within the Etherium blockchain.
This investment scheme has gobbled up 10% of Ethereum coins, or $100 million worth out of Ethereum’s $1 billion ecosystem.
When you want to leave the fund, you split from it. This includes your share of unspent Ethereum coins, but also tokens representing returns on investments you were part of, but which haven’t yet paid out. That’s why you “split” rather than “cash out”, you need your own DAO shard to track those investments until they pay out.
How did The DAO get hacked?
When a member exits the investment scheme, they call the function name splitDAO(). There are two issues.
The first is that the member will supply some of their own code with the transaction. Among the things that code will do is tell the DAO code how to transfer Ethereum coin. It’s a necessary feature, part of Bitcoin as well.
The second issue is that Ethereum code is recursive. That means when a function is running, it may call itself a second time.
The bug is that when splitDAO() is called, it will then call the recipients code to transfer Ethereum coin, after which the recipients code will call splitDAO() again before finishing. This causes the process to repeat itself, transferring more Ethereum coin, then calling splitDAO() again, which calls the hacker’s code, which calls splitDAO(), which calls the hacker’s code, and so on. The process will continue endlessly, until it drains all of TheDAO’s coin.
When you split like this, they still force you to wait 27 days before you get your Etherium coin. Thus, the hacker doesn’t actually have use of it for another month.
How can they recover the stolen money?
They can’t – at least not without destroying the entire principle of cryptocurrencies. It’s like trying to cure cancer with a Howitzer.
One solution is to roll-back the blockchain before the theft. Of course, that means screwing over everybody who made a transaction since then. You’d be screwing people out of $1 million in order to compensate the theft of $100 million. This is, of course, the type of corrupt thinking that gets us into banking failures in the real world, as we screw over everyone else in order to protect those banks who are too big to fail.
Another solution is to update the Ethereum code to blacklist this address, or better yet, insert a magic key that will give control over those funds back to TheDAO.
The problem with changing the code is that it forks the blockchain. Transactions are added to the chain by miners – a decentralized group of people. It can include you, if you want to run mining software on your computer. Those miners who update their code to the change will be working off a different blockchain than those who don’t. The blockchain will repair itself if 51% of the miners update to the latest code (a oft-fork), but it’ll be hopeless broken if they don’t (a hard-fork of two rreconcilable chains).
What does this all mean?
I’m a crypto-anarchist. The entire point of cryptocurrencies to get around corrupt humans. And that’s what trying to repair this problem is – corruption. It’s a violation of TheDAO’s own contract, which says the code is the contract, not to be superseded by human re-interpretation. It’s tacit acknowledgement that TheDAO deserves special treatment that would not be given to smaller makers of contracts that have similar recursion bugs. That the miners vote on it (by choosing which software to run) is besides the point, nobody else with Ethereum’s favoritism would be able to get miner consensus. It’s a profound betrayal of trust that those maintaining the code would even consider helping TheDAO.
Obviously, the complexity of Ethereum is a huge security issue that will likely be repeatedly exploited in the future. This “recursion” issue demands that everybody writing contracts needs to write code extraordinarily carefully. In hindsight, it’s obvious that recursion shouldn’t have been an allowed feature, but it likely can’t be fixed now without a hard-fork. Also, in the future, we’ll likely see additional roblems as dangerous as the recursion issue.
The fascinating thing now is that in the past, people hired lawyers to review complicated contracts. In the future, they’ll need to hire hackers. After a contract is signed, I’m now motivated to hire a very good hacker that will keep reading the code until they can find some hack to my advantage.
In any case, the original concept of TheDAO is useless utopian nonsense. The original Bitcoin was created by people who actually understood a lot about currency. TheDAO was created by people who are hopelessly naive about investing, who then put the system in the hands of trained monkeys. This isn’t “wisdom of the crowds”, as they proposed, but “ignorance of the mob”. If the hacker hadn’t put a stop to this nonsense, it would have slid into some sort of Ponzi scheme, getting its creators arrested a couple years from now.
Update: The hacker is bribing the miners not to fork [*], by promising to give the miners a third of Etherium. This is possible with the protocol, to create transactions that takes money from the blacklisted address and donate it directly to whoever mines a block, as a sky-high transaction fee. Choosing to fork would mean forgoing these payments. Thus, the hacker has a power to corruptly subvert the system to counterbalance Etherium’s power.
