Christoph Jentzsch wrote the first lines of code for what would eventually become The DAO in the summer of 2015, he says, on a plane trip from the US to Germany.
The software, originally intended as a crowdfunding contract, evolved into the first large-scale ethereum-based project, quickly raising $150m worth of ether from investors to be distributed to other projects on the platform. However, the meteoric rise was met with an equal and opposite fall, as a still-anonymous hacker or hackers exploited a vulnerability in the code and confiscated tens of millions of dollars in cryptocurrency (estimates suggest around $60m at the time of the event).
That value now sits in what are called child DAOs, or ‘Dark DAOs’, where funds remain frozen to this day, under the control of unknown entities. At issue, is that on 27th July, per the rules of The DAO’s original contract, this will change, and the perpetrator or perpetrators of the theft will be able to withdraw the drained funds.
Complicating matters is that unlike traditional corporations Jetzsch’s open-source codebase was written on the ethereum blockchain and free for anyone to use. No one has ever publicly claimed responsibility for the launch of this particular DAO that has come to be known simply as “The DAO”, and no single person or group exists with the explicit authority or mandate to rectify the situation.
This means the task of cleaning up the mess has fallen largely to altruistic community members. Initially, two solutions were considered, though this has become more complex in recent weeks.
A soft fork that would have resulted in the blacklisting of the Dark DAO was discarded last month after a vulnerability was exposed. Still on the table is a hard fork that would roll back the blockchain and restart the distributed ledger with the funds in question in a new smart contract.
This new contract is being designed so it can’t do anything except let the original cryptocurrency owners withdraw their funds.
But any changes to the organization’s code must be agreed upon by consensus from the members. This means addressing the nearly $60m worth of drained ether is not only a matter of financial urgency for the 23,000 addresses who bought voting rights, but an exercise in problem solving in a totally new technology’s experimental form of governance.
The lay of the land
Within the decentralized community, there remains disagreement on the path forward, a factor that has given rise to vigilante efforts, most notably the mysterious Robin Hood group.
This group of coders, whose identities are largely unknown as a matter of security, has prepared a two-prong maneuver – or white-hat attack – against the Dark DAO exploiters.
The measure is a safety net of sorts, in case the hard fork, now the only option developers have to regain the funds, fails in any way.
At stake in this epic computer battle between white hats and Dark DAOs is more than investor funds, but potentially the future of a new business model without leaders.
Some, including Jentzsch, are now worried that, should efforts by the community to resolve the situation be unsuccessful, government authorities will step in.
“Right now there is no discussion going on with regulators. I hope this is one reason for the hard fork,” said Jentzsch, adding:
“If you do a refund through the hard fork there will be less problems.”
The co-founder of Slock.it, the startup that published code used in the creation of The DAO, Jentzsch told CoinDesk he has not yet been contacted by any regulatory body.
However, there’s already indications that at least the US Securities and Exchange Commission (SEC), which is responsible for overseeing the nation’s securities laws, is paying attention.
Consensus amidst crisis
Last month, the deputy director of the SEC’s trading and markets division, Gary Goldsholle, pointed to the hack as illustrative of his concerns over consumer protection in similar instances in the future, according to a Wall Street Journal report.
To minimize the negative impact the hack might have on those consumers, Jentzsch said a series of measures have been organized within the community.
Informal conversations behind the scenes have occurred in person, on the phone and in writing, and impromptu groups have formed online in places like Reddit, DAOHub, a community website for the project, and on Twitter and other social media outlets.
The goal of all this conversing is to reach consensus, which it turns out is much more difficult to do than the ideal frequently depicted by cryptographers in the industry.
In this instance, consensus means either agreeing that a hard fork should take place, setting back the Dark DAO transactions to a their state prior to the hack, or that nothing should be done, leaving those who invested to learn a tough lesson.
It is the latter option that Jentzsch is concerned might lead to regulatory action. What will likely happen – and what has already taken place to some degree – are so-called coin-votes cast by anyone who sends ether to an address that stands as either a yes or no vote.
