Ethereum Blog

CRITICAL UPDATE Re: DAO Vulnerability

Introduction

user

Vitalik Buterin


LATEST POSTS

Roundup Round III 24th May, 2017

Ethereum Dev Roundup: Q1 (Boring Edition) 07th April, 2017

Uncategorized

CRITICAL UPDATE Re: DAO Vulnerability

Posted on .

An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.

The leaked ether is in a child DAO at https://etherchain.org/account/0x304a554a310c7e546dfe434669c62820b7d83490; even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for the child DAO). This is an issue that affects the DAO specifically; Ethereum itself is perfectly safe.

A software fork has been proposed, (with NO ROLLBACK; no transactions or blocks will be “reversed”) which will make any transactions that make any calls/callcodes/delegatecalls that reduce the balance of an account with code hash 0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba (ie. the DAO and children) lead to the transaction (not just the call, the transaction) being invalid, starting from block 1760000 (precise block number subject to change up until the point the code is released), preventing the ether from being withdrawn by the attacker past the 27-day window.This will provide plenty of time for discussion of potential further steps including to give token holders the ability to recover their ether.

Miners and mining pools should resume allowing transactions as normal, wait for the soft fork code and stand ready to download and run it if they agree with this path forward for the Ethereum ecosystem. DAO token holders and ethereum users should sit tight and remain calm. Exchanges should feel safe in resuming trading ETH.

Contract authors should take care to (1) be very careful about recursive call bugs, and listen to advice from the Ethereum contract programming community that will likely be forthcoming in the next week on mitigating such bugs, and (2) avoid creating contracts that contain more than ~$10m worth of value, with the exception of sub-token contracts and other systems whose value is itself defined by social consensus outside of the Ethereum platform, and which can be easily “hard forked” via community consensus if a bug emerges (eg. MKR), at least until the community gains more experience with bug mitigation and/or better tools are developed.

Developers, cryptographers and computer scientists should note that any high-level tools (including IDEs, formal verification, debuggers, symbolic execution) that make it easy to write safe smart contracts on Ethereum are prime candidates for DevGrants, Blockchain Labs grants and String’s autonomous finance grants.

This post will continue to be updated.

profile

Vitalik Buterin

https://ethereum.org

Comments
user

Author Mark Messer

Posted at 1:10 pm June 17, 2016.

“avoid creating contracts that contain more than ~$10m” – pretty ironic.
May the security be with you

Reply
user

Author R Hartness

Posted at 1:19 pm June 17, 2016.

“Contract authors should take care to (1) be very careful about recursive call bugs” Is this bug a bug within Ethereum or part of the design of the DAO smart contract?

Reply
    user

    Author Vlad Cealicu

    Posted at 1:25 pm June 17, 2016.

    It’s a bug with Ethereum

    Reply
      user

      Author Eric Botticelli

      Posted at 1:29 pm June 17, 2016.

      It’s got to do with the Dao, which is built on top of Ethereum. There is no vulnerability to the ether that is stored in your wallet.

      Reply
        user

        Author Vlad Cealicu

        Posted at 2:02 pm June 17, 2016.

        Yes sorry, I edited the answer. I did not mean to spread panic.

        Reply
          user

          Author Mugiwara No Luffy

          Posted at 4:03 pm June 17, 2016.

          But well, I think everyone is selling their ether right now, so it’s better for us. We can buy lower priced ether very soon 😛

    user

    Author Raine Revere

    Posted at 7:35 pm June 17, 2016.

    Bug within the DAO, not Ethereum, although it is a surprisingly easy developer mistake to make within Ethereum.

    Reply
user

Author 0x0F55EE6831A7b371cC8d68F22A8c

Posted at 1:20 pm June 17, 2016.

I expect an apology of the development community, in that senior Ethereum people were curators at the DAO, they should have noticed. This should be more important than “the mt.gox of Ethereum” indeed.

Reply
user

Author 0x0F55EE6831A7b371cC8d68F22A8c

Posted at 1:35 pm June 17, 2016.

Not looking good for ethereum http://i.imgur.com/qJw5v4b.jpg

Reply
user

Author Alexander

Posted at 1:38 pm June 17, 2016.

“History is the version of past events that people have decided to agree upon.” – Napoleon Bonaparte

This is the sane and democratic thing to do. This shows the community can rally and defend the network from attackers. Human consensus beats machine code – and aren’t we glad. Congratulations for resolving the issue so quickly!

Reply
    user

    Author Vlad Cealicu

    Posted at 1:46 pm June 17, 2016.

    Congratulations for resolving the issue so quickly! Well said!

    Reply
      user

      Author Swapster_com

      Posted at 10:24 pm June 18, 2016.

      What was resolved? Nothing.

      Reply
        user

        Author Exay Bachay

        Posted at 11:11 pm June 18, 2016.

        This is called “I don’t read, but I post” 🙂

        Reply
    user

    Author R Hartness

    Posted at 2:09 pm June 17, 2016.

    And this line of logic leads to federal banking systems and fractional reserves. If you want higher-powers-that-be to control the flow of your money, then trust the governments that are already in play.

    Reply
      user

      Author R Hartness

      Posted at 2:30 pm June 17, 2016.

      To be clear, if this happened due to an exploit in the software, then I can accept a hard fork fixing the issue. However, if the DAO team made a mistake in the way they designed their smart contract, as an issue of principle, they should not be “bailed out” by the Ethereum team because they are “to big to fail.” Hard lessons like these teach the cryptocurrency community at large to do their homework and to be excessively (and obsessively) diligent with their security.

      I feel sorry for all who have, or would have lost, funds today. However, rollbacks have no place in a decentralized economy UNLESS they are integrated into they system as part of the rules that govern how the system operates, from within the mechanics of the software or specification.

      Reply
        user

        Author brbsix

        Posted at 4:12 pm June 17, 2016.

        Vitalik is not chairman of the Fed. AFAIK, he has no intrinsic power to enforce a fork or rollback. If you read his statement more closely, this is clear. It’s simply a proposal. It still has to reach a consensus, something that has a central role in a decentralized economy and operates “within the internal mechanics of the software or specification”.

        Reply
          user

          Author gravitate

          Posted at 4:39 pm June 17, 2016.

          this is a serious blow to the crypto world if you let a hacker walk away with 50 mill. It would be game over. I guess you had no investment in this? I did I put in 20 BTC. so for someone like you to turn around and say its not in line with crypto values that we get a refund is crazy. But it annoys me all the same. Im pretty sure you would not write that trash if you had invested yourself. No offence to you just please keep your nose out of other peoples money.

          user

          Author brbsix

          Posted at 5:09 pm June 17, 2016.

          Where did I say “it’s not in line with crypto values that we get a refund”? I said that this was a proposal for a fork, that a consensus is required, and that consensus changes are central to decentralized economies.

          I’ll respond to you all the same. No one owes you a refund. There’s no customer service department to reverse fraud or error. I’ve been massively burned by this before. It’s the nature of the game. There’s no dictator here, it’s up to stakeholders to decide whether to accept a fork or rollback. That’s how direct democracies work. Don’t bitch to me about it.

          user

          Author swift11

          Posted at 5:42 pm June 17, 2016.

          “Im pretty sure you would not write that trash if you had invested yourself.” = totally irrelevant

          user

          Author Nemo cent trentesix

          Posted at 6:45 pm June 17, 2016.

          “if you let a hacker walk away with 50 mill. It would be game over”

          Actually, no, hackers stole many of bitcoins in the mtgox theft, bitcoin is still thriving. Modifying the ethereum VM (low level) to prevent a hack resulting from a contract (high level) bug would prove that ethereum is not decentralized and is actually controlled by a few people with specific interests. This would actually kill what many people see in ethereum: a tool, agnostic on its content.

          user

          Author WhitePhantom

          Posted at 11:26 pm June 17, 2016.

          If one can call Mark Karpeles a hacker.

          user

          Author mikehorton

          Posted at 12:12 am June 18, 2016.

          If this fork can only take place if consensus is reached, doesn’t that prove that the system is decentralized?

          user

          Author Matt McGivern

          Posted at 12:40 am June 18, 2016.

          Yes, however in the interest of spreading fear for personal gain, journalists and trolls will not be addressing this fact. That’s probably the biggest injustice of all in this entire situation.

          user

          Author Coenraad Loubser

          Posted at 12:44 am June 18, 2016.

          Relax, the media does what it does. This is a chance to buy. One day when more people can think for themselves, you’ll be a few years ahead…

          user

          Author Matt McGivern

          Posted at 1:32 am June 18, 2016.

          I fully agree. I should have made that clear. This is a big opportunity. I’m just disappointed by fear mongering.

          user

          Author bluerocket

          Posted at 12:20 pm June 19, 2016.

          Then we as a community need better journalists.

          user

          Author bluerocket

          Posted at 12:20 pm June 19, 2016.

          Then we as a community need better journalists.

          user

          Author bluerocket

          Posted at 12:20 pm June 19, 2016.

          Then we as a community need better journalists.

          user

          Author bluerocket

          Posted at 12:20 pm June 19, 2016.

          Then we as a community need better journalists.

          user

          Author Mirco Romanato

          Posted at 10:44 pm June 18, 2016.

          This prove the system (miners only) is decentralized but have no neutrality
          If a mob, for what reason, is able to modify the ownership of coins or contracts at will, the level of trust in the system will fall very very low.

          In a smart contract, the contract actually coded is what matter.
          This is / appear to be a bug in the code of TheDAO, not a bug in the code of Ethereum.
          If you fork, roll back, Ethereum to save TheDAO you must put a rule in ethereum giving the same ability to everyone in the same condition of The DAO.

          The contract of the TheDAO clearly state the only source of authority is the code of The DAO. So, I suppose everything the founders of TheDAO have written is intentionally written. If they did unintentionally, it is their fault.

          What would happen, in the future, if the people writing the contract change their mind and claim some feature do not work as intended. Do Vitalik do the same for them every time? And the people using that feature in good faith (or not do not matter)?

          The reality is smart contracts should be tested in real life with something you can lose before testing them with something you can not lose.
          The DAO was like very smart engineers building the Titanic without trying to build a raft before to see if their ideas work as intended.

          TheDAO was the result of their hubrys.ANd they paid the consequences.

          On the other place, the people subscribing TheDAO just because it is big with a lot of smart people leading, got rewarded for their foolishness.

          user

          Author voronwae

          Posted at 7:53 am June 20, 2016.

          Using the DAO’s contract to steal from the DAO is just executing the contract in bad faith. Execution of any contract in bad faith does not hold up in a court of law, and in many cases can be prosecuted as theft or fraud.

          All money is technological invention. For the first time, we are inventing smarter money. We’ve just recognized with ether that we have a new ability, the ability of theft prevention. Now we have to label it as such and decide when and how often to use it.

          Theft prevention and recovery are not new concepts. They’ve just not been previously built into money as a feature.

          user

          Author Mirco Romanato

          Posted at 12:09 pm June 20, 2016.

          Wrong on so many levels:
          Steal is just an arbitrary judgement in this case as stealing is wrong but there is no WRITTEN contract allowing this to happen.
          The TheDAO’s developers wrote a contract to shield themselves from liabilities coming from the code having bugs; they explicitly wrote the only source of authority in TheDAO is the code written and there is no plain language (or legalese) contract available anywhere.

          In a court of law there is a legal principle called estoppel that do not allow you to argue in you favor with an argument you argued against in your favor previously.

          TheDAO developers can no have it in both ways.
          Or they are shielded by their contract for the shit they wrote in the code or they are not. And if they are not, the people contributing funds to TheDAO can sue them for damages (“The Attacker” included).

          I suppose Ethereum want to be a neutral medium to execute contracts.
          If it is a neutral medium, it is a stupid medium working in the same way for everyone, everytime, everywhere. Ethereum MUST not know right or wrong, like the TCP/IP give a damn rat’s ass to what the data it move is representing.

          If you want the money back from “The Attacker” you go down the old way to do things:
          1) You track her down
          2) You draw her in front of a judge, present your case and “The Attacker” defend herself there
          3) The judge give his judgement
          4) If it is in your favor, you apply all the allowed methods to get the funds back (you cage her, starve her, beat her, etc.).

          user

          Author swissmade

          Posted at 1:51 pm June 23, 2016.

          Bravo! the best conclusion so far!

          user

          Author Coenraad Loubser

          Posted at 12:36 am June 18, 2016.

          Much much more than this happens in credit card fraud on an ongoing basis and I don’t see anybody condemning credit cards?!

          user

          Author Neftali Ventura

          Posted at 7:26 pm June 19, 2016.

          Most credit card have an insurance, maybe that’s what this kind of projects needs.

          user

          Author Coenraad Loubser

          Posted at 11:14 am July 13, 2016.

          The funny thing is that most techies in this space will say it doesn’t.

          Because “insurance” is what the world knows, whoever adds it will probably be successful.

          The core reason it doesn’t need insurance, is because it’s insured by elegant mathematics.

          There’s no bank or government that can issue more of this currency or mark some bills if people make mistakes, it’s very democratic in that way – and the whole “The DAO” fiasco makes for an interesting case study.

          The only way to get your money back if you pay the wrong account, is for the recipient – if they exist – to pay it back to you voluntarily. While that sounds scary, it’s easy to prevent with competent wallet software.

          In a nutshell, what this needs is competent software, a competent bank and competent users. Since neither exists… I think you’re right… perhaps what it needs is a new type of insurance.

          … But the question then remains… is there anything new about this? Or is the “trust of the crowd” the only insurance we need?

          user

          Author Swapster_com

          Posted at 8:51 am June 18, 2016.

          It took three years for Bitcoin to recover from MtGox. I lost 3.1 BTC on Gox, and that made me leave the crypto space until this past March. Back in… mostly because of Ethereum. And now to have this $50 million hack… ah… makes me wonder if this technology has a future.

          user

          Author Robbie

          Posted at 1:26 pm June 18, 2016.

          Not true. Ethereum is not controlled by few people, but by consensus. Those few people – just offer a solution

          user

          Author voronwae

          Posted at 7:47 am June 20, 2016.

          After MtGox, it took btc two and a half years to recover half of its value.

          What makes a currency succeed is a perception that it is safe and stable. Allowing the theft of $55M worth of ether does not paint ether as safe and stable, and both miners and investors should be aware of this fact.

          Undoing this theft enhances the value of ether.

          user

          Author Coenraad Loubser

          Posted at 10:10 am July 15, 2016.

