The DAO attack threatens not only Ethereum, but also the R3 blockchain consortium

Given the growing reputation for blockchain security, the impact of The DAO attack is likely to be a disaster not only for The DAO and Ethereum, but also for the R3 banking consortium and its members.

What happens if a smart contract fails?

A 'hard fork' would mean rolling back all transactions to a point before the theft. A 'soft fork' would mean blocking all transactions from the attacker's address. The other option is to do nothing because 'everything is working fine'.

Of course, doing neither a hard fork nor a soft fork is not an option, as DAO token holders want to get their funds back. However, a hard fork, as sound as it sounds, goes completely against the basic principles of a distributed autonomous ledger.

Patrick Murck, a lawyer and fellow at Harvard University's Berkman Center, said:

“Smart contracts are code, it’s unstoppable code, it’s unbreakable, it’s self-executing and autonomous — until it goes wrong. Then, ‘No no no no, this is theft’ is some social norm that we attach to the code, not the code itself, and then we stop the whole system. Is this what we do every time a smart contract goes wrong? Or is it just because there are a lot of Ethereum insiders in The DAO who also suffered losses?”

In other words, if the bug is in the code, then it is actually part of the contract. If a self-sufficient smart contract has a fallback, then what is the so-called smart?

Ethereum founder Vitalik Buterin proposed a soft fork:

“Miners and mining pools should continue to trade as normal, and if they agree with the Ethereum ecosystem taking this path, they should wait for the soft fork code and be ready to download and run it. DAO token holders and Ethereum users should wait and see and remain calm. Exchanges should feel safe resuming trading of ether.”

Current progress

Ethereum Foundation lead developer Alex van de Sande has posted an update on what happened on Reddit — and there has been a white hat fight back.

As attackers continue to drain Ether from the DAO community, an independent developer calling himself ‘Robin Hood’ has staged a white hat counterattack and has now transferred over 7 million Ether from the DAO’s own ‘child DAO’.

Dapp developer Fabian Vogelsteller said on Twitter that a soft fork is currently being worked on to save the stolen ether.

The Ethereum Foundation has publicly released a new version of the Geth client software, providing an update to freeze all funds stolen from The DAO, effectively rendering them unusable. The hackers will not be able to withdraw the funds.

How did the R3 blockchain consortium respond to the DAO attack?

Todd Mc'Donald, co-founder and head of product at R3, wrote on the R3CEV blog that 'The DAO crisis is like prematurely judging a young basketball player's future.' He pointed out that it was unthinkable to raise more than $100 million through a very young platform and assume that no one would try to attack it. As American Banker said, human intervention seems necessary, even though decentralized automatic systems sound so attractive today.

Kathleen Breitman, senior strategic researcher at R3, also believes that it is time for the blockchain community to wake up and think more thoroughly about the security and governance of distributed ledgers. According to Breitman:

“Although some computer scientists found some deficiencies in The DAO and called for a moratorium on the project, The DAO management team refused to listen and was soon attacked.”

So, R3 seems to be blaming the DAO management for the incident, rather than the blockchain itself. What may happen next is that this hack will provide a lesson for avoiding such problems in the future.