Education logo

What is a DAO and why was The DAO attacked?

Smart contrat audit company

By cyphershieldtechPublished about a year ago 4 min read
Like

What is a DAO and why was The DAO attacked?

The DAO and the case of the theft of 50 million dollars in Ethereum

Last July an anonymous user stole 50 million dollars in Ethereum , a cryptocurrency that has been talked about for months as an alternative to Bitcoin. The theft occurred after this person found a vulnerability in the code of a program , which was being used by thousands of investors to pool his money.

This robbery and the subsequent investigation are the stars of the first chapter of 'Insert Coin' , a new monthly section in which we will interview invited super technical specialists in matters that fascinate us in Xataka. It is a video program that you can see below.

In our first program we have the luxury of having Pablo Fernández Burgueño , a lawyer specializing in cybersecurity and entertainment law, and a passionate about cryptocurrencies. Pablo tells us in detail what exactly happened in the 'The DAO' case , how someone was able to take the money without anyone noticing and why it is still unknown who it was.

Few people can offer us such a complete account and from within what the investigation was and continues to be: the European Commission asked him for advice to find out what laws could be applied, so he is one of the people who knows the case best.

Insert Coin 1x01: 'The DAO' and the theft of 50 million dollars

Ethereum is a blockchain-based cryptocurrency like Bitcoin . When we asked Pablo about the differences between the two, he explained that "while Bitcoin tries to create a world economy, Ethereum writes computer code on the block chain and on the Internet."

These codes are called 'Smart Contracts' . As [we told you a few months ago], these "smart contracts" are a piece of code that is executed transparently to the user, and that usually includes a financial transaction . Ethereum includes the ability to create unrestricted distributed software that runs on the blockchain (i.e., on multiple computers) and that can lead to the execution of payments.

Put more simply, it is a software code that says "if this happens, do this" in a way that is distributed on the blockchain and therefore cannot be manipulated. That is why it is customary to speak of "contract" rather than "software" when referring to it.

And this type of program leads us precisely to the case of 'The DAO', an organization created by a group of developers led by Christoph Jentzsch, and which developed one of these 'Smart Contracts'. They then deployed it on the network so anyone could link Ethers to it, something up to 11,000 anonymous people from around the world did with the intention of using it for long-term savings or investment.

At this point Pablo explains that 'The DAO' was governed by his code. The code is the law, and the code of this program is the one that set the standards for everything that can be done or not done. The 11,000 people who put their money into 'The DAO' accepted the open source code of the program as the rules to be followed, without any of them realizing that there was a mistake in it.

However, there was someone who did realize that error, which allowed Ethers to be extracted without the permission of others. It was not a fine print that no one noticed, but a programming error that no one had noticed, not even its creators.

Exploiting it, this currency was withdrawing increasing amounts of cryptocurrencies until it got the equivalent of 50 million dollars. This anonymous person then posted an open note on the internet saying that everything he had done was in the code , and if they took his Ethers he would take them to court.

The code is not always the law

And this is where Pablo came into play, a blockchain specialist as well as a lawyer specializing in cybersecurity and entertainment law, as well as a regular speaker and advisor to institutions. It was he who the European Commission turned to for advice , both to explain what exactly was happening and to tell them if there was any applicable law in this case.

His response was that in this type of program, the code is not always the law , and that if 11,000 people have put money in a common fund, they have the right to recover what is theirs. Therefore, they could go to any court and be found to be right.

But the case still hasn't been solved, basically because it's not yet known who took the money . Therefore, "without knowing who to report, you cannot be successful in any judicial process," and hence the complexity of this entire case. You have no one to blame.

As the Ethereum system and its chain of blocks are set up, Burgueño tells us that today it is very unlikely that it will be possible to find out who took all that money , something that will make it very difficult for it to be carried everything to the courts and that those who invested in 'The DAO' get their money back. There have even been unsuccessful attempts to invalidate the coins that person took.

As vulnerabilities exist in the web3 spaces, Cypershield is one of the kinds of Security and Smart Contract audit company rendering exceptionally professional smart contract auditing services for varied Crypto projects. In the process of rendering your projects, full-on auditing services help you come over your smart contract vulnerabilities and reach a higher scale in the market.

product review
Like

About the Creator

Reader insights

Be the first to share your insights about this piece.

How does it work?

Add your insights

Comments

There are no comments for this story

Be the first to respond and start the conversation.

Sign in to comment

    Find us on social media

    Miscellaneous links

    • Explore
    • Contact
    • Privacy Policy
    • Terms of Use
    • Support

    © 2024 Creatd, Inc. All Rights Reserved.