          Quite pragmatic. I’ve gone from fundamentalist, to pragmatist, and you have elegantly summarized why.

          user

          Author Andrey Fedorov

          Posted at 8:48 pm June 17, 2016.

          That’s a bit selfish, no? Ethereum’s governance process is a bit more important than your money, and if you didn’t want to risk losing it, you should have “invested” it into an FDIC insured account.

          user

          Author gravitate

          Posted at 9:51 pm June 17, 2016.

          yeah selfish if it was just me I wouldn’t be wasting my breath. BUT we are talking about 150 million here. Give me a break. anyway by the time its hard forked eth will be in the sewers. So everyone has lost anyway.

          user

          Author voronwae

          Posted at 7:55 am June 20, 2016.

          That’s exactly it. The only solution which would enhance ether’s value would be to keep the DAO intact, correct its flaws, and reverse the theft. All of the milquetoaste solutions proposed thus far cast FUD on ethereum.

          No one has recognized yet that we have a new ability we’ve never had with fiat currencies.

          user

          Author gravitate

          Posted at 9:05 am June 20, 2016.

          100% agree with this

          user

          Author Swapster_com

          Posted at 8:52 am June 18, 2016.

          $50 million dude… give me a break.

          user

          Author Andrey Fedorov

          Posted at 11:35 pm June 18, 2016.

          Yes… $50m. To some people, that’s a lot of money. For others, it’s a tiny fraction of their net worth. Your point is…

          user

          Author webbywizard2

          Posted at 5:48 pm June 17, 2016.

          I think R hartness, makes some very compelling points here.

          This really does feel like the crypto equivalent of “too big to fail”.

          As he points out, will we fork again if it happens again ? if we do will that only be if the theft is as big again ? what about ‘nearly as big’ ? no ? if not, who is deciding how “big” is “big”

          This leaves me uneasy….

          user

          Author Pete RePete

          Posted at 8:27 pm June 17, 2016.

          Actually the too big to fail required people who have not taken risk to PAY those who have failed. But in this case The proposal carries ZERO financial burden to fix no?

          I don’t think its the same In fact I think this is very good news that people could recover all the funds with a simply fork.

          The other thing is there a way to safegaurd this from within the contract? for a DAO / CONTRACT to block or reverse this tx activity ‘upon consensus’ right into smart contract / organization ? So if some other bug appears in the future its not catastrophic and requires no forking? or maybe I just don’t know what the fork im talking about?

          user

          Author hadees

          Posted at 10:36 pm June 17, 2016.

          The point I think you are missing is we are all deciding this. If enough of us don’t fork then nothing will change.

          user

          Author boudiaf abderahmane

          Posted at 11:45 pm June 17, 2016.

          Cloud Mining

          Seven data-centres. High earning power.

          Return on investment within 5 months.

          15 KH/s to every new user for free and forever.

          Try mining today! here : http://bit.ly/1QcgVfV

          user

          Author sLy5aM

          Posted at 3:46 am June 18, 2016.

          fuck off

          user

          Author webbywizard2

          Posted at 2:54 pm June 20, 2016.

          You are deciding on what appears to be an open and shut case, but the DAO itself is actually a distraction.

          Ignoring the size of the potential loss for a moment. The issue for me is not whether this is compelling enough for a hard fork, but that if you do do this, what about next time ? You have set a precedent and completely renegotiated something which should be non-negotiable.

          Who will be deciding on the next hard fork due to the next fuck up ? If we start talking about a theoretical show of hands as some have suggested as a means of deciding this, then that sort of thing can be manipulated.

          I think this completely pollutes the sanctity of ether/ethereum, due to faulty coding at the DAO, surely these two things should be completely uncoupled ?

          I say this as someone who own ether too…I genuinely believe that letting the DAO fall and letting ether take its’s lumps, would be the best thing in the long run.

          user

          Author Coenraad Loubser

          Posted at 12:43 am June 18, 2016.

          No he makes just one: the obvious fact that conventional banking is quite solid as evidenced by the fact that so many people trust and use it. But it has much bigger flaws that this and much dumber people can exploit it as compared to this.

          user

          Author voronwae

          Posted at 7:44 am June 20, 2016.

          I think most people would agree that a theft has taken place, at the very least an execution of a contract in bad faith.

          The decision of whether or not to do this sort of correction in the future is a feature of Ethereum that fiat currencies do not have. We do, as you point out, need to decide when the tool should be used. But the fact that the tool exists should be hailed.

          user

          Author Heretic

          Posted at 7:48 am June 18, 2016.

          That doesn’t matter. During the Mt. Gox fiasco, no bitcoin devs offered to fork the software or blacklist transactions. In this case a bad precedence is set. This shows the immaturity of the dev team.

          user

          Author tesseramous

          Posted at 8:45 am June 18, 2016.

          It only requires a consensus of mining pool owners (a few businessmen), not the consensus of the people

          user

          Author LipDa

          Posted at 2:10 pm June 27, 2016.

          Miners are not stupid, they can leave the pool / start a new pool to express their opinion.

          user

          Author tesseramous

          Posted at 2:51 am June 28, 2016.

          Miners only care that they make money, and they don’t represent the entire community. You have these miners running farms with a huge amount of hashpower holding a lopsided majority vote. Meanwhile you have the end users who write and pay for contacts holding no vote whatsoever. How is that a community consensus?

          user

          Author LipDa

          Posted at 11:37 pm June 28, 2016.

          The miners could do whatever they want, they dont even have to ask other community members… Until this time noone was aware of this?

        user

        Author Shenpen

        Posted at 4:17 pm June 17, 2016.

        Please don’t forget that it is not about bailing out the DAO team but its hapless investors. The DAO is over, it is closed, experiment failed and probably everybody at Slock feeling very embarrassed – it is just about allowing investors to back out.

        Reply
          user

          Author R Hartness

          Posted at 4:24 pm June 17, 2016.

          We must consider two things in the midst of the panic– precedent and importance! Yes, a lot of people are being hurt and this is a HUGE theft. However, who determines how small of a hack is to small to not get it’s own hard fork option. How do we determine which DAO teams were competent enough that their projects are worthy of special service when hacks happen? Conversely, what if a project is obviously a scam to the 99% but a 1% of people also significantly invest in a DAO. What if a DAO turns out to be an undeniable scam but had all signs of being legit at the front end?

          There are many cases one can imagine where investors can get scammed, however, that doesn’t mean that we need to integrate into the software “patches” to rollback transactions, block accounts or fork the chain at a specific point, whether consensus of the masses except it or not.

          An underlying philosophical benefit to cryptocurrency is that money, or value, is transferred and managed within a deterministic system. If the set rules of the system are not broken, all transactions are valid, even if exploited by means outside of the software, or faults of individuals who operate on top of the currency.

          user

          Author mikehorton

          Posted at 12:14 am June 18, 2016.

          Who determines how small of a hack is to small to not get it’s own hard fork option

          Um, the miners.

          user

          Author Coenraad Loubser

          Posted at 12:46 am June 18, 2016.

          …and those who own Ethereum. And those who wield the code… if they are smarter than those who wrote the code before, scrap the “owns Ethereum” part.

          user

          Author voronwae

          Posted at 8:02 am June 20, 2016.

          You’re approaching this issue as if we’re all playing Eve Online – anything goes.

          But there should also be a recognition on your part that large-scale theft is also philosophically undesirable, and this particular theft has the ability to showcase or break ether as a currency. As I write, ether is growing lower and lower in value, just exactly what you’re really arguing we’d like to avoid. It’s not fear that the DAO might be rescued that’s driving ether lower; it’s the overall perception of ether as unstable and unsafe. No one wants to hold it, and the smart contract feature of the currency is being perceived as a bug.

          If a fiat currency is perceived as unstable and unsafe, it generally disappears and sometimes takes a country with it. Certainly ether can be destroyed by this perception.

          user

          Author champion

          Posted at 5:04 am June 22, 2016.

          It seems very clear to me that if a hard fork is proposed and the community is divided on whether to accept it, then the hard fork will do what hard forks do and create two versions of the blockchain. One where the “hack” stands and one where it does not. Everyone could then choose which version of Ethereum they want to be part of. The “attacker” can both keep the ethers and lose them. Keeping them on one blockchain and losing them on another. This is also perhaps the answer to the legal issue raised by someone claiming to be “the attacker” saying that since the DAO contract consists only of the code that the ethers were “claimed” legitimately and no one has a right to “seize” the ethers from “the attacker”. That may be true, but “the attacker” has no right to stop anyone who wants to from creating a fork of their own that does not include the “hack” transactions. Arguably that doesn’t “seize” ethers from “the attacker” as he will still have the ethers he got from The DAO on the original, unaltered blockchain.

          user

          Author Coenraad Loubser

          Posted at 10:14 am July 15, 2016.

          For that, you have Bitcoin – because it seems nobody has enough of a hold over it to do this sort of thing there. Ethereum is clearly different, with a different community… and the market will ultimately decide… right?

          The fact of the matter is that nothing in this world is, has ever been, or will ever be static – except for the religious concept called “God” – and many will debate that.

          user

          Author Michail1

          Posted at 5:20 pm June 18, 2016.

          Wait, I can go into a casino and put it all on red. If I lose, I can back out my funds. (You know, because the ball didn’t bounce right).

          user

          Author gravitate

          Posted at 9:12 am June 20, 2016.

          either hard fork or it was a scam. there is no similarity between this and a casino and trivializing the loss of peoples money is pretty lame.

          user

          Author Michail1

          Posted at 5:44 pm June 20, 2016.

          ETH is one thing. DAO is another. For ETH to hard fork, because DAO lost funds is just as rediculous as the Government stepping in for a bailout because a bank loaned money to people buying houses that had no chance of paying off. Why should your and my money be worth less because we have to pay for Bob’s house in a bailout. Why should people investing in ETH pay for an issue with DAO. It’s DAO that should pay for the mistake, not ETH / everyone else. As for the casino, it’s the same thing. People who don’t gamble on the DAO concept shouldn’t have to pay when/if the DAO loses. (either in the short or long term). Just the idea of the fork has cost a lot of people money even without investing in the DAO.

          user

          Author voronwae

          Posted at 7:16 am June 21, 2016.

          In the case of the government bailout, having the banking system fail so that one can stand on principle is not a benefit to society. Granted, no restrictions were placed on the beneficiaries of this gift, and neither did these banks suffer much in the way of other consequences, but anyone who knows about the problem realizes the bailout itself was mandatory.

          There is some relation to the present. All currencies are technological inventions to allow goods and services to flow throughout society, and they are designed for society’s benefit. If you forget about society’s benefit in all of this, you’re leaving out a large portion of the entire equation. Society benefits from a safer currency and a general disapproval of fraud and theft, and that’s a very good argument for reversing the theft.

          Post forks, the Ethereum community needs to decide what to do with this new-found ability to revise theft. It’s a tool, and there must be a discussion about how and when it should be used.

          Perhaps there will be courts of “ethereum law” formed within the ethereum community, bodies of experts designated by the community to decide cases of theft and fraud in the future.

          user

          Author Coenraad Loubser

          Posted at 10:26 am July 15, 2016.

          Did the government hold a referendum and ask whether they should bail out the banks? Unless you’re an “irrational fundamentalist” you can’t really compare the two now, can you?

          Ethereum guarantees democracy and decentralization to a much greater extent than conventional governance does.

          How Ethereum differs is that even if they had a vote, and made a decision, they couldn’t just change things around… they still need the majority of the hashing power to actually actively make changes to support them. Do you see how, upon closer inspection, it’s actually completely different?

          Isn’t it more like a government having a referendum about what type of fuel all cars should run on – oil or batteries – and if batteries won, everyone would have to go and change their engines to electric?

          No.. it’s not because now I’m exaggerating in the other direction. Are you starting to see how exaggeration / fundamentalism can never be rational?

          It’s more like a month after the referendum, everyone had to go and swop out their bank cards… and anyone who has worked with large populations would testify to the fact that it’s easy to get people to say things, but difficult to get them to do things, and even if they voted for one thing, they most likely only voted for it to keep things as much the same as possible so they have to do as little as possible.

          It’s easy to vote, but difficult to make changes. Voting and doing are not the same thing, in conventional governance only a handful of power mongers need to make a change. Ethereum guarantees democracy and decentralization to a much greater extent than conventional governance does.

          user

          Author Michail1

          Posted at 4:14 pm July 15, 2016.

          guarantees democracy? Where did I get to vote on the DAO bailout? Just like the banks, it’s being decided by the few.

          They can’t just change things around as it would cause an even bigger issue and especially the possibility of making it was. In turn making it worse.

          It’s not like that car and fuel/battey, but to go with that line, it’s more like a brand of car. If a brand DAOCar suddenly blows up at 88MPH, then gov/car manufactures demand the the DAOCar company fix the issue. It’s not that the Gov/Car manufacturers (others) come up with a resolution for them.

          DAO is currently like cancer to ETH. ETH only lost over 60% of it’s value because of it. I am not saying that this all can’t be fixed. They’re doing a bang up job so far.

          user

          Author Mirco Romanato

          Posted at 10:52 pm June 18, 2016.

          It is wrong to allow investors to back out in this way.
          If they want get their money back, they must drag “The Attacker” in front of a judge and get a judgement. And then have him to give back what was taken.

          I have some doubt a judge will back them, just because the contract signed by the investors in TheDAO is clear. And it is a double-edged sword.
          It shielded the people writing TheDAO’s code from liabilities coming from every bug put in it intentionally or unintentionally. But doing it, it also shield “The Attacker” by making every action allowed by the contract licit.

          user

          Author voronwae

          Posted at 7:10 am June 21, 2016.

          That’s one avenue, the same avenue that investors would use with conventional currencies. But why not take a step back and think about what could be done with the benefits of the blockchain and smart currency?

          With the community’s approval, the theft can be reversed. But moreover, it might be possible to add policing mechanisms to ether to make a prohibition of fraud and theft structurally enforceable. Such a currency would be better for commerce.

          user

          Author tcarb

          Posted at 8:07 pm June 27, 2016.

          Isn’t that insurance?

        user

        Author Nick Rosa

        Posted at 4:37 pm June 17, 2016.