For example, one simple coin vote hosted at carbonvote.com last week asked ether owners to vote by sending units of the digital currency to addresses representing their view on whether a hard fork should be implemented. The ethereum address for a “Yes” vote has received 83% of the vote.
In a more complicated coin-voting proposal, voters would be asked to “lock” ether for a pre-determined time, and the more funds they lock, the more strongly the vote is considered.
Choosing a fork
In an effort to reach consensus, Slock.it has published its code for a proposed hard fork solution and solicited community feedback.
According to the proposal, the funds from Dark DAO would be moved into a newly created smart contract designed to let the original ether owners withdraw them. Slock.it also forwarded the code to clients including geth, parity, cpp-ethereum and pyeth for review.
At some point in time, the miners that verify transactions on the ethereum blockchain will get involved by either endorsing, or not endorsing the proposed changes.
Though little is certain in this new leaderless business model, there are clues as to what might happen next. In the days leading up to the previously mentioned, failed soft fork proposal, miner activation was tracked at this link on Etherchain.
Ethereum developer Vlad Zamfir told CoinDesk that he believes a “similar miner voting process” will likely take place leading up to the hard fork.
According to Zamfir, other hard fork proposals with different solutions are also expected.
“It is likely that the hard fork code will not be exactly as described in Slock.it’s post,” he said.
If all of these efforts come to naught and the ethereum hard fork isn’t implemented a group of coders including at least one from within Slock.it is preparing what Jentzsch describes as a “safety net” solution.
The self-described Robin Hood group, whose public face has been Slock.it’s lead technical engineer Lefteris Karapetsas, has proposed steps that could be implemented if all else fails.
On 4th July Karapetsas, the second most frequent contributor of 16 authors of the original DAO code, published two proposals designed to set the stage for a hacker duel if the hard fork fails.
In interview with CoinDesk, Karapetsas explained that some of the Robin Hood group’s plans are being kept secret to avoid sharing too much of their strategy.
The first proposed measure was to move the funds from an extra-balance account back to the original DAO, followed by another measure for the purchase of tokens in the dark DAO to be used – somehow – to prevent the attacker from withdrawing the drained funds.
But, the details of the effort are a closely held secret.
“The DAO attacker can either fight us or he can just do nothing. Keep in mind that there are multiple Dark DAOs and the Robin Hood group tries to tackle as many of them as possible,” Karapetsas said.
“In some of the Dark DAOs we are in a much better position and in some of them in not such a good position.”
In addition to smaller Dark DAOs, a so-called “white hat” hack was implemented by the Robin Hood group and investors to move the remaining funds to an account they control.
The measures advocated by Karapetsas were passed with unanimous acceptance, meaning that two other proposals also submitted at the same time do not need to be implemented. But the support without a single “no” vote should perhaps be taken with a grain of salt.
So extreme are the actions that could be required to rescue The DAO that there are concerns from a prominent academic that informal voting efforts are not primed for success.
For example, the proposals, like all measures submitted to The DAO, are subject to a “yes” bias, according to Cornell University professor Emin Gün Sirer.
Sirer told CoinDesk that because people who vote “no” on any proposal temporarily lose access to their funds they are dis-incentivized to vote at all. The result is that the perception of support for the Robin Hood effort may not accurately reflect an actual consensus.
In more than just this instance, Gün Sirer has been an outspoken critic of the way the Slock.it team has handled The DAO, from the initial creation of the code, which he describes as inadequately vetted, through to the launch. Last month, he even went so far as to call for the ethereum community to ostracize Slock.it’s founders.
But when it comes to questions of whether Ethereum should hard fork to protect the interests of The DAO investors Gün Sirer finds himself in rare agreement with the leadership at Slock.it, even if his support only goes so far in a distributed community.
He told CoinDesk:
“Everybody who bought into The DAO with substantial cash wants a hard fork. People who have no conflict of interest with the DAO, like myself, want to see a hard fork. The Slock.it folks will be sued no matter what but they want to follow the path with least legal responsibility.”
Information war image via Shutterstock