Ever heard of Ethereum? It’s Bitcoin’s experimental younger brother, and its community has just been shaken by a massive hack that stole more than $50 million from one of the biggest organisations in the community, The DAO. Here’s what you need to know.
What is Ethereum?
It’s a decentralised cryptocurrency.
In plain English, that means it’s a digital currency that doesn’t have any single central bank. Instead, its users collectively contribute computing power towards maintaining the network — like Bitcoin.
Ethereum differs from bitcoin in that it can run smart contracts — contracts that execute themselves entirely autonomously when certain conditions are met. An auction might automatically transfer deeds of ownership to the highest bidder after a certain time has elapsed, or father’s contract might automatically send his son a set amount of money every year on his birthday.
While it’s not on the same scale as Bitcoin, it’s still pretty huge. It has ballooned in value over the last year, with a market cap of $1.4 billion, and one Ether (or ETH, a unit of the digital currency) is currently worth $16.76.
And what’s the DAO?
DAO stands for Decentralised Autonomous Organisation, something anyone can build on top of Ethereum’s platforms. They’re organisations that operate according to predefined rules, and don’t have a board of directors or leadership in the traditional sense.
In this context, we’re talking about The DAO — a hugely successful organisation that manages its investors’ capital. It has had huge amounts of money pumped into it by 11,000 people in the Ethereum community — more than $150 million. (Its funding was arguably the largest crowdfunding campaign ever.)
Collectively, they will decide how to allocate this capital, like a next-generation Kickstarter, or a crowd-sourced venture capital firm.
So what went wrong?
A vulnerability was discovered earlier this month that lets an attacker, in some circumstances, drain the contents of smart contract wallets storing Ether.
An attacker — we don’t yet know who — took advantage of this vulnerability to attack the DAO’s holdings early Friday morning, with devastating consequences.
They managed to drain 3.6 million ether from the organisation, while the community went into meltdown. The price of the digital currency plummeted, from record highs of $21.50 to just $14, before recovering somewhat.
The total value of the Ether taken, depending on whether you value it by the pre-hack highs or the mid-hack lows, varies between $50 million and $79 million.
Is the Ether gone for good?
Unlike some previous attacks on digital currency organisations, the attacker has been unable to make a swift getaway and launder their ill-gotten goods to evade being tracked. This is because the exploit moved the funds into a “child” DAO, where they can’t be moved for 27 days, according to Ethereum founder Vitalik Buterin.
Meanwhile, the developer community is looking for ways to recover the Ether. Buterin and other developers have proposed a solution that will create a “soft fork” that prevents the attacker from being able to make valid transactions with the stolen Ether, followed by a “hard fork” that recovers the Ether and returns it.
Because Ethereum is decentralised, these changes can’t be pushed through voluntarily: They have to be accepted by the network of users running Ethereum’s software to take effect. In a soft fork, users running different versions are able to communicate and transact — but following a hard fork, the two versions are total incompatible. This means any decision to hard fork is a serious matter, and is debated heavily.
Does anyone oppose this solution?
There is actually significant opposition to the proposal to fork Ethereum to tackle the issue. It’s DAO’s fault, dissidents argue, and adjusting the code in response to this incident betrays the sanctity of the blockchain. “The attacker just used the code as it is written,” said one community members of DAO’s chat channel on Slack. “The people who wrote/audited the code need to be held accountable.”
“The contract is law according to The DAO’s terms of service, [the attacker] didn’t break the rules of that, he used his prescribed access to take the funds he was allowed,” argued another.
Ultimately, the decision will be taken by the community. The merits of both options will be debated, and if consensus cannot be reached, then the community may take the nuclear option — and split.
In such an occasion, only one version would ultimately survive — but it could damage the digital currency’s credibility in the process.