        No money was spent, no money was lost. The problem was contained already. And there is no blockchain rollback planned. If the attacker started spending all over the blockchain, that would be a real problem, but that’s not the case. The funds are locked in a child of the DAO for 27 days. The Ethereum Foundation is essentially doing The DAO a favor which benefits everyone. And if the Ethereum Foundation needs to play a small judicial role for issues which simply ~should~ get resolved, then so be it. Humans haven’t figured out the perfect mass governance algorithm yet, that is where a little centralization becomes useful (to the benefit of all).

        Will it slowly but surely devolve into subtle power struggles and conspiracies performed by people who have tasted power and wealth, yes of course! Look at the universe around you, get used to cycles. But until the day where we can no longer trust those who unquestionably do wield power in this system (mostly due to influence), growth is what’s in store, and growth makes everyone want to work together. Decentralization is the way to weaken barriers, centralization is the way to break through those barriers, gotta have both.

        Reply
        user

        Author Jeff

        Posted at 10:55 am June 18, 2016.

        I would like to understand the mechanics better of the soft fork and the hard fork. Is it correct that the fork could create two alternate universes: one where the money is “stolen” and the other where it is not? What mechanically happens if 30 percent accept the fork? 70 percent? 99 percent?

        Reply
          user

          Author Coenraad Loubser

          Posted at 10:31 am July 15, 2016.

          Re two forks ie. Dark Ether and Light Ether… maybe if the community was big enough – I don’t think it is – Hmmm…. what else… maybe if the Dark DAO crowd came forward, and did a large Robin-Hood style marketing campaign, rebranded their fork, and handed out all their ether Robin-Hood style… yes! Wouldn’t that be exciting. I could get some free Dark Ethers. Would I take it? … Would it be different than taking Fiat? 😀

        user

        Author RequisiteSin

        Posted at 6:18 pm June 18, 2016.

        This isn’t a hard fork. Not at all.

        This is a proposed software fork, a much different entity. The proposal is to prevent ETH from being withdrawn from the original DAO and the attacker’s DAO by allowing the miners to ignore any transactions that try to do so. The miners would have to update their software if they agreed with this solution. Everyone that lost DAO would still be out of their DAO, but the attacker can’t do anything with it.

        All this doom and gloom about hard forking Ethereum is ridiculous because that isn’t even on the table. The Ethereum ecosystem is secure and stable.

        Reply
        user

        Author Gianluca Cucc

        Posted at 7:23 pm June 19, 2016.

        I agree White you

        Reply
        user

        Author voronwae

        Posted at 7:41 am June 20, 2016.

        “Principles”, as a rule, are designed to benefit society. There’s a conflict between your principle, which is that hard lessons are good for the community, and the principle that theft, even if perpetrated through an open door, is undesirable.

        Taking the long view, prevention of a wholesale theft is beneficial to both the DAO stakeholders and the Ethereum community as a whole. If Ethereum is a safer currency by virtue of an ability to make a desirable correction, then it is safer for commerce.

        This is not a bug; it’s a feature.

        Reply
        user

        Author Andrew

        Posted at 5:47 pm July 8, 2016.

        I never had DAO or Ether, but I can t accept that someone has earned so much money so quick by stealing from others. I hope this bastard will get nothing.

        Reply
          user

          Author Coenraad Loubser

          Posted at 10:33 am July 15, 2016.

          Banks, The Rich (TM), and corporates make this look like petty theft, if you consider how much money a bank makes purely off your transaction fees. I’ve heard plausible estimates in the $100k per bank customer, for every 10 years they’ve been a customer. Just because it fit into a body of carefully crafted socially acceptable “rules”, does it make it any more palatable? Perhaps. All I’m saying is don’t be so quick to judge, in a world full of people who are indeed quick to judge either way.

      user

      Author Alexander

      Posted at 4:14 pm June 17, 2016.

      It’s your choice whether to use the fork or not. If you want to stay on the old chain where the theft happened, then by all means you should do just that. There is nobody controlling the flow of money other than you.

      Reply
        user

        Author R Hartness

        Posted at 4:18 pm June 17, 2016.

        @brbsix:disqus @disqus_gzTpfA1R1g:disqus This is less about choosing to accept a fork or not. My comments address the underlying assumption that when something big, and bad happens, “leadership” has to step in and make changes to fix other peoples mistakes.

        Again, if the software that maintains the ecosystem isn’t broken (i.e. the Ethereum software) then the Ethereum devs should stay 100% out of this issue. Myself, and many others, consider intrinsic worth of cryptocurrency that the rules-of-play are baked into the logic of the software. If someone gets hurt because they didn’t use it properly, then that’s tough luck.

        Consensus or no, management of the codebase should not have the right to determine it is, or isn’t, appropriate to provide the option of a hardfork due to other peoples mistakes.

        Reply
          user

          Author Alexander

          Posted at 4:29 pm June 17, 2016.

          The fork could have been initiated by anybody, “leadership” or not.

          The rules-of-play are that forks can and do happen. If you’re not comfortable with that, then you shouldn’t use Ethereum.

          user

          Author R Hartness

          Posted at 4:35 pm June 17, 2016.

          I consider this to be a valid point. Actually, you cannot prevent a fork of any form if consensus accepts the fork, though I would also disagree with such an action and would not accept the fork.

          However, the roll of Vitalik and his team are to act as gatekeepers to the software. It is my strong opinion that while he serves in the role that he is in, he should remain agnostic on such issues and not have the Ethereum team construct the fork. However, if someone outside of the team constructed the fork and posted it, then it should also be his responsibility to let the situation play out as the network acts on the fork.

          This, too, is part of the philosophy of decentralized economics. I am four-square against all forks (again, unless it is because of a specific flaw within the source code) but I do accept that consensus is what it is, and is at the core of cryptocurrency.

          user

          Author Commodore64

          Posted at 7:25 pm June 17, 2016.

          Isn’t this all based on a flaw in the source code? with the nested recursive functions?

          user

          Author J23450N .

          Posted at 9:49 pm June 17, 2016.

          Wow you’re sooo hard. Definitely, let’s let a criminal get away with stolen funds because, “you should have known better!” Clearly the machines should rule without human intervention. But in all seriousness, you must be trolling, if you can’t understand that it’s not Vitalik et al. meddling with the purity of distributed consensus, but rather the main providers of the code that is used by consensus, helping to solve a major problem. Stay on the old code if you want, nobody is forcing you to fork. Nobody in their right minds would not solve this issue, which is why the proposal will go through, because the hope is that by the wisdom of the crowd, idiotic opinions like yours don’t win out.

          user

          Author Ventin Uberlaat

          Posted at 2:35 pm June 18, 2016.

          “Criminal”, “stolen”. Has a crime been committed here? I see lots of people comparing this to a break-in or a hack gaining illegal access. But its not is it? This is someone finding and exploiting a loophole in a contract.

          If this smart contract was a paper contract in the bad old world of legal institutions and lawyers, then I suspect no-one would get their money back because the contract would be legally binding, and could not be simply reversed.

          user

          Author Ventin Uberlaat

          Posted at 2:43 pm June 18, 2016.
          user

          Author Peter Hornik

          Posted at 8:06 pm June 18, 2016.

          If it hasn’t been this attacker, it would have been another one week later. It’s just stupid to not verify that your code is correct… Sure, that is a very sophisticated process, but it’s possible. Maybe you switch to another programming language like haskell where it’s easier to verify the correctness of your code.

          The problem is not, that’s impossible to write 100% correct code. It’s just hard. If you just throw out some lighthearted piece of code, it’s going to be hacked. Of course it is.

          user

          Author gravitate

          Posted at 9:16 am June 20, 2016.

          you were a bit harsh saying idiotic. But you were true.

          user

          Author Larry Smith

          Posted at 12:18 am June 18, 2016.

          @R Hartness

          “However, if someone outside of the team constructed the fork and posted it, then it should also be his responsibility to let the situation play out as the network acts on the fork.” – R Hartness

          Vitalik is operating from within the rules of the system. He is doing nothing that others don’t have the same right to do. Leaders are leaders, and they exist everywhere. It seems that your problem is with this leader’s (Vitalik’s) ability to create consensus among the populous. He has the right to lead a fork, just like you have the right to try to lead people to prevent it.

          With regard to “how big is too big, and how small is too small.” That is defined by consensus. It is irrelevant how consensus is reached, and who leads them there.

          Perhaps the system allowing forks is a flaw, and it seems you may be more comfortable on a chain that doesn’t allow forks. Perhaps you should design that system. From their you can earn some credibility, and lead how you see fit.

          Your comments about “too big to fail.” are flawed.

          1) if the fork happens, the consensus decided to catch thieves, not to bailout system failures.

          2) U.S. financial system failure (and soon global failure), and their subsequent bailouts are based on exploiting a fractional reserve money supply by central decree. Ethereum has neither a fractional reserve money supply, nor a centralized governing body. When a governing body prints money to bailout individual institutions or countries, it negatively impacts all users of the currency. No one has the authority to print Ether, so there is no bailout. A fork would be enforcement by consensus, not a bailout, and it costs Ether holders nothing.

          user

          Author Coenraad Loubser

          Posted at 12:48 am June 18, 2016.

          Quite a bounty for finding a flaw I’d say!

          user

          Author swift11

          Posted at 4:41 pm June 17, 2016.

          the fork is a very bad idea imo: you just can’t declare that a currency is worthless because someone stole your money

          user

          Author Mike

          Posted at 5:51 pm June 17, 2016.

          The DAO is run by its investor community through voting, not through preset ideological rules and principles. Until DAO is improved in code to become unbreakable, DAO investor community is grateful to Ethereum devs to step in and fix the bugs.

          user

          Author swift11

          Posted at 6:17 pm June 17, 2016.

          “Fix the bugs” yes indeed but don’t kill the whole system

          user

          Author TheAtlanticIsPropaganda

          Posted at 10:41 pm June 17, 2016.

          “Consensus or no”

          So do you believe in consensus or no? The management of the codebase should 100% have the right to give the option for the hardfork. They have done nothing but offer the choice for the miners to voluntarily, on their own volition, decide what they want to send their resources mining.

          This is a decentralized network and everyone thats involved have an option. The codebase managers could either release a patch or not. The miners can choose to run the patch or not. Investors and speculators have the right to stay in or sell. There are many market forces at play and they all have just as much a right to express their agreement or displeasure with this proposal.

      user

      Author Matt McGivern

      Posted at 12:34 am June 18, 2016.

      Trust the governments already in play he says. Wow. If you can’t see the difference between how, say, the US government acts in times of crisis and how Ethereum leadership acted the other night to thwart a massive attack, you sir need your head examined.

      Given the pros and cons of the available options, Vitalik and company did the right thing. You and people who think like you do, deserve to remain in a centralized society, along with all of its limitations.

      We are in a growing phase here. Mistakes will be made along the way. Let’s not use the word “principle” as a way to justify the behavior of bad actors.

      Reply
      user

      Author Coenraad Loubser

      Posted at 12:34 am June 18, 2016.

      Nice try. Conventional banking has its perks and this might highlight those, but it has lead to this, so this will always remain an effect of that… It’s a gross misappropriation to claim that this is can be a slippery slope back to central banking… The world ebbs and flows through centralization and decentralization, but in every round all the details are all different…

      Reply
      user

      Author Extreme Kaos

      Posted at 2:10 pm June 19, 2016.

      Fed or Fractional banking system is an authoritarian organisation. It is not managed by coherent, democratic consensus through democratic community of thousands of highly educated members who arrive at decisions together, instead of making them by few people in power. That is a difference between centralised organisation and decentralised organisation. Centralised organisation is managed by few. Decentralised organisation is managed by all who contribute to it. Centralised organisation makes decisions. Decentralised organisation ARRIVES at decisions together.
      It is crucial and very important that all the members of decentralised organisation are being constantly kept well informed and educated about the project and all potential solutions to any problems, so they can all arrive with intelligent decisions altogether. There is no democracy if members make decisions and vote out of ignorance and lack of sustainable education. Democracy cannot work without all members being highly informed and capable of logical reasoning. This is very scientific approach. It’s basically an application of scientific method to management of organisation or society. It is the most efficient problem solving as it is done through cooperation, not competition.

      Reply
      user

      Author Extreme Kaos

      Posted at 2:10 pm June 19, 2016.

      Fed or Fractional banking system is an authoritarian organisation. It is not managed by coherent, democratic consensus through democratic community of thousands of highly educated members who arrive at decisions together, instead of making them by few people in power. That is a difference between centralised organisation and decentralised organisation. Centralised organisation is managed by few. Decentralised organisation is managed by all who contribute to it. Centralised organisation makes decisions. Decentralised organisation ARRIVES at decisions together.
      It is crucial and very important that all the members of decentralised organisation are being constantly kept well informed and educated about the project and all potential solutions to any problems, so they can all arrive with intelligent decisions altogether. There is no democracy if members make decisions and vote out of ignorance and lack of sustainable education. Democracy cannot work without all members being highly informed and capable of logical reasoning. This is very scientific approach. It’s basically an application of scientific method to management of organisation or society. It is the most efficient problem solving as it is done through cooperation, not competition.

      Reply
      user

      Author Extreme Kaos

      Posted at 2:10 pm June 19, 2016.

      Fed or Fractional banking system is an authoritarian organisation. It is not managed by coherent, democratic consensus through democratic community of thousands of highly educated members who arrive at decisions together, instead of making them by few people in power. That is a difference between centralised organisation and decentralised organisation. Centralised organisation is managed by few. Decentralised organisation is managed by all who contribute to it. Centralised organisation makes decisions. Decentralised organisation ARRIVES at decisions together.
      It is crucial and very important that all the members of decentralised organisation are being constantly kept well informed and educated about the project and all potential solutions to any problems, so they can all arrive with intelligent decisions altogether. There is no democracy if members make decisions and vote out of ignorance and lack of sustainable education. Democracy cannot work without all members being highly informed and capable of logical reasoning. This is very scientific approach. It’s basically an application of scientific method to management of organisation or society. It is the most efficient problem solving as it is done through cooperation, not competition.

      Reply
      user

      Author FranticBedlamite

      Posted at 2:21 pm June 19, 2016.

