What does the DAO hack mean for banks?

Rage Comment : After the DAO organization was hacked, it lost up to 60 million US dollars. In order to prevent the loss of funds, there are two solutions: hard fork means that the attacker is not allowed to use these illegally obtained funds in the next 27 days. During this period, the Ethereum community can return all transactions on the network to before the theft; soft fork means updating the network and blocking any transactions from the attacker's Ethereum address. This will undoubtedly violate the principles of Ethereum, and the final decision is still pending. The impact of the loss of funds is far less than the impact of the questioning of the feasibility of the DAO management structure, because it is related to the trust issue of DAO, and banks will also be cautious about DAO projects.

Translation: Nicole

Changing the rules while the game is in progress, rescuing investors who take huge risks at the expense of those who operate cautiously, and overdrawing the credibility of the system.

No, we are not reminiscing about the financial crisis of 2008. Just this Friday, these familiar scenes were repeated in the world of digital currency - $60 million was stolen. This incident will have long-term effects on the viability of distributed systems and smart contracts, and will also raise questions for banks that have been considering using the Ethereum network as their own blockchain solution.

The attacker stole funds — called ether, Ethereum’s native currency — from an automated venture capital fund called the DAO. The most controversial proposed solution was to go back in time to before the attack to find the cause of the theft, like Superman turning back time to save Lois Lane. This would simply be a bailout for the DAO’s troubled investors, undermining the credibility of Ethereum itself.

Here’s what we know about the breach, its consequences, what we don’t know, and what it means for financial institutions exploring the promise and dangers of distributed ledger technology.

What we know

The Dao, which stands for Decentralized Autonomous Organization, was released as an open-source project in May. The work of German startup Slock.it, the DAO runs as a smart contract on Ethereum, a public digital currency blockchain similar to Bitcoin.

The month-long public sale of DAO tokens (Ether), which can be used as investment shares, raised $162 million worth of Ether, which was called the most funded crowdfunding project in history by the Ethereum community.

Like other smart contracts, of which there have only been a few examples so far, The DAO can automatically execute the terms written into its code without human intervention. Indeed, proponents argue that because contracts are code, smart contracts — which exist on a blockchain and are visible to all parties — can be more efficient and transparent than traditional contracts.

What is known now is that if the code has vulnerabilities, the consequences can be catastrophic.

The attacker discovered a previously unknown code vulnerability in the DAO, taking 3.6 million ether into a separate entity, called the "Child DAO." In one fell swoop, $60 million was lost, causing the price of ether to plummet after news of the intrusion emerged. At the time of writing, $50 million was lost.

In a Reddit post, Ethereum founder Vitalik Buterin asked online digital currency exchanges to delay ether transactions and storage of ether until Ethereum's core developers can stop the loss of funds.

In a sense, nothing was stolen; the DAO’s rules prevented the attacker from using the ill-gotten funds for the next 27 days, during which time the Ethereum community could either revert all transactions on the network to before the theft — a so-called “hard fork” — or update the network to block any transactions from the attacker’s Ethereum address, a “soft fork.”

Either option would require the network’s miners to agree to install a new version of the ethereum software in place of the existing one.

Buterin, who supports the soft fork, said in a recent blog post that he was “encouraging miners to update to clients that support this.” Neither Buterin nor Slock.it responded to requests for comment by Friday’s deadline.

In a separate post on their own blog, ethereum core developers similarly proposed a fork that they hope will allow the community to “choose to agree on an alternative state of the world.”

However, such a move would seem to go against the whole spirit of the Ethereum project, said Patrick Murck, a lawyer and fellow at Harvard University’s Berkman Center. It would be an economic aid to a single smart contract with a large number of Ethereum users.

He said:

“Contracts are code, and this is unstoppable, unbreakable, self-executing, anonymous code — and everything just went wrong. And then to say, ‘No no no, this is theft!’ is a social norm that we give it, not because of the code, and then we’re going to stop the whole system to get out of this. Do we have to do this every time a smart contract goes wrong? Or is it because there are a lot of Ethereum insiders in the DAO?”

