Working through early Ethereum files, one idea appeared:

What happens when code replaces institutions?

In 2016, the Ethereum community attempted to answer that question by launching a new decentralized venture capital fund.

No executives. No legal entity. No central control. Just smart contracts.

It was called The DAO.

In this article we are going to open the casefile of The DAO hack, reconstruct the exploit and examine how a single vulnerability forced the Ethereum network into its first constitutional crisis.

Act 1 – The Experiment

The DAO launched in April 2016 on the Ethereum blockchain with a simple idea: Create a decentralized investment fund governed entirely by token holders.

Participants could send Ether to the DAO smart contract and receive DAO tokens in return, which granted voting power. Projects could propose investments. Token holders would vote and if approved, the contract would automatically release funds. 

No board of directors. No venture capital partners. Just code.

The concept resonated and within weeks, more than 11,000 investors contributed funds and in total 12 million ETH were raised, worth around 150 million USD back then. This made it the largest crowdfunding campaign to that date.

Act 2 – The Vulnerability

The DAO code included a function that allowed investors to leave the fund by creating what was called a “child DAO”, withdrawing their proportional share of Ether while forming a new DAO.

But the withdrawal logic contained a critical flaw. When a user requested a withdrawal, the contract executed these steps:

First, it sent Ether to the requesting address.

Only afterwards did it update the internal token balance.

This sequence created what developers later called a reentrancy vulnerability. The malicious contract could repeatedly trigger the withdrawal function before the balance was updated. Each time the function was called, the DAO would send Ether again and again and again.

The contract assumed that a withdrawal could only happen once, but the attacker found a way to make it happen hundreds of times in a single transaction.

Simplified diagram of a reentrancy attack (Source: Chainlink Blog, refer to addendum)

Act 3 – The Exploit

On June 17, 2016, the exploit began. Observers noticed unusual transactions draining funds from The DAO and siphoned into a newly created child DAO. By the time developers understood what was happening, approximately 3.6 million ETH had been extracted, that represented roughly 60 million USD at the time. 

But the attacker had not yet gained full control of the funds.

Because of the DAO’s internal rules, withdrawn Ether remained locked in the child DAO for 28 days before it could be moved further. This delay created a narrow window for the Ethereum community to respond. 

Act 4 – Code is Law

The Ethereum network now faced a fundamental questions: Should the blockchain intervene?

One faction argued that the rules were clear, the smart contract had executed exactly as written and the exploit was simply the result of flawed code. From this perspective, “Code is Law.”

If the blockchain could be altered to reverse losses, the entire premise of immutability would collapse.

Another faction argued the opposite: The DAO represented a massive share of the ecosystem and allowing the attacker to keep the funds could destroy confidence in Ethereum entirely. 

While the community debated, a group of white hat hackers launched another reentrancy attack. Their goal: secure the remaining funds. 

The core development team finally proposed a radical solution:

A hard fork.

By modifying the Ethereum protocol, the network could rewrite history and move the stolen funds into a refund contract and Token holders could then reclaim their Ether. After weeks of debate, voting, and community coordination, the fork was executed.

On July 20, 2016, at block 1,920,000, the Ethereum blockchain split.

The new chain reversed the DAO exploit.

The original chain continued unchanged.

Block 1920000 was the first of the fork. (Image source: blog.ethereum.org)

The fork created two parallel networks. The majority of users followed the modified chain, which continued under the name Ethereum.

A minority refused to accept the intervention and continued running the original blockchain, which became known as Ethereum Classic.

Both chains still exist today, so the exploit had not only drained millions in Ether but it had permanently divided the Ethereum ecosystem.

Act 5 – Conclusion

The DAO hack demonstrated something fundamental about decentralized systems. Smart contracts remove intermediaries, but they do not remove risk.

Code can fail, assumptions can break, and when they do, there is often no authority capable of fixing the damage. In this case the Ethereum community chose to intervene and in doing so, it preserved the network — but also proved that even decentralized systems ultimately rely on human governance.

The DAO began as an experiment in autonomous finance and ended as the first major constitutional crisis of Ethereum.

This article continues the casefiles documenting major incidents in the history of cryptocurrency. Previous entries examined Mt. Gox and BTC-e, events that revealed failures in exchanges and financial infrastructure. The DAO hack exposed a different weakness.

The risks embedded directly in code.

If you found this casefile interesting, consider following the series as we continue tracing the history of crypto crime and collapse.

Stop the Dev.