      Fed or fractional banking system is an authoritarian organisation. It is not managed by coherent, democratic consensus through democratic community of thousands of highly educated members who arrive at decisions together, but instead it is managed by few people in power whose decisions affect large society. Your comparison is nonsensical.
      That is a difference between centralised organisation and decentralised organisation. Centralised organisation is managed by few. Decentralised organisation is managed by all who contribute to it. Centralised organisation makes decisions. Decentralised organisation ARRIVES at decisions together.
      It is crucial and very important that all the members of decentralised organisation are being constantly kept well informed and educated about the project and all potential solutions to any problems, so they can all arrive with intelligent decisions altogether. There is no democracy if members make decisions and vote out of ignorance perpetuated by lack of sustainable education and being underinformed. Democracy cannot work without all members being highly informed and capable of logical reasoning. This is very scientific approach. It’s basically an application of scientific method to management of organisation or society. It is the most efficient problem solving as it is done through cooperation, not competition.

      Reply
      user

      Author Alex Gorale

      Posted at 8:06 pm June 19, 2016.

      We can go rounds but I disagree.

      Enforcing one persons’ interpretation of events on a large group of unwilling participants leads to the creation of federal banking systems. The attacker is not protected by TheDao. At least, I have no interest in enforcing, or seeing a contract enforced that takes property from another person without their permission. Which is what anyone defending the attacker is doing.

      The attacker is a clever thief and this an experiment. We’re learning and moving forward with a fork to return the stolen property to its rightful owners is the correct decision. It’s not enforcing Democracy, it’s respecting property rights and ownership. Without the later cryptocurrencies are impossible.

      Reply
    user

    Author R Hartness

    Posted at 2:12 pm June 17, 2016.

    To be clear, if this happened due to an exploit in the software, then I can accept a hard fork fixing the issue. However, if the DAO team made a mistake in the way they designed their smart contract, as an issue of principle, they should not be “bailed out” by the Ethereum team because they are “to big to fail.” Hard lessons like these teach the cryptocurrency community at large to do their homework and to be excessively (and obsessively) diligent with their security.

    I feel sorry for all who have, or would have lost, funds today. However, rollbacks have no place in a decentralized economy UNLESS they are integrated into they system as part of the rules that govern how the system operates, from within the mechanics of the software or specification.

    Reply
    user

    Author Richard Stanley

    Posted at 8:21 pm June 17, 2016.

    I agree 100%. Stop future transactions for the attacker. Watch media explode that we have a cryptocurrency democracy that will prevent hackers from prevailing. This is no longer a bitcoin world. Centralization by casting votes on your $$ isn’t even a freedom we have in the “real world.” Real world banks yanked money out of hard working Americans… and still, no one has been held accountable. The next 27 days will be really interesting.

    Reply
      user

      Author K-PAXIAN

      Posted at 1:23 pm June 18, 2016.

      “This is no longer a bitcoin world.” – Last time i checked coinmarketcap, number of users, transactions and all stats, it still is the Bitcoin world…

      Reply
    user

    Author swift11

    Posted at 7:51 am June 18, 2016.

    Let’s recap: funds have been transferred from “DAO” to “child DAO”: why should I care?

    Reply
    user

    Author Jeff

    Posted at 8:34 pm June 18, 2016.

    George Orwell has just turned over in his grave.

    Reply
    user

    Author Ageesen Sri

    Posted at 2:55 am June 19, 2016.

    A hard fork to reverse this will result in many users leaving the ethereum network. May even lead to the end of ethereum period.

    Reply
    user

    Author Justin Le

    Posted at 3:56 am June 19, 2016.

    Wait, but the entire point of the DAO/Ethereum in the first place was so that machine code could replace human consensus. That’s the entire objective of the mission in the first place — to prove that it was possible that we can replace human interpretation with coded contracts.

    Overriding the coded contracts with human intervention is the exact opposite of everything that Etherum/DAO was supposed to stand for.

    Reply
      user

      Author voronwae

      Posted at 7:23 am June 21, 2016.

      What exactly do you think that Ethereum and the DAO are supposed to stand for? Contracts that exist without humans? A world without humans?

      We invent new technologies in an attempt to benefit ourselves or society. If we’re just working to benefit someone’s esthetic, why bother?

      Any new technology requires development and refinement. That’s where both the DAO and Ethereum are right now. Assuming that Ethereum isn’t destroyed by the inability of the DAO or Ethereum communities to make a decision, society will change and Ethereum will change along with it.

      Reply
    user

    Author P. Muthukumarana

    Posted at 3:50 pm June 19, 2016.

    “Democracy is two wolves and a lamb voting what to have for lunch. Liberty is a well-armed lamb.” If we fork over this incident (no matter its deeply tragic nature), then what is there to prevent us from forking over every other “perceived injustices” of the future? The word “consensus” doesn’t mean everyone involved must agree to the fork – it just means the majority of the power players should agree to it. So imagine a hypothetical scenario in the future where a majority of the power players decide to fork all transactions that are unfavorable to them, by claiming “injustice”, while allowing transactions that aren’t unfavorable to them to go through (no matter how unjust those transactions are). The idea (of forking) is no different to the “Too Big To Fail” concept. The argument that “Too Big To Fail” uses public funds for the benefit of the few (at the top), but forking causes no loss to the general public is simply invalid. Maybe not this fork, but what about forks in the future? What happens if the majority of the power players rig the system in their favor? Humans are corrupt (and can be corrupted) by nature. This is why a crypto-currency tries to minimize human intervention. Bitcoin didn’t fork over the loss of bitcoins at Mt.Gox. That’s the right thing to do (no matter how tragic it is). Allowing this transaction to go through will restore confidence in the public that Ethereum is a truly decentralized currency. If people wanted a policed currency, they could have invested in the stock market and foreign currencies. The fundamental concept of crypto-currency is that there will be no policing of the currency. A fork will inevitably cause people to lose faith in the system, just as they lost faith in Wall Street.

    Reply
      user

      Author voronwae

      Posted at 7:26 am June 21, 2016.

      I don’t believe a lack of policing is a “fundamental concept” of crypto currencies. Crypto currencies are just a new technology we’re still testing and trying to figure out how to best use. Society has invented policing because otherwise no currency would be safe to use. We’ll make other additions as more people begin to use cryptocurrencies, for the good of society.

      Reply
    user

    Author Ewan Dawson

    Posted at 5:50 pm June 19, 2016.

    Surely a soft fork under these circumstances goes against the principles of Ethereum / smart contracts? Isn’t the contract (and not the community) supposed to be the sole arbiter? If we soft fork now, we can no longer say “contract is king” (as was explicit in The DAO T&Cs), but “contract is subservient to community, which may act against the letter of the contract”. As distasteful as it is to let a hacker get away with this loot, I feel that establishing a principle of community over contract will fundamentally weaken Ethereum.

    Reply
    user

    Author Ewan Dawson

    Posted at 5:50 pm June 19, 2016.

    Surely a soft fork under these circumstances goes against the principles of Ethereum / smart contracts? Isn’t the contract (and not the community) supposed to be the sole arbiter? If we soft fork now, we can no longer say “contract is king” (as was explicit in The DAO T&Cs), but “contract is subservient to community, which may act against the letter of the contract”. As distasteful as it is to let a hacker get away with this loot, I feel that establishing a principle of community over contract will fundamentally weaken Ethereum.

    Reply
user

Author Christoph Jentzsch

Posted at 2:12 pm June 17, 2016.

Thank you very much for your support! We as the Ethereum community can work this out! For me, well, lesson learned …

Reply
user

Author greg_not_so

Posted at 2:28 pm June 17, 2016.

i understand it has been ‘solved’ from the IT POV and only affecting contracts and not the underlying ‘value stored’. can someone confirm this?

Reply
user

Author UAU fund

Posted at 2:51 pm June 17, 2016.

Ethereum is like the BOBchain http://intheoreum.org/#welcome

Reply
user

Author 4thaugust1932

Posted at 3:11 pm June 17, 2016.
user

Author Steven Sprague

Posted at 3:56 pm June 17, 2016.

Great response by the community.
smart contracts are trusted execution and it is a challenging science and the models for the assurance that code is correct will need to emerge. This is an area that requires strong research and consensus on how certification models may have to work. The brand of Ethereum will only be as strong as the perception of contract quality and assurance. In general open source is not enough. There will need to be some professional cybersecurity assurance model as well.

Reply
user

Author ethereum-kaufen.de

Posted at 3:58 pm June 17, 2016.

When everyone seems to be freaking out, just wait for Vitalik. It seems that he always keep a cool head.

Reply
user

Author Sok Puppette

Posted at 4:00 pm June 17, 2016.

Why would anybody trust Ethereum in the future, knowing that there’s a central authority that can and will make random changes in the rules, and see those changes accepted by the network, if things aren’t working out the way they want?

And why would anybody be careful about contract code in the future, knowing that they’d be bailed out of the consequences of their bugs?

Idiots need to take losses. Sorry. And, yes, anybody who put money into the DAO was an idiot. This sort of risk is only one of the many obvious reasons not to have done that.

Reply
    user

    Author Tlogs

    Posted at 4:18 pm June 17, 2016.

    It is vital that the ethereum platform isn’t seen as synonymous with the halfhearted smart contract implementation of The DAO… The platform didn’t fail today. It worked exactly as intended.

    Reply
    user

    Author brbsix

    Posted at 4:18 pm June 17, 2016.

    There’s not a central authority that can and will make random changes in the rules. Vitalik is proposing well-defined changes that must be accepted by a consensus.

    Reply
      user

      Author Sok Puppette

      Posted at 5:45 pm June 17, 2016.

      Whomever the community will follow is an authority. You’re right that if the community rejected the change that would actually be a positive sign. But will it?

      Reply
        user

        Author hadees

        Posted at 10:39 pm June 17, 2016.

        Rejecting for the sake of showing independence is stupid.

        Reply
          user

          Author Sok Puppette

          Posted at 10:47 pm June 17, 2016.

          … but rejecting it because it’s an extremely bad idea is not.

          The reason that rejection would be a good sign would be that it would show that the community was actually capable of preventing foolish special-pleading-based rule changes from the developers. Whereas failing to reject it would show that not only were the developers willing to foolish things, but the community was also unwilling or unable to rein them in.

user

Author craig heanan

Posted at 4:23 pm June 17, 2016.

Let DAO sink

Reply
    user

    Author agraham999

    Posted at 4:31 pm June 17, 2016.

    I agree. Either you have an autonomous system of smart contracts or you don’t. If you roll back, the message is that there is an “authority” and it isn’t autonomous. You let the smart contract do what it was programmed to do and you learn from the experience.

    Reply
      user

      Author mikemikemikemikemike

      Posted at 4:57 pm June 17, 2016.

      I’m pretty OK with an existential problem like this, esp in the period before the DAO even begins its life, being handled by human consensus.

      Reply
        user

        Author agraham999

        Posted at 5:01 pm June 17, 2016.

        Yes but the point is that humans err…and certainly crowds of humans err. I’ve heard many times from Ethereum folks how this could change things like voting. Would you roll back an election? The fact that this can even be done, speaks a lot to the importance of not rushing in to this. I’ve been urging patience for some time.

        Reply
          user

          Author mikemikemikemikemike

          Posted at 5:10 pm June 17, 2016.

          Firstly, are you suggesting that being hacked out of $100MM is akin to an election?

          Look. Pretending that we don’t have the ability to manually override the system doesn’t fix the problem you’re attempting to describe, which is that we still have control. The idea behind The DAO is not to put computers in charge of the world and remove humans from the equation. It’s to create a method of investment distribution that prevents a oligarchy.

          user

          Author agraham999

          Posted at 5:19 pm June 17, 2016.

          And when that Oligarchy are those who control whether or not you can roll back a smart contract exploit? Let’s not pretend here that the core of this issue isn’t in fact the DAO but the narrative of Ethereum and every developer for the past X months…that smart contracts are trustworthy and that these things can’t make mistakes.

          If you treat code as a contract, a simple error isn’t really a hack anymore is it? Is it now just fulfilling it’s purpose? And my other point is what does this mean in the future? If you can roll back the DAO hack…what else might you roll back…doesn’t matter if it is an election or not. What matters is you stating a consensus of people could make that decision for one party, but not another.

          There’s been an awful lot of hubris here, and frankly if Ethereum survives this, it poses as a good lesson to better manage peoples expectations.

          user

          Author mikemikemikemikemike

          Posted at 5:35 pm June 17, 2016.

          If you’re suggesting that the people (devs, community, etc.) should allow The DAO to be hacked and die as a result, you’re STILL suggesting that the community come to a consensus, just a different one (inaction); the community cannot undo the fact that it ultimately has the potential to control the situation. It can either vote to fix this or vote to not fix it (by inaction). IOW, the problem you’re describing existed when The DAO was created, since it clearly was not designed to be impervious to human manipulation.

          user

          Author agraham999

          Posted at 5:40 pm June 17, 2016.

          The difference is that you’re making an exception to roll back something for ONE CONTRACT. You aren’t asking the DAO members alone to roll back a single contract or shut it down, you are asking everyone to make an exception for one party. If this type of thing is allowed, what’s next? This isn’t like a credit card reversal.

user

Author mikemikemikemikemike

Posted at 4:39 pm June 17, 2016.

Will this require any effort on the part of DAO token holders? Or, will The DAO simply return to it’s pre-hack state of value (barring changes in ETH value)?

Reply
user

Author Johan

Posted at 5:00 pm June 17, 2016.

So I know comparatively little about block chain tech and Ethereum, even less about the DAO. From my outsiders point of view, this seems like a fairly logical and predictable response by the community.

Could the attacker have predicted this response? Is it possible for someone to have some completely unrelated benefit due to a soft fork as proposed?

Reply
user

Author Donald McIntyre

Posted at 5:31 pm June 17, 2016.

I think this must be isolated as a problem of The DAO. If funds are stolen and thief dumps all ETH causing a crisis that would be a short term depression, but we must preserve Ethereum’s principles for the long term.

Reply
    user

    Author swift11

    Posted at 7:27 pm June 17, 2016.

    why would the thief dump all his ETH ?

    Reply
      user

      Author dotnetchris

      Posted at 7:33 pm June 17, 2016.

      To convert it to paper money or tangible assets. The side effect would be a crash in the value, possibly leading to bankruptcy of the entire system.

      Reply
        user

        Author Claude Varlety

        Posted at 8:13 pm June 17, 2016.

        I hope it will not be silly enough to want to sell everything at the same time.

        Reply
        user

        Author swift11

        Posted at 8:51 pm June 17, 2016.

        the thief doesn’t seem to be idiotic…

        Reply
          user

          Author Dominik Z

          Posted at 3:14 pm June 18, 2016.

          this…

        user

        Author Simon Janin

        Posted at 12:10 pm June 18, 2016.