What we don't know

In addition to investor losses, the theft raises questions about the management of decentralized systems.

If the top investor in a project like the DAO is also one of the leaders of the blockchain network, how can they get out of trouble and even stop harming ordinary users? On the other hand, can a complex system with $1 billion without a central leader - as Ethereum does - properly handle this crisis? Alexis Roussel, co-founder of Bity (a digital currency exchange that partnered with Slock.it to launch a business contract service related to the DAO), said that in the early days, open source projects need "enlightened and friendly dictators" to slow things down.

Linus Torvalds, the creator of Linux, is one example. Even Satoshi Nakamoto, the creator of Bitcoin, tracked the network this way in the early days of Bitcoin.

Once a project gains momentum, the initial leader can step back and let true community consensus rule in his place. Bitcoin has already crossed that point, Roussel said, while Ethereum has not yet reached it.

Peter van Valkenburgh, director of research at Coin Center, a Washington-based think tank, agreed that Ethereum is still a nascent ecosystem beset by challenges.

Peter van Valkenburgh

He stated in the email:

“This is a laboratory in community governance, and it won’t always be this wonderful, but it’s important that we get this process to the end and see the development of these fantastic new tools in the long term.”

As for the future of the Ethereum network, no decision has been made so far. Will these miners choose a hard fork or a soft fork, or resign in the face of the hundreds of millions of dollars in losses?

Some experts say that if Ethereum chooses to fork, the impact on its reputation will be huge.

Emin Gön Sirer, co-director of the Digital Currency and Contracts Initiative at Cornell Tech, said:

“If a smart contract can be reversed, how is it better than a regular contract?”

Murck further said:

“The DAO thing was bad enough, but it feels like we’re looking at ethereum from a critical perspective, and they can either do the hard thing and apologize and say, ‘I’m sorry, that’s how open systems work,’ or they can make ethereum a little bit worse and set a precedent that they will censor transactions and undo mistakes.”

This pain-and-tear approach is appealing because it avoids ethical hazard while preserving the principles of the network. On the other hand, Sirer said, “The purpose of DAOs is not to be a hacker competition. That doesn’t end well and it creates a lot of headaches.”

Further impact

To date, even large banks have invested heavily in blockchain research and collaboration, attracted by its ability to save costs, attract new customers, and increase transparency. Ethereum has positioned itself as the main platform for blockchain solutions, thereby reducing the need for expensive lawyers and compliance officers.

But in light of what happened with The DAO, banks will need to tread carefully.

Sirer said:

“Writing smart contracts is much harder than people think, and the language used needs to be designed to create robust and understandable code. Writing code is easy, but writing documented and secure code for financial contracts is not so easy.”

The DAO itself may have failed. It is still operational, meaning that token holders can launch projects and invest in worthy ones, but it seems unlikely that trust will be won back. Companies may not crowdfund through the DAO again, and investors are unlikely to receive risk-adjusted returns.

Kirill Gourov is an early Bitcoin adopter and analyst at Expand Research, where he covers news on fintech and potential blockchain applications across a variety of industries.

Kirill Gourov

He said:

“The viability of the DAO governance structure is questionable. You lose the benefits of the trustees, the fund managers who are legally responsible for representing the interests of their clients. You lose compliance controls on withdrawals, and you lose all legal recourse because there is no single responsible party.”

In other words, while decentralized systems and automation are trendy, human involvement is still necessary in many areas.

Gourov said:

“Look at traditional money management and financial services, with the right security measures and compliance protocols in place, and you’ll see the downsides of fully automated processes.”

Looking at the issue of certificates, we can’t help but reconsider the degree to which smart contracts can be self-sufficient. Murck asked:

“If you think about it, the contract is code, can it be stolen? I mean, the vulnerability is in the code.”