With smart contract development focused on the Ethereum blockchain platform, the first DAO (Distributed Autonomous Organization) launched with an estimated $160 million in crowdfunds.
On June 17, a hacker exploited bugs in Ethereum’s code and siphoned $60 million from the DAO.
This heist affects DAO investors, along with many technical leaders, blockchain developers, and Ethereum developers who are personally invested.
Developers used the same bugs to distribute as much as $40 million of the remaining funds into other somewhat safer accounts. Additional funds have been transferred into accounts held by unknown parties.
The fundamental concept of smart contracts is