        A crash, yes; bankruptcy of the entire system, very unlikely.
        What could bankrupt the exchanges is if there were a massive double spend, it’s not the case here. And even then, as long as there is a strong community behind Ethereum, it has no single point of failure and cannot go totally bankrupt.

        Reply
    user

    Author voronwae

    Posted at 7:28 am June 21, 2016.

    Why is the preservation of the ability to steal a “principle” of Ethereum?

    Capitalism and currencies are technological inventions, and as such, can be tweaked any time it’s necessary.

    Reply
user

Author funnyking

Posted at 6:11 pm June 17, 2016.

Vitalik stop this mess, you have to apologize as a TheDao Curator and resign from any other project but Eth. Or resign from the eth foundation.
You are in charge for a clear conflict of interest here.
And you have to apologize too for this proposal. Shame on you.

Reply
    user

    Author clay hill

    Posted at 8:13 pm June 17, 2016.

    How does he have a “conflict of interest”?

    Reply
      user

      Author Coenraad Loubser

      Posted at 12:53 am June 18, 2016.

      I don’t necessarily agree or disagree, but … seperate concerns – The DAO vs Ethereum. Not all Ethereum bulls care about the DAO or what happens to its funds. There can be many DAOs, this one chewed on a fork bomb. (LOL!)

      Reply
      user

      Author funnyking

      Posted at 8:11 am June 18, 2016.

      You really don’t see it? Seriously?

      Reply
user

Author funnyking

Posted at 6:13 pm June 17, 2016.

This is the problem.

Reply
user

Author funnyking

Posted at 6:34 pm June 17, 2016.

I’m sorry Vitalik, shit happens and it happen to you this time. TheDao have a big security bug and you personaly are in charge because of your visibility and authoritativeness as the leader of the Ethereum Project.
You can’t use your personal power for a favour to any specific project, Doing this you are destroying the Ethereum as a Zero Trust Project.

The real damage on Ethereum was not done by TheDao but by you with this delusional post.

Reply
user

Author Claude Varlety

Posted at 6:58 pm June 17, 2016.

For the durability of Ethereum, DAO must die or find solutions by himself. He failed. That’s his problem. No forks.

Reply
user

Author Ilya

Posted at 7:36 pm June 17, 2016.

Hello, what are you think about ETH? Should i sell my ETH?

Reply
    user

    Author Claude Varlety

    Posted at 7:43 pm June 17, 2016.

    Your ETH is safe. Personally, I keep them. After eth is in a great period of uncertainty because of folks considered that would change the mind of Ethereum. Asks if you are ready to lose them.

    Reply
      user

      Author Ilya

      Posted at 7:47 pm June 17, 2016.

      Does it good to exchange eth -> btc or should wait for the appreciation of eth?

      Reply
user

Author Héctor Ugarte

Posted at 8:00 pm June 17, 2016.

Ethereum: “applications run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference”

So

Why the co-founder is proposing and promoting censorship, third party interference, and fraud against a “hacker”?

Reply
    user

    Author Coenraad Loubser

    Posted at 12:59 am June 18, 2016.

    Two wrongs make a right? – x – = + :-p Essentially the hackers censored the legit owners from their money just because they chose monetary reward over honorable disclosure. Idealistically, the promise of crypto currency is that the code is the “code of honor” (lol!) so from a purist perspective, a lot of crypto enthusiasts will not be for a “bailout”. This would never fly in Bitcoin, but the Ethereum community is a bit more pragmatic, and who knows, if they do end up blocking this, it might score brownie points with the conventional money world – which still holds most of the power…

    Reply
user

Author Zed Fable

Posted at 8:29 pm June 17, 2016.

This is drastic, sure, and arguably without precedent. But it is not against the values of cryptocurrency. Y’all need to read what he said carefully: “A software fork has been PROPOSED…” and “[Miners should] wait for the soft fork code and stand ready to download and run it IF THEY AGREE with this path forward”.

He isn’t pressing a big red button and printing money or reversing the flow of transactions. He’s proposing a solution that over 50 percent of the individuals of the network have to agree upon in order for it to work. Ethically, its no different then a Bitcoin fork proposal. It’ll still take some doing. But it is a good idea- I hope the communitiy goes for it.

Reply
user

Author saruman78

Posted at 9:18 pm June 17, 2016.

Mixed feeling about this.
On the one hand, I understand the need to stop this cybercrime.
On the other hand, I fear this might set a negative precedent. Will the Ethereum Foundation act in the same way for minor players in the future? For it is true that is ‘The Consensus’ that will determine the final outcome, but it is also true that a change proposed by the Ethereum Foundation and Mr. Buterin in person has a significant amount of momentum.
Interesting time anyway.
And, btw, I wish Ethereum and The Dao a bright future.

Reply
    user

    Author voronwae

    Posted at 8:35 am June 20, 2016.

    Perhaps we should think about a way to set up this sort of action for minor players in the future.

    Reply
user

Author PruthTowerInc

Posted at 9:59 pm June 17, 2016.

I worry about the establishment of a permanent consensus: if you register with the group, your transactions which go “unfavorably” or “as not intended” (despite the literal contract code) will always be rolled back per the satisfaction of the group members. A crypto mafia… maybe you will have to pay dues to join, etc. I don’t like this.

Reply
user

Author nagleonce

Posted at 11:24 pm June 17, 2016.

If the DAO has to go down, so be it. It was just a scheme to finance some programmable lock startup, anyway. Etherium is not responsible for the DAO. Putting a patch in Etherium for a specific code hash is tampering with the system. Vote no.

Reply
user

Author boudiaf abderahmane

Posted at 11:30 pm June 17, 2016.

The second best Cloud Mining Company. With a large profit. And get a bonus for life here : http://bit.ly/1QcgVfV

Reply
user

Author Sfox

Posted at 11:31 pm June 17, 2016.

It executed what it was programmed to do. Badly written contract let it go. A flaw in the underlying functions that are called then suck it up it needs fixing. We are humans not machines. people are the dictators of it’s future.

Reply
user

Author boudiaf abderahmane

Posted at 11:32 pm June 17, 2016.

Cloud Mining / new

The second best Cloud Mining Company. With a large profit. And get a bonus for life here : http://bit.ly/1QcgVfV

Reply
user

Author JohnC44

Posted at 11:33 pm June 17, 2016.

Ah pretentious libertarian tech-bros crying over each other’s purity of orthodoxy. I enjoy these times…I truly do. Gets a little cramped with all of these ivory towers, though.

What has happened here is an unmitigated disaster that will serve to little else but send cryptocurrencies back to the fringes of mainstream thought. You would be well served dropping the irritatingly naive and fastastical worldviews and dealing with reality. Potentially, thousands of people who placed their faith in a currency as well as entity to administer it have lost what amounts to a large sum of their respective originating currencies. Whether or not you feel that was deserved on their part makes no difference. Purity means nothing without credibility, a point lost when your money is stolen from you despite acting in good faith. The victims will not be consoled by any pithy contractual “gotcha” putting the blame back on them. They will feel f***ed, and rightfully so.

You need to do whatever it takes to cut this off at the knees, immediately. Drastic, totally impure, and totally chaotic action may be necessary. This is just one leak of many in a larger dam. If the purists don’t come down from their thrones on high, they will find their devotion to absolute principles will lie in something relegated to the annals of historical blunder.

Cryptocurrencies have no chance to succeed without establishing stability and trust. Time is running short.

Reply
    user

    Author nybble41

    Posted at 1:02 am June 19, 2016.

    There are two distinct entities with credibility at stake here. The DAO’s credibility is gone, irrevocably, and deservedly so: the contract code was flawed. However, Ethereum’s credibility has not been impacted—thus far it has performed its role exactly as intended. That will change if heroic measures are taken to bail out the DAO. Ethereum’s credibility rests on its impartiality. Saving the DAO from its own broken code would destroy confidence in Ethereum as a platform for inviolable, self-enforcing smart contracts.

    Speaking as a DAO token holder.

    Reply
      user

      Author Ivan Klimovich

      Posted at 8:55 pm June 19, 2016.

      Exactly. Either save 50-150M in DAO, or save Etherium for multi-billion bright future where everyone trusts it and understands risks.

      Reply
      user

      Author Ivan Klimovich

      Posted at 8:55 pm June 19, 2016.

      Exactly. Either save 50-150M in DAO, or save Etherium for multi-billion bright future where everyone trusts it and understands risks.

      Reply
      user

      Author voronwae

      Posted at 8:18 am June 20, 2016.

      I would characterize it in the reverse. Save the DAO, and save Ether. Saving the DAO highlights the ability of the Ethereum community to undo a clear wrong. Allowing the DAO to fail will make anything similar difficult or impossible for years to come, and ether’s perceived connection to the DAO may kill it.

      You can argue that ether has no connection to the DAO as you watch it disappear.

      Reply
        user

        Author nybble41

        Posted at 8:08 pm June 20, 2016.

        “Saving the DAO highlights the ability of the Ethereum community to undo a clear wrong.”

        Which would utterly destroy Ethereum as a platform based on the “rule of code”. We don’t need another system for mob rule, much less an oligarchy of miners, where your property rights and contracts can be overturned on a whim. The promise of Ethereum was a system based on deterministic rules as set out in smart contracts and executed by an impartial distributed blockchain network. If the Ethereum community is willing and able to set aside those rules to save the DAO then there was never any point to the entire project.

        Reply
    user

    Author Kratoklastes

    Posted at 4:00 am August 11, 2016.

    “Drastic, totally impure, and totally chaotic action may be necessary.”

    This reminds me of phrases like “We had to destroy the village to save it.”

    You’re American, amirite?

    BTC didn’t fork to reverse the MtGox fiasco, and the damage that Karpeles and his mates did was relatively slight: sure, the “Dumb Money At Work” sign went away (people who didn’t understand the effect of increased demand of an illiquid asset) but the MtGox demise signalled a buying opportunity in BTC that had not existed for over a year (as I said at the time on TradingView).

    People who trust a new institution because they read about it on the internet, and then put their money in play without doing due diligence, are kind of asking for trouble.

    (Disclosure: I had ‘indirect’ exposure to MtGox through a tailored CFD, but was able to hedge away the degringolade and came out only very slightly worse off. I would never entrust my BTC to any third party, ever).

    Reply
user

Author boudiaf abderahmane

Posted at 11:33 pm June 17, 2016.

Cloud Mining

Seven data-centres. High earning power.

Return on investment within 5 months.

15 KH/s to every new user for free and forever.

Try mining today! here : http://bit.ly/1QcgVfV

Reply
user

Author boudiaf abderahmane

Posted at 11:35 pm June 17, 2016.

Earn your profit!

You will get your profit every day. You can transfer this profit on your Bitcoin-wallet : http://bit.ly/1QcgVfV

Reply
user

Author Helikopterben

Posted at 11:37 pm June 17, 2016.

I say soft fork to lock the attackers funds and effectively burn them, but no hard fork to bailout the dao.

This is a good compromise because the attacker doesn’t gain anything, no real bailout precedent is set, the dao development and investment community learn a much needed lesson, and the community as a whole (which is innocent btw) is the beneficiary with the reduction in supply. The only downfall is the perceived hit to censorship resistance, although I think it is pretty well understood that this system is nowhere near ready for prime-time and there is a certain level of control necessary until then. I am a dao investor btw.

Reply
    user

    Author Sfox

    Posted at 12:13 am June 18, 2016.

    I very much agree with this carefully worded paragraph and I am not a DAO investor.

    Reply
user

Author Dor Konforty

Posted at 11:47 pm June 17, 2016.

How can we build a better DAO? Synereo’s model would have prevented the attack.
http://blog.synereo.com/2016/06/17/the-dao-attack/

Reply
user

Author Nerevarine

Posted at 12:26 am June 18, 2016.

“Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.” what part of this you dont understand Vitalik Buterin????

Reply
user

Author Nerevarine

Posted at 12:35 am June 18, 2016.

“Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.”

Reply
    user

    Author Coenraad Loubser

    Posted at 12:41 am June 18, 2016.

    …other than by those who own Ethereum, in proportion to how much they own and can wield with their code… and if there are vulnerabilities in the code, then scrap the “how much they own” part.

    Reply
user

Author Coenraad Loubser

Posted at 12:39 am June 18, 2016.

Yay! Another buying opportunity!! Keep the hacks coming!! BTW Much more than this happens in credit card fraud… how come nobody talks about that? Oh wait, the bank stocks might get hurt. Hellooo crytpo world, drag it all out, all you have to find is the truth and share it with the world…

Reply
user

Author Jeffrey Paul

Posted at 3:29 am June 18, 2016.

You undermine everyone’s faith in your platform’s ability to deliver on its core promise of “contracts as code and only code” if you elect yourself judge in this fashion.

Stand by your core principles and provide a marketplace where people are free – free to shoot themselves in the foot (or wallet) if they or those they invest in act foolishly.

Reply
user

Author astro

Posted at 5:48 am June 18, 2016.

So why don’t we just attack the child DAO using the same exploit? Direct the (re)stolen funds into a third DAO, which can be frozen as well. Then all funds can be retrieved from DAO1/2, and no ETH hard forks or rollbacks are required.

Reply
    user

    Author nybble41

    Posted at 1:17 am June 19, 2016.

    You need to be a member of the DAO to carry out the attack, since it’s based on splitting, which is something only token holders can do. Right now the attacker is most likely the only member of the child DAO.

    Reply
user

Author Mark Jackson

Posted at 6:28 am June 18, 2016.

The more fun discussion is who’s hunting the culprit?

Reply
user

Author Jaime Sandoval

Posted at 6:38 am June 18, 2016.

Not agree with the forking solution proposed here. I know it sounds cruel but DAO community must accept its responsability here.
Also Ethereum dev team need to recall that decentralization is on our main principles on cryptocurrencies world.
An spanish language article about this topic: http://criptonoticias.com/dao-sufre-advertido-ataque-sustrae-60-millones-dolares-amenaza-continuidad/

Reply
user

Author Brent

Posted at 7:04 am June 18, 2016.

Someone or someone(s) were acting maliciously. A correction must be made. Don’t get your facts wrong here or rely too much on principal. This is an open community and if all were good in the world people could be trusted and “exploits” would not be called such. When someone takes advantage of any weakness to further themselves financially, politically or socially they must, and their errors must be corrected. We are a civilized society. This is not the era of apes and sticks. Fix the issues by whatever means necessary, correct the faults and continue an with an open platform.

Reply
    user

    Author Peter Hornik

    Posted at 7:45 pm June 18, 2016.

    No, the attacker was just the first person who found the bug. If this person or one week later another person, doesn’t make a difference. It’s not that someone was acting maliciously, someone was acting irresponsibly and stupid. There are methods to make sure a piece of software is 100% correct, you learn that if you study computer science. If people sign up to buggy code thats their problem.

    Reply
user

Author tesseramous

Posted at 7:55 am June 18, 2016.

Abuse of power by a centralized figure, for a minor cause that should be irrelevant (eth and thedao are different layers). No decentralization. No trust. Back to Bitcoin.

Reply
user

Author Throwin Stones

Posted at 8:13 am June 18, 2016.

The DAO exploit was a conspired Pump and Dump. It was a planned PR attack on Ethereum by Whales in the Crypto community who have been doing these same smear campaigns for years.

The “attack on TheDAO” was not done by a thief. If it was, then he was a really bad thief. How can someone be so versed in solidity code to be able to exploit a bug, and yet not realize that the funds he stole could not be accessed? This was a planned smear campaign on Ethereum.

Timeline:

A bug/possible attack vector was announced in TheDAO code (this is something that happens all the time with every software out there and is still happening even with Windows, Mac, Linux, and other well-established software to this day. This is normal evolution for any software.).

There was a moratorium on other proposals and proposal to address security of TheDAO came into the spotlight.

Nihilist whales in the bitcoin community decided to use the bug maliciously for their own agenda. They buy a lot of Ethereum and The DAO tokens. Then they start driving the price of Bitcoin, Ethereum and The DAO up.

Suddenly, they sell all their Eth and DAO, exploit the bug and infiltrate all ethereum and dao communities/chats/forums masquerading as righteous and legitimately concerned members of the community but with their true intent to sabotage. They post over-dramatic panicked posts (it’s the end of crypto, we all lost our money, its another mt.gox, the devs are shady con-artists, etc.).

It’s a time-tested formula that has been used again and again to manipulate with Fear, Uncertainty, and Doubt.

Reply
user

Author TechnoCatholic

Posted at 9:52 am June 18, 2016.

I would seriously urge you to stick to the original purpose of Ethereum, and do nothing! The tag line on your home page is “build unstoppable applications”. If you attempt to fix something you didn’t break, then you’re just acting as the prosecutor, judge, and jury. The authors of the DAO were overly confident (arrogant?), and the investors were downright silly to pile in to something so new and untested.

If you do what is proposed in this blog post, then what is the difference between Ethereum and any other method for doing the same thing (with say, humans). In fact, it’s worse! It’s just an arbitrary decision by your organization. Where is the due process? If you try to intervene in this, it will cause serious harm to your mission.

Let the code stand on it’s own, for good or bad. That’s the whole point of Ethereum.

Reply
user

Author funnyking

Posted at 10:13 am June 18, 2016.

Please Vitalik resign.
You have to. You failed as a DAO curator, and you failed as a Leader during this crisis, your bailout proposals are only harmful.
The DAO is only a service running on Ethereum, The DAO is not Ethereum except the fact that YOU are involved in both the project.

Ethereum need a more mature leader without any conflict of interest.

Reply
user

Author Gilles Champollion

Posted at 11:54 am June 18, 2016.

I’m really frustrated by the Vitalik’s proposal, certainly related to the young age and the panic situation. As an early Dao enthusiast I took in consideration the possibility to loose my ethers and, If I don’t remember wrong, there was a specific request to accept the risk of a weakness in the system and that my ether were in danger once subscribed, BUT I accepted the risk taking account of the great potential of the Dao. In our present case we have a (huge) hacker issue but in the future may be some restrictive governements or other local forces will try to obligate Vitalik and other ether guru to influence the ether-folk. So I regret to declare that I never accept the fork on the ethereum blockchain to solve issues not directly related to the blockchain itself.

Reply
user

Author Claude Varlety

Posted at 1:11 pm June 18, 2016.

Vitalik, I think the only solution for forks is to do vote by the entire community . it’s now or never to play Blockchain Democraty .

Reply
user

Author David Jaramillo

Posted at 1:32 pm June 18, 2016.

too big to fail

Reply
user

Author trewinnard

Posted at 1:41 pm June 18, 2016.

The attacker wont be able to withdraw the Ethereum from the DAO is there is no consensus. Seems like they will resolve this with a soft fork. Cloud mine DAO at https://www.eobot.com/new.aspx?referid=396248

Reply
user

Author Khairul Mustofa

Posted at 1:48 pm June 18, 2016.

Soft fork is good solution …
destroy 1 ppl or destroy all ppl?

Reply
user

Author Alessandro Gadotti

Posted at 2:17 pm June 18, 2016.

Being Libertarian, democratic and decentralized does not mean that we should condone smart thieves when it is clear they are thieves.

If I leave my door open by mistake and people ransack my home, they are still thieves and should be captured, punished and my stuff returned to me. You may say that I’ve been distracted or I made an error leaving the door open, but this does not absolve anyone stealing my stuff.

This is the base of human social living, and if we want Ethereum to grow we should show that in a real democracy and in a place where people rule there is NO SPACE for thieves. We should show that thieves are at least deprived of the things they have stolen, if not captured and punished.

It’s not a philosophical discussion on what libertarian and consensus mean. This is a real crime and it does not take morally advanced people to understand it’s simply wrong and need to be corrected.

The fork is one potential solution, on which consensus can be created. If anyone has better ideas then they can propose and the consensus will win. This is democracy. Doing nothing to preserve some abstract ideas of democracy will actually show we are not mature enough to self govern.

Reply
    user

    Author Héctor Ugarte

    Posted at 4:10 pm June 18, 2016.

    If you leave your door open? On Ethereum world, if you leave your door open, I will take everything I can, and that is not illegal since nowhere on this “digital” world is written that it is illegal. It is illegal according to your human laws, but on Ethereum world everything is based on smart contracts & pieces of code, I am taking what your contract is allowing me to take, nothing more than that “applications run exactly as programmed”.
    “in a place where people rule there is NO SPACE for thieves” The idea of the smoke that Ethereum was selling since the beginning was only that there is NO SPACE for what is no coded, period. You are again creating a discussion between what is moral and not moral in a human point of view, and that goes against the idea and principles of Decentralised AUTONOMOUS organizations.
    Sure, you can fix this with a Soft, hard, easy whatever fork. And that at the end is just creating an authority that decides what is correct and what is not. And this is not concensus, It cannot be since the miners will decide based on how much money they invested on DAO among other things.
    If a fork happens of any kind, get ready to start creating forks from now to the future for any small mistake made on coding smart contracts. And that cannot be anymore advertised an be sold as Decentralised, and the value of a currency like that should be 0.

    Reply
      user

      Author voronwae

      Posted at 8:28 am June 20, 2016.

      What’s your goal, Hector? If the overall goal is an invention for the benefit of society, then the prevention of wholesale theft is desirable.

      You act as if consequences to human beings are secondary to the purity of the system. What is the purpose of the system, then, in your eyes?

      Reply
        user

        Author Mirco Romanato

        Posted at 12:21 pm June 20, 2016.

        The purity of the system is the pillar where the future rest.

        The purity of Ethereum is simply “the code is the law”.
        It is not a matter of right or wrong.
        It is what it is. Use it at your own risk and for your own gains and losses.

        You put inside other consideration, Ethereum has no more reasons to exist.

        Reply
        user

        Author Héctor

        Posted at 12:56 pm June 20, 2016.

        My only goal as a computer scientist in showing interests in Blockchain technologies is to avoid a central authority, and create systems that depends only in what is coded, not what a few powerful miners decide to do with my data (money or whatever). If they do any kind of fork, I do not see any reason to still using a system like that. I will trust 1000 times more in my bank or any centralised system that can fork whatever they want, but at least I know who they are, rather than a bunch of untrustworthy pseudo-annonymous dirty miners just following their interests…

        Reply
      user

      Author abelpatten

      Posted at 11:28 am June 20, 2016.

      Thank you for pointing out the AUTONOMOUS nature of The DAO! That in my opinion is one of the key mistakes The DAO made. Future Decentralized Organizations need to consider what the requirements are for membership and what type of penalties or rewords will be given to members that find flaws in the code. Being involved in an AUTONOMOUS organization such as The DAO comes with inherent risks! I keep reading about how in The DAO nobody knows if your a fridge. Well how can one argue that The DAO is even actually democratic or trust consensus in such an environment? I agree that Ethereum should not fork! In time markets can arise insuring that code will function as planed and safer variations of venture communities like The DAO will arise. There are a lot of smart people weighing in here The DAO may even be able to be saved (I hope so) but not at the expense of Ethereum! Even if the DAO does reach consensus now setting a precedent of forking will open doors to all types of potential misuse in the future. The DAO could have made its intended use clear and created contracts that were signed by its members. It could have created a president about how to respond to a situation like this. I say fix and do as much as you can without manipulating Ethereum.

      Reply
user

Author Bawga

Posted at 2:59 pm June 18, 2016.

We all need new update

Reply
user

Author noa

Posted at 3:58 pm June 18, 2016.
    user

    Author Héctor Ugarte

    Posted at 5:34 pm June 18, 2016.

    If they don’t fork, I do not see why you should call it crap. It is a very interesting and useful Bitcoin 2.0 technology.

    But if they fork, that will be huge, and very disappointing.

    Just to read this blog stating “A software fork has been proposed” is disappointing. But they are on time to save this framework just not forking it, and learning a lesson…

    Reply
user

Author Ageesen Sri

Posted at 5:44 pm June 18, 2016.

I invested heavily in the DAO but I still believe any sort of fork is dangerous and sets a precedent that will ultimately lead to the failure of the ethereum project.

Imagine if a group of influential people can decide to change the code and get the rest of the community to consensus…. what would that say to stakeholders in the system? That their investments may not really be theirs after all? That the codebase they used to make decisions to invest in Ethereum/theDAO is not as solid as they thought? That this decentralized system is actually more of a centralized one? That unlike the bitcoin network without a “leader”, that this system with a figurehead can suggest code changes that will “bail out” projects that may be “too large to fail”?

What would happen 10 years down the road if the ETH dev team decided that having one major stakeholder owning ether (let’s say 5% of all ether in existence) is not good for the ether economy? What if they decided to fork and leave those 5% of ether in an unusable state in a new blockchain? This is just one scenario that could play out with a precedent that is set based on fixing “errors” and “problems” in the network.

The ethereum foundation team has already shown it is capable of cutting people out of the “Founding Team” area, as seen by the outing of Anthony Di Iorio who was an important part of bringing ethereum to where it is today. Where is the mention by them that he IS a founder? I live in Toronto and watched first hand, the development of this project and will give credit where it is due. Now take this same concept of “cutting people off” and you can see where I am going with my train of thought.

I will take my losses in ETH because of my decision to invest in theDAO, but if there was a fork to fix this, I would quickly be getting out of the ethereum ecosystem and not coming back.

This person or persons who found this vulnerability in theDAO should NOT be labelled as hackers but as ingenious members of this community who took this exploit in the smart contract code and did (what I believe) is totally legal in the spirit of this project. Taking a found loophole in a contract, and juicing it for all it’s worth is common practice in the existing legal sector. This should not change in the blockchain world. We just need smarter smart contracts, and smarter smart contract writers. That’s the only thing to be truly learnt from this.

Me, and others like me, who invested in the DAO should take more effort in scrutinising the code before investing in the future. Hype will always be around for big projects in the future and it is upto individual stakeholders to vet, analyze and decide if a project is secure enough for them to be a part of with their hard earned funds.

You lose some, you win some. This is the world we live in. We all decided to invest, so I am more than happy to live with both my losses and gains in this industry. This is a project after all.

Reply
    user

    Author voronwae

    Posted at 8:14 am June 20, 2016.

    If you and I execute a contract and I work against you in bad faith, I have committed a tort against you. You have the right to take me to court over the harm I have done to you, and you will win.

    The Attacker has executed a DAO contract in bad faith. You don’t have to give him “kudos”. He really did, by the laws of most western nations, steal from you.

    Walking in through your open front door and removing your possessions is still stealing.

    Reply
      user

      Author Ageesen Sri

      Posted at 2:13 am June 22, 2016.

      If you and I execute a contract, and stick by the terms of the contract, then you did not work against me in bad faith. The Smart Contract Code are the terms, and this individual (or group of people) used the smart contract to execute in their favor.

      If I give you the keys to my front door, and you remove my possessions, it’s my fault. I may still win in a court of justice when claiming you stole my possessions, but the Judge will ask, why did you give him the keys in the first place?

      If you invest in something and did not read the terms properly (ie, the smart contract code), you cannot later say “Hey it didn’t work out to my advantage!”.

      The terms of the Smart Contract were laid out for the whole world to see. The attacker used this code to get the funds. Simple as that. Ethereum isn’t broken, the DAO code was.

      Reply
user

Author Arnold Buzdygan

Posted at 5:50 pm June 18, 2016.

Maybe Ethereum community should create the SolidarityDAO, whose resources would be allocated to compensate losses of investors wronged such a mistake in The DAO and possible future similar situations.
Means for the SolidarityDAO would be now result a crowdfunding solidarity communities, in future other DAO could “insure” giving a percentage of the collected funds to the SolidarityDAO.
So once acted traders conducting a risky trade caravans and ships. Together, dropping the loss of members of their community.
I might also appeal to the person who made the acquisition of part of The DAO to be 90% donated to such SolidarityDAO and 10% left themselves as acceptable by the community award for the indication of danger.
Sorry for my english, I dont talk this language.

Reply
user

Author Jeff

Posted at 6:13 pm June 18, 2016.

“Hard cases make bad law.” The fork will save a few investors in DAO now, but will destroy etherium.

Reply
    user

    Author voronwae

    Posted at 8:10 am June 20, 2016.

    I cannot see how you’re able to think that undoing a wholesale theft will do anything but enhance ether’s value. The theft itself, and the perceived lack of a central authority to respond to that theft, is what’s destroying ether’s value right now.

    Reply
user

Author Jeff

Posted at 6:28 pm June 18, 2016.

If anyone believes that reversing a single $50 million transaction is worth wiping out $750 million in Ethereum value … measured at the time of this post … I would ask that you think about it Theft is wrong, there is no doubt, but the market is speaking LOUDLY that this is not the path forward. Mr. Buterin I would implore you to see that the value in what you have created is lost once its integrity as a principled system is lost.

Reply
    user

    Author Stevo Mule

    Posted at 7:25 pm June 18, 2016.

    I fully agree. This issue with the DAO is currently hurting ethereum and could be the death of it. Although I am not from a programming background I have been following ethereum from its very early days and I would hate to see Ethereum confined to history because of this one issue. People who speculated with the DAO were simply that; speculators. As with any speculative investment you may get back less than you invested. As far as I can see this issue is not a direct failure of Ethereum but with a contract that was written on it thus Ethereum should not be dragged into this issue and no fork should take place.

    Reply
user

Author Driver84

Posted at 7:06 pm June 18, 2016.

Couple of clicks to start mining cryptocurrencies together with >45K people from all over the world. https://goo.gl/O5m4z9 join now!

Reply
user

Author Peter Hornik

Posted at 7:21 pm June 18, 2016.

There are methods to mathematically prove that a piece of software is written correct. If there are contracts which contain such an amount of money, you just have to make sure your code is correct, anything else is just… well it’s stupid. Write your contract in haskell, prove it on paper, do everything to make absolutely sure your code is correct. This had to happen. I mean… Is forking now some kind of new standard procedure if people exploit bugs in bad written contracts? Forking would really send a wrong message, and puts the whole idea of ethereum at risk, which btw works fine. Don’t sign a contract you haven’t read and fully understood, or at least have a very good reason to believe that the contract is ok that way.
It seems the attacker was the only person who fully understood the contract.

Reply
user

Author DE BEJARRY gil

Posted at 8:07 pm June 18, 2016.

Of course community must have compassion.
By some way is legit to ask for reset button If system turns absurd
Democratic voting system embedded in ethereum could be great for forking decissions
Those next 26 days turn as real live Laboratory , as giant POC.
Throwing the baby out with the bathwater isn’t stupid ?
“Global computing without computer” ‘is genius Idea

Reply
user

Author Dam Tam

Posted at 8:37 pm June 18, 2016.

So, what DAO tokens owners should do? (Long story short…)

Reply
    user

    Author Jeff

    Posted at 8:48 pm June 18, 2016.

    The DAO token owners in my humble opinion should accept the inevitable bailout. And it is inevitable. And then sell their tokens as soon as possible for whatever they are worth, which may not be much. The fork will destroy Ethereum as soon as people realize that the currency will always be subject to ad hoc “human override” – which undermines the only value of the blockchain. The new Ethereum is far worse that the banking system now because while both are subject to human error and greed, at least the banking system has rules. Ethereum has just been shot in the head.

    Reply
      user

      Author voronwae

      Posted at 8:33 am June 20, 2016.

      What is the “only value of the blockchain” in your eyes?

      You point out that Ether has no rules to match those of a banking system. Should there be rules governing acceptable behavior?

      Reply
        user

        Author Jeff

        Posted at 10:40 am June 20, 2016.

        The value is in the ability to eliminate a “trusted” third party. The fallible, sometimes good intentioned, sometimes not, judge of things like intent.

        Reply
user

Author vande

Posted at 9:10 pm June 18, 2016.

Here’s a post I found on another site.. Very good point (in my opinion):

Amidst all of the buzz about the hacking of the DAO and the consequences for Ethereum, everyone seems to be missing the most crucial point of all. The Ethereum Foundation stated quickly on its website that they identifed and effectively froze the hacker’s account. Also, Stephan Tual (the founder of Slock.It, the group that created the DAO) said:

“All stolen funds will be retrieved from the attacker.”

Now if you change the “will” to “can” in that sentence you get an interesting and crucial new reality:
“All stolen funds can be retrieved from the attacker.”

No other financial system ever has been able to make that claim.
The point is that peer-to-peer validation systems that store history well can provide a mechanism for reversion. In other words, a damaged system can immediately revert to a state from before the damage occurred! (wiki much?)

In the case of currencies, this is a huge win for the user-base of any currency. In the case of other distributed systems, the same is true.

Moreover, this is an example of a more general property of panarchy and the peer-to-peer future as a whole, that stems from understanding of complex systems. Some complex systems are not only resilient to certain kinds of attacks, but but actually improve as a result of disruptions! Popular scholar and author Nassim Taleb coined the term “antifragile” (his book, “Antifragile”) to refer to this phenomenon:

“The resilient resists shocks and stays the same; the anti-fragile gets better”.
While there are still ongoing, and healthy, debates about the response and the solution, they will invariably leaded to a wide variety of technological implementations, some of which will be adopted as improvements to the alternative economy as a system. It can be argued that this kind of evolution also happens in the currently dominant financial system of banks, etc., but that current system is run by elites with very private agendas. By contrast, the alternative peer-to-peer panarchical economy is, a system we can celebrate because it includes a global community of interested and motivated participants.

Reply
    user

    Author Héctor Ugarte

    Posted at 1:56 am June 19, 2016.

    The only thing I can conclude from your message is that you or the creator of that “post” know little or nothing about blockchain technologies… “a mechanism for reversion” That super mechanism that you talk about is just a basic modification on the miner software, so they will create new blocks allowing only some rules. Is that stupid solution a mechanism for revision? I don’t think so, It is just modifying how an existing system works to make it work as 50%+1 of miners agree. There is nothing special on that, and In fact there is no “damaged system” to solve so far, only a wrongly coded smart contract, and why not think that the famous “hacker” are the same developers of this faulty contract.

    “In the case of currencies, this is a huge win for the user-base of any currency. In the case of other distributed systems, the same is true.” This is completely false, the Ethereum network as many other cryptocurrencies are under control of the miners. That are just some few dozens of persons or “groups of interests”, the more you reduce this number the more you get close to a centralised system. If in some near future the majority of miners decide to freeze your account they will do it. The point of decentralisation is to avoid exactly that, and surely proof of work doesn’t help too much.

    Reply
      user

      Author vande

      Posted at 5:27 am June 19, 2016.

      It’s all speculation at this point.. and, we’re all entitled to out our own opinion.. Ether could be back at $20 next week. We don’t know? Cheers
      Subject: Re: Comment on CRITICAL UPDATE Re: DAO Vulnerability

      Reply
    user

    Author voronwae

    Posted at 8:39 am June 20, 2016.

    I’ve made a similar observation. Perhaps we’ve discovered a new aspect of a blockchain, the ability to reverse theft or fraud.

    That’s a strength, not a weakness.

    Reply
user

Author Swapster_com

Posted at 10:22 pm June 18, 2016.

Were the DAO tokens taken proportionally to each holder, or were there certain addresses/transactions that were completely wiped out while others remained untouched? I am looking at my holdings and they are at zero. I had expected to see ~33% missing… not 100%.

Reply
user

Author John Russo

Posted at 1:54 am June 19, 2016.

The development team can recover USD50MM “stolen” from a hacker and reaches out to the community that it has two options. What happens? People complain and whine for the developers stopping a crime in its tracks and returning the ETH to its rightful owners? Feelings aside the developers are being responsible and are looking out for the whole ETH community.

Reply
    user

    Author Gilles Champollion

    Posted at 6:29 pm June 19, 2016.

    You can do anything can be done without changing the blockchain management.

    Reply
    user

    Author Gilles Champollion

    Posted at 6:29 pm June 19, 2016.

    You can do anything can be done without changing the blockchain management.

    Reply
user

Author John Russo

Posted at 2:15 am June 19, 2016.

I just would like to know how a theft turned into a philosophy debate?

Reply
user

Author JJ Pieksma

Posted at 2:29 am June 19, 2016.

Quick response indeed. I did get liquidated at kraken for over $1000.-. That sucks..

Reply
user

Author Rufus Smith

Posted at 3:12 am June 19, 2016.

To those against a soft fork: Imagine if there was some simple syntax error in the DAO code that certain payments were off by a decimal point so some people go 10 times what they should. You’d want that fixed wouldn’t you? You’d want the mistaken funds returned, right? Its the same principle with this child dao mistake. A fix is needed. Funds should be returned.

Reply
    user

    Author Gilles Champollion

    Posted at 11:15 am June 19, 2016.

    You cannot change the ethereum rules only cause a mistake in your own application. The Dao is only 1 application in the ethereum ecosystem. The mistake must be corrected within the DAO if possible. If you have an error in you c-language program could you ask to change Linux to fix it ?

    Reply
user

Author semesilam

Posted at 3:57 am June 19, 2016.

May I comment… This is the dao hacker who drained ethereum.
https://github.com/chriseth
https://www.reddit.com/user/chriseth/

Reply
    user

    Author voronwae

    Posted at 8:30 am June 20, 2016.

    That’s a very interesting post. Can you provide more detail?

    Reply
user

Author Elias Bizannes

Posted at 5:55 am June 19, 2016.

Vitalik, thank you. You’re showing the leadership the community and now industry needs. Precedents like this will only make the future system more resilient and robust.

Reply
    user

    Author Gilles Champollion

    Posted at 11:16 am June 19, 2016.

    Vitalik has done exactly what a leader in his position dont.

    Reply
user

Author Pistoledev

Posted at 12:04 pm June 19, 2016.

Please keep in mind some points :
– Ethereum is a decentralized platform that runs smart contracts without any possibility of downtime, censorship, fraud or third party interference.
– TheDAO is over due to programming mistakes (no due to the exploit of there mistakes, this would happened sooner or later).
– Ethereum is not TheDAO.

This “hacking” event can have two possible outcomes: Increase Ethereum robustness and programmers consciousness or, corrupt all the Ethereum project philosophy…

By forking (shot, hard or whatever) the blockchain for “only” 50m$ we’ll touch two of the Ethereum “pillars” : no censorship and no third party interference (TheDAO investors interference on Ethereum platform)…
By trying to “save” TheDAO we may (I think “will”) kill Ethereum by changing “rules”.

TheDAO was based on Ethereum (as a platform), TheDAO is not Ethereum, we may vote NO, let TheDAO die and Ethereum live.
(I invested in these two projects and lose money, this said… but this is the game…)
ps: sorry for my english ^^

Reply
user

Author P. Muthukumarana

Posted at 3:49 pm June 19, 2016.

“Democracy is two wolves and a lamb voting what to have for lunch. Liberty is a well-armed lamb.” If we fork over this incident (no matter its deeply tragic nature), then what is there to prevent us from forking over every other “perceived injustices” of the future? The word “consensus” doesn’t mean everyone involved must agree to the fork – it just means the majority of the power players should agree to it. So imagine a hypothetical scenario in the future where a majority of the power players decide to fork all transactions that are unfavorable to them, by claiming “injustice”, while allowing transactions that aren’t unfavorable to them to go through (no matter how unjust those transactions are). The idea (of forking) is no different to the “Too Big To Fail” concept. The argument that “Too Big To Fail” uses public funds for the benefit of the few (at the top), but forking causes no loss to the general public is simply invalid. Maybe not this fork, but what about forks in the future? What happens if the majority of the power players rig the system in their favor? Humans are corrupt (and can be corrupted) by nature. This is why a crypto-currency tries to minimize human intervention. Bitcoin didn’t fork over the loss of bitcoins at Mt.Gox. That’s the right thing to do (no matter how tragic it is). Allowing this transaction to go through will restore confidence in the public that Ethereum is a truly decentralized currency. If people wanted a policed currency, they could have invested in the stock market and foreign currencies. The fundamental concept of crypto-currency is that there will be no policing of the currency. A fork will inevitably cause people to lose faith in the system, just as they lost faith in Wall Street. But unlike the government, we don’t have guns to force people to adopt Ethereum. Hence, this will lead to the general demise of this crypto-currency.

Reply
    user

    Author voronwae

    Posted at 8:07 am June 20, 2016.

    “If we fork over this incident (no matter its deeply tragic nature), then what is there to prevent us from forking over every other “perceived injustices” of the future?”

    Nothing. If the community decides to fork the blockchain in the future over perceived injustices, then there’s nothing at all wrong with that.

    The blockchain and the community, in combination, are a powerful tool to strengthen a currency.

    Reply
user

Author Rufus Smith

Posted at 2:57 am June 20, 2016.

Well, then some sort of code needs to be written to indefinitely prevent the withdrawal of the “hacked” ethereum past the 27 day window without harming the regular transactions.This sort of transaction was obviously not the intent of the smart contract. It falls under “unjust enrichment” in contract law and IMO no judge would support it. Let the “hackers” take it court if they want. I doubt they would.

Reply
user

Author Norman Stone

Posted at 5:43 am June 20, 2016.

The hard line assumes that consensus can repair bugs. That is crazy. Centralization, in the sense of a individual (or team of individuals) capable of solving glitches and proposing those solutions, will always be required. Consensus can be no more than a “weight” applied to those propositions. Every evolving system requires self-restructuring, including dismantling and reconstruction at every level. Mass consensus cannot be given this task. But it is also true that procedures can be reassigned to peripheral agents when they no longer require system-deep responses.

Reply
user

Author Norman Stone

Posted at 5:50 am June 20, 2016.

The hard line assumes that consensus can repair bugs. That is crazy. Centralization, in the form of an individual (or team of individuals) capable of solving glitches and proposing those solutions, will always be required. Consensus can be no more than a “weight” applied to those propositions. Every evolving system requires self-restructuring, including dismantling and reconstruction at every level. Mass consensus cannot be given this task. But it is also true that procedures can be reassigned to peripheral agents when they no longer require system-deep responses. This means the system can mature toward decentralization, and this is the most we can expect.

Reply
    user

    Author voronwae

    Posted at 8:24 am June 20, 2016.

    I’m glad that you’ve pointed that out. Unless there is a person or team to repair problems, nothing gets fixed. And unless the community is flexible enough to allow desirable changes to be identified and made without getting ideologically offended, the community and its efforts both fail.

    In this case, ether is not really useful if its contracts can be executed in bad faith and used to steal it. Writing a “bad contract” is common throughout history, but so is the concept of “bad faith”, the idea that both parties must execute a contract according to its spirit and not its exact letter.

    Reply
user

Author Vitaly

Posted at 6:08 am June 20, 2016.

This is just disgusting. The bug in DAO code leads to the organisation bankruptcy. It is not something unusual. Organisations bankrupt because of different reasons, including mistakes. Of course it is disappointing and I can understand people who has lost their money and want to recover them. But shit happens. Accept it. Attempts to DDOS the network, to make network-global changes just because of this one faulty contract are just disgusting and show that you’re not really ready for decentralisation and absence of a single controlling entity. If you let it go, it would mean DAO death, if you fork, it would mean Ethereum death.

Reply
user

Author voronwae

Posted at 8:54 am June 20, 2016.

I would like to point out a few things that seem to be getting obscured by theory and ideology.

First of all, if I leave my bicycle unlocked, and someone takes it, the thief has not blessed me with a valuable lesson; he has stolen my bicycle. The theft of the DAO was a use of the DAO’s tools to steal. At the least, that’s known as “bad faith” in the body of contract law of most countries, and it is illegal.

“Good faith” and “bad faith”, as legal concepts, are widely recognized and used in courts of law, but they are not widely known among the public. Nonetheless, if I use the terms of a contract to execute actions which conflict with the spirit in which that contract was agreed, the law is not on my side. If your brain is arguing with your brain right now, your gut knows more in this case.

Secondly, the use of a block chain to reverse large scale fraud is not a bug. It’s a feature. It should be touted by Ethereum proponents as an aspect of Ethereum which makes it more stable as a currency; after all, that is one of the widespread criticisms of cryptocurrencies, their potential instability without central authorities. Development of criteria and mechanisms toward fraud and theft protection should be a new Ethereum community goal.

What we, as humans, forget about all money is that it is a technological invention. We have decided as a society that money would be better if it were harder to steal, and we have law enforcement mechanisms to make money safer to use. Cryptocurrencies are just money, and making them smarter also must necessarily mean making them safer to use, i.e., less prone to crashing and less easy to steal.

If someone finally does take charge in all of this confusion (and the Attacker seems to be the only one capable of making decisions thus far), the DAO should be saved, not liquidated, the ether should be returned to the DAO for its token holders to decide what they want to do, and the Attacker should not be allowed to be rewarded further for his theft. I say “further” because he’s already shorted Ether in all of the markets, and he’s done just fine even if he doesn’t get his DAO proceeds. That will make ether a better currency for commerce, which, after all, is what currency is for. It will be safer, and therefore more stable, and miners should find that end much more profitable than allowing the Attacker to get away with it. Miners, you’ll make more if ether is perceived as “safe”.

Last, there is this common idea promoted by slock.it et al that the DAO can just be dissolved, the ether returned, and in a few months more DAOs can come forward for investment. This idea is incredibly naive.

If the DAO is folded up, it will be a failure. Tens of thousands of hours of people’s time will have been wasted on good faith efforts to make use of it, and the milquetoaste irresponsibility of the DAO’s founders will be rightfully recognized. It would be years, perhaps a decade, before anyone would crowd-fund a DAO the way this one was funded, and any similar efforts would find themselves compared to the Disaster Of The DAO.

The DAO’s founders should not imagine that anyone will be able tool up a new DAO and have any degree of success if this DAO is dissolved and its funds returned. Nor should they imagine that they will be able to return in any short (human lifetime) timespan with a new DAO for funding. Even if the DAO does not get its ether back, and proceeds with a smaller amount of funds, that’s a much more successful outcome than just folding up.

Keeping the DAO intact allows DAO token holders to decide for themselves whether they want the DAO to continue. If they decide “no”, they can use the existing mechanism to destroy their tokens and take their ether back. No new liquidation mechanism needs to be inserted. Why not leave it up to the DAO community, by preserving the DAO?

That path forward, preserving the DAO, puts a better light on ether whether or not the theft is undone. And if the theft is undone, ether will be hailed as a smarter currency for that new feature, the feature of better safety.

And for the purists arguing that ether will be destroyed by interference, ether is not really useful if its contracts can be executed in bad faith and used to steal it. Writing a “bad contract” is common throughout history, but so is the concept of “bad faith”, the idea that both parties must execute a contract according to its spirit and not its exact letter. And not allowing changes to ethereum or the DAO is basically saying that a technology, once created, cannot be improved.

On the contrary, promising technologies should be improved. In the cases of both the DAO and ether, a great deal will be lost unless the DAO is both improved and used as it was intended.

Reply
    user

    Author Gilles Champollion

    Posted at 12:32 pm June 20, 2016.

    1) “… he has stolen my bicycle” – I agree, he has stolen your bicycle AND the thief has blessed you with a valuable lesson.
    2) “Good faith” and “bad faith … ” – I agree, but who is the natural judge able to decide whether it is good or bad faith ?
    3) “the use of a block chain to reverse large scale fraud is not a bug …” – It is not a bug nor a feature, it is a SUICIDE ! wHO DECIDE what is remarkable for a reverse ? Who decide what is a fraud ? who decide – for example – if funds in a wikileaks account must be reversed, nulled or seized ? did you have ever a claim with paypal or any credit card operator ? They simply steal your money – do you want a blockchain able to implement a chargeback ? We rhave beautiful traditional jurassic bank for that.
    4) do not confuse “THE DAO” with “ETHEREUM” the dao is a service within Ethereum and the solution MUST be found within the DAO with absolutely no changes for ethereum. The blockchain should be preserved in almost all cases apart any intrinsic issue in its mechanism. When more stable and secure DAP will come to the light , there will be many tentatives to reverse transactions by governments, agencies, powerful people and so on. The Ethereum is a transnational dream do not transform it in a nightmare.

    Reply
user

Author abelpatten

Posted at 1:21 am June 21, 2016.

Relative to the Hard/Soft fork if this is even being considered there needs to be a set of clear protocols defining the terms by which a fork is allowable. Even then I believe it to be a great risk and has the ability to undermine the future of Ethereum. Setting a president of forking now changes the way the people think about Ethereum. People will now believe that there is a process or feature that will allow them to make mistakes then appeal to the block chain miners to bail them out. Wouldn’t this effectively make the ETH miners the judge and jury for incidents like this? Is that what we want? I think not. Relative to BTC forking to fix its bug this is a different situation Ethereum’s not being hacked The DAO is. The argument to use a fork to fix an issue with Ethereum’s code would be more valid as it would be Ethereums responsibility to solve its own mistakes. What a fork like this is proposing is that Ethereum should intervene to solve a mistake made by The DAO. If this is allowed what are the protocols to prevent splinter DAOs from abusing this “feature” in the future? Please don’t get me wrong I’m all for retrieving the stolen funds and finding ways to prevent situations like this from happening in the future but the reason this happened is because this technology is so new and The DAO got to big to quick. If only $1000 was taken would we even be having this conversation? Food for thought!!

Reply
user

Author Luke Williams

Posted at 12:33 pm June 21, 2016.

Definitely

Reply
user

Author Jaime Sandoval

Posted at 2:11 pm June 21, 2016.

DAO must assume losses, and not put in risk Ethereum project

A spanish related article: http://criptonoticias.com/ethereum-propone-muy-arriesgado-hard-fork-rescatar-dao/

Reply
user

Author Marius-K

Posted at 6:26 pm June 21, 2016.

IF there is a “Soft Fork” to Ethereum with a “new version” of the Ethereum Blockchain ( assuming that is how it may work from another posting.); What will happen to the existing Ether held by others ? Will there be Ethereum Version 2 with different Ethers and different Blockchain then the already existing Ethereum blockchain ?

If so, will the Ether held by the public be transferred onto the new Blockchain at equal value … if this occurs ?

or is the DAO Ethereum a Sub network running within the Ethereum Protocol ?

Reply
user

Author vlc

Posted at 11:09 am June 22, 2016.

Since the current design means that it is POSSIBLE to fix this (and / or at least buy time to decide on a final fix) without costing other parties any value, it should be done; openly and by consensus. If future designs make it impossible to negate ‘evil’ transactions, then fine. But right now the design allows it, so not exercising that option won’t make things any more sterile.

Reply
user

Author stream512

Posted at 10:55 pm June 22, 2016.

Vitalik Buterin EXPOSED as a Toyota Illuminati member
https://stream512.com/2016/06/22/vitalik-buterin-born-toyota-tercel/

Reply
user

Author Jon Kowalski

Posted at 11:17 pm June 22, 2016.

Naturally the DAO does not operate outside the law. If we assume it is some kind of “company” there are two main theories by which the law applicable to it can be determined, viz. (a) based on the place where it has its administrative headquarter or (b) based on the place where it was founded. Which of these two theories will be applied depends on the jurisdiction where the court will be. Where this may be depends on the plaintiff and the rules of civil procedure at the place where he or she will attempt to sue. As long as nobody sues the applicable rules (law) are not clear which appears quite awkward under the circumstances. The next question is then, what type of company, known to the applicable law, does the DAO resemble most closely. The rules pertaining to that type of company will be applied to the DAO by way of analogy insofar as practicable and reasonable. There are certain features of the DAO which make it conceivable that it may be held to be a “partnership” which is the type of company with the broadest definition and therefore serves as a catch-all. Usually resolutions of a partnership are made by the majority of the partners (either by headcount or depending on their share in the capital).

Those who believe that “the code is the law” means that the code must never be altered have not fully understood either of the two concepts yet. A law or code – actually anything – which cannot be altered when the circumstances so require would be extremely impractical and certainly bound to fail in a universe where change is the most common feature of everything. The question is merely the method by which something is changed that a group agreed upon.

It seems that the “management” of the DAO in the meantime successfully took some emergency measures. That’s what “management” is supposed to do. However, currently I don’t see anything that looks like a civilized decision making process and the reporting by the “management” to participants in the DAO (and the public) about the events is not very professional. In cases of crisis communication is of paramount importance (and, yea, takes some guts as natural instinct tells to hide away).

Finally, I think it is very good that this happened as it should provoke more research about what DAOs actually are and how they function. Why should this be the end of Ethereum or DAOs? It’s a great opportunity to learn!

Reply
user

Author Jon Kowalski

Posted at 9:06 am June 23, 2016.

Afterthought: There’s some who say the DAO should be wound down. Why would anybody do that yet? What rules would apply to such winding down? As at now nothing really out of the ordinary has happened. An entity which was running a certain business model has run into trouble. Happens every day. Currently this is a reorganization project. And the fact that the rules for such reorganization are fairly vague in the no-man’s-land of DAOs is intellectually challenging but no blocker for successful reorganization.

Reply
user

Author Albert

Posted at 12:38 am June 26, 2016.

I have read quite a number number of comments. I have invested in the DAO. If it decided not to fork and to let this thief take the money merely because he found an error in the code. I think that is a precedent that should not take place. It reminds me when the US banks were bailed out by their US Govt. buddies after the 2008 crash. millions of Americans got screwed. I suppose that was ok. Ummm I don’t recall any Americans responsible for this going to jail. Had the haker not been a thief and took the money for a project and it failed. Well that I can accept. But this is not the case. I believe the world has to see that in this decentralized community there will be thieves. And if the world wants to get involved in this brave new world, we As pioneers must make them feel that their money is safe from scum. That the 28 day grace period is there for the community to verify that all is good for everyone. That thieves weather they are bankers, govt. officials or black hatters, that they won’t be allowed to freely take the money because of incomplete code or the such. Becuase in the end, DOAs should be there for the rich and poor alike. So all can prosper by it.
F–k this guy or guys or mystery organization and let the world know that we have their back. Not like the US govt. did when they let millions of people loose their homes. Let the ethereum team and whom ever else is instrumental do the hard fork. We can start all over again. Then the next DAO just might have $500 million in the pot. Imagine the confidence that will be created.

Reply
user

Author Fernando

Posted at 8:33 am June 27, 2016.

If the community judges and sentences the DAO case then the community should judge and sentence every future similar case.

Reply
user

Author Learning about this stuff

Posted at 6:39 am June 29, 2016.

I’m not a savvy crypto guy.. but here’s a thought for a solution for this DAO disappointment:

1) Reward the “attacker” for finding a clever way to legitimately take / control the ETH in a way that this DAO was not expecting (In my opinion this DAO developer was super negligent). Maybe offer / negotiate that the community / token holders are okay with the attacker keeping 25% of assets taken but must return the other 75% to shareholders. Let the attacker have their 15 min of fame, receive a healthy reward and not have to deal with compromising the main purpose of the whole smart contract experiment

2) Ask the “attacker” to join forces with the Ethereum team (if not already participating) to develop best practices and / or DAO security reviews / checks because clearly they are good at this type of work. This service can be compensated for a healthy fee / salary paid for by Ethereum donators or maybe a small piece of minor generated ETH. This work will not last forever – once systems / best practices are in place the work is done. Attacker gets major compensation and helps build a more stable environment for new DAOs.

3) If problem happens again, rinse and repeat. I believe this type of thinking can improve DAOs in the future and increase sharing of knowledge / best practices. It’s like saying hey… you got me that was impressive… give it back but keep 25% for showing me what a bozo I am… and join my team and I’ll pay you big time to help prevent this from happening in the future. Clearly the attacker enjoys ethereum so why would they not want to help make this a better system?

I think the whole idea of smart contracts on ethereum is screwed with soft/hard fork thinking. I believe the major concern with this situation is not the ETH that was taken and value it represents to token holders… but the fact that the ETH that was taken can be used to significantly impact and influence ETH prices via controlling a large share of the market. That is why ethereum developers are interfering with what was supposed to be a solid contract.

Bottom line is this DAO developer is negligent and contributors to this DAO must be accountable for risk.

Maybe I don’t know what I’m talking about lol but I think something like this should be considered… maybe it already has been considered. I just found out about ethereum a month ago lol. Peace out!

Reply
user

Author Coenraad Loubser

Posted at 10:40 am July 15, 2016.

Human stupidity, the great democratiser!

Synonyms for “Human Stupidity”, from around the world: “Mistake” “Imperfection” “Sin” “Karma” … Perhaps “sin” is the real ultimate currency, keeping us in this world. Soon as you rid yourself of “sin” or “karma”, your will transcend… Read Andy Weir’s “The Egg”.

Reply
user

Author Dawna

Posted at 11:43 am August 30, 2016.

Finally got my hands on my own card via davidbejaminltd@outlook.com. I have been deceived into sending money to various companies without getting my card until i came in contact with David Benjamin. My card was delivered to my address in less than 4 days after i placed an order and meant the necessary requirement this company is reliable and true to their word i recommend davidbenjaminltd@outlook.com if you are in need of the programmed atm card.

Reply
user

Author Marie Ganoga

Posted at 7:43 am September 9, 2016.

My children were wanting OREA 124 this month and used an excellent service that has 6,000,000 forms . If you have been needing OREA 124 too , here’s http://goo.gl/HeoO8X

Reply

Leave a Reply to Coenraad Loubser
Cancel Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

View Comments (267) ...
Navigation