The DAO Hack Explained
The DAO hack shook the foundations of a nascent ecosystem.
In 2016, engineers at a German startup had a bold plan to democratize investing. Unlike a traditional fund where a venture capitalists invest money from high-net worth individuals and institutions, anyone could invest in the fund and vote on proposals to fund companies. Since the fund's governance rules and voting mechanisms were encoded in smart contracts, no manager or trusted centralized authorities were needed to make it work. Anyone with an idea could pitch their project and persuade the community to fund it. This was the utopian vision behind one of the first DAOs to emerge, called The DAO. It seemed perfect. After launching, The DAO amassed a staggering $150 million in investments from 11,000 people, making it the largest crowdfund in history at the time. But after just two months, someone noticed something suspicious. A hacker found an exploit that let them siphon away $50 million from the protocol. The DAO hack put a damper on the early momentum and enthusiasm for DAOs, shattering trust in the new way of organizing and triggering an investigation by regulatory watchdogs. It rattled the very foundations of the nascent Ethereum blockchain, which split into two versions to add a patch that prevented the hacker from withdrawing the hacked funds. While most funds were recovered, the fork raised concerns over rewriting history of a supposedly neutral, decentralized blockchain.
The DAO was both a demonstration of how powerful this new technology could be and a painful reminder that it wasn't ready for primetime. If DAOs were to be trusted, they would need better security, governance, and regulatory compliance. The hack brought the ecosystem to a standstill and the next couple years saw enthusiasm chill into a DAO winter. During the quiet period, projects like Aragon and Moloch DAO applied learnings from the hack to make starting the next generation of DAOs safer. Tools emerged like Gnosis Safe, which enables groups to manage funds together securely, and Snapshot, which lowers the friction to voting. Instead of each DAO writing risky smart contracts from scratch that might have a bug, most could just reach for audited, off-the-shelf ones. The ecosystem matured as it became easier than ever to start a DAO safely. Slowly, enthusiasm began to simmer again, and a new wave of DAOs would take the internet by storm in the years that followed.