The DAO: The $60M Hack That Split Ethereum in Two
The exploit that split Ethereum in two
The DAO was supposed to be the future. A decentralized investment fund where token holders voted on how to spend $150 million in pooled Ether. No CEO. No board. Just code. What could go wrong?
On June 17, 2016, an attacker found a reentrancy bug in the smart contract. The flaw let them withdraw ETH repeatedly before the contract could update the balance. Imagine an ATM that spits out cash but forgets to deduct it from your account. The attacker used this loop to siphon 3.6 million ETH in hours.
The Ethereum community had to make an impossible choice. Option A: do nothing, let the thief keep $60 million, and preserve the principle that "code is law." Option B: rewrite the blockchain's history to undo the hack, destroying the entire premise of immutability.
They picked option B. Ethereum hard forked, rolled back the chain, and returned the stolen funds. But not everyone agreed. The dissenters kept the original chain alive as Ethereum Classic. It still exists today as a philosophical monument to "code is law."
The attacker's identity stayed unknown for six years. Then in 2022, journalist Laura Shin used on-chain analysis to identify Toby Hoenisch, an Austrian programmer. He denied everything.
This hack didn't just steal money. It forced the entire blockchain world to confront a fundamental question: when the code fails, who gets to decide what happens? That question still doesn't have a clean answer.
The Aftermath
The fork saved the money but permanently divided the Ethereum community. Ethereum Classic still trades today as a monument to 'code is law.' Smart contract auditing became an entire industry overnight. In 2022, journalist Laura Shin identified Toby Hoenisch as the suspected attacker using on-chain analysis. He denied involvement. No charges were ever filed.
COMMENTS