The Un-ETH-ical fork
My personal opinion about the events that unfolded yesterday (17th of June 2016) in regards of the DAO and the Ethereum network.
The Events of the 17th of June 2016:
Early morning CET I saw a message on Telegram about “drama in the DAO Slack”. I went over to the Slack and I saw these type of messages:
I’m not a dev, I’m not a coder, I did see some coins leave in the etherscan link posted in the Slack, but I still wasn’t 100% sure if this was real and what exactly was going on. Being a trader and owning a large amount of DAO I knew that even if this was a hoax, the price would go down quite a lot until they did some serious damage control. So I sold my DAO, thinking to rebuy lower. And then the following message came:
Griff is to blame for a large part for the amount panic it caused. Yes, it was a very serious issue, but the way he communicated about it, being a community organizer, was just horrible.
At this point the price of both Ethereum and the DAO completely crashed. The DAO went from 24,700 satoshi to 7,100 satoshi in no time. Everyone was panic dumping, in a telegram chat we had someone sell his DAO at 9,000 satoshi and losing a lot of money all because of this panic caused by a “hack”.
How was this possible?
For the long and technical explanation I would recommend reading “Deconstructing theDAO Attack: A Brief Code Tour”.
A short explanation: there was a bug in the contract. When someone did a split and knew what he was doing, he could drain Ethereum from the DAO’s main wallet into his own Child DAO that he created by splitting from the main DAO. There was ~3.5 million Ether drained, which at that time was around 60 million USD (now obviously less). The fact that it was in a Child DAO means that the “attacker” can’t withdraw it for another 28 days until the split was confirmed.
So the hacker found and exploited this unknown bug?
No. This bug was mentioned on various occasions by a lot of different people, even weeks ago. Among them Nick Szabo (Ethereum/Bitcoin), Zooko (Zcash), Emin Gün Sirer (Hacker, Professor at Cornell University) and Diego Gutiérrez Zaldívar (CEO of RSK-Labs, Rootstock).
There was even an article posted the day before the “attack” on hackingdistributed.com “Scanning Live Ethereum Contracts for the “Unchecked-Send” Bug”.
So they were aware of this issue, then why didn’t they fix it?
On the 12th of June 2016, Stephan “The Tool” Tual posted the following article on the slock.it blog: “No DAO funds at risk following the Ethereum smart contract ‘recursive call’ bug discovery”.
They were working on fixing this bug, but it’s what in crypto is known as “too little, too late”.
Why do you keep putting attack and hack between quotes?
In the Terms and Disclaimer on the Daohub website we can clearly read the following:
Which basically means that code is the contract and any bugs being abused is a non-issue.
Emin even goes a step further and even though he was probably facetious, he does bring up some valid points.
Of course this is a bold statement and you should take it with a grain of salt.
The response from the Ethereum and DAO community:
Obviously at first there was chaos, there are some leaked chatlogs from a channel with exchange owners, Ethereum and Bitcoin devs. Full transcript you can read here. It’s worth a read.
The first news that came in was that the DAO expirment was over.
The fact that no Ether was lost, was because it’s all still in the Child DAO which I mentioned earlier.
The proposed solution:
So the Ethereum and DAO devs propose a softfork to block the “hacker” from withdrawing the Ether in the Child DAO once the 28 days are over.
Why the fork is a very strange proposal:
It sets a very dangerous precedent.
This means that every time someone loses Ether in some way, they can ask to freeze the funds/ask a rollback/… I know that this is a special case, since it’s a lot of money and there are a lot of investors involved, and the fact that the miners have to agree with running the new code, but at the same time this is just not ethical at all. There is no difference between Ethereum and a closed source bankcoin (or Ripple), where you can just undo transactions.
Emergency forks can happen, but only when the network itself is in danger/under attack. Some people mention that Bitcoin had multiple forks and even rollbacks but that had to to do with the network/protocol, not with some side-project.
The people that invested in Ether but not in the DAO are getting, excuse my french, royally screwed with this fork, which you can clearly see with the falling Ethereum price.
What’s also important to mention is this message from Vitalik when the DAO was being funded:
So that basically means that whatever happens to the DAO, doesn’t have any effect on Ethereum right? So why the fork?
If it’s so strange, then why did they do it?
There are a couple of reasons that can be mentioned here.
- First of all, they don’t want the “hacker” to be able to dump 3.5 million ether on the market.
- The DAO and Ethereum, got so much media attention that this “theft” will have a huge impact on the future of the Ethereum project. Ethereum was being pushed as the go-to crypto of the future. (Bitcoin is for criminals but at least they didn’t lose millions because of buggy code.)
- They want to give the investors their Ether back. Fair point, however a lot of investors sold their DAO coins in the panic caused by Griff for a huge loss, losing 10,000’s up to 100,000’s in USD. Even the ones that didn’t panic sell and will get the Ether, will have a huge financial loss.
- But for me, this is purely speculative, the main reason is because they don’t want to lose their own money. A lot of Ethereum (and DAO) developers have put money in the DAO. Which makes any decision they make in regards of an unethical one.
It’s important to note that Vitalik has a very big influence, some of the Ethereum investors are almost a cult. This is proof-of-Vitalik.
Some people *cough* Stephan “The Tool” Tual *cough* are also trying to vilify the people who are not supporting this unethical fork.
A fork in this case is unethical. It goes against everything that Crypto stands for.
I feel bad for the people that lost money, it could’ve been me, if I wasn’t awake at the time. I know personally some people that lost a lot of money because of it. Will the fork get them back their losses? Not really, only a small part.
Is this the end for Ethereum? No, probably not. It will be very difficult to recover from this disaster though, in particular if you look at Vitalik his involvement in all of this, including that he was a curator of the DAO AND the fact that the people involved knew about this bug weeks ago.
You can also expect that if the fork goes through, the 9 million ether that was locked in the DAO will, for a big part, get dumped on the market. Investors will be disgusted and might even quit crypto completely.
It also hurt the entire crypto with, again, negative mainstream media attention:
- Ethereum Might Betray the Blockchain to Recover From a $56M Hack
- Fund Based on Digital Currency Ethereum to Wind Down After Alleged Hack
- A month to save digital currency Ethereum?
- Blockchain Company’s Smart Contracts Were Dumb
Sadly, Stephan “The Tool” Tual blocked me after tweeting this, but then again I think by now he has 90% of the crypto community blocked so he doesn’t see any issues, everything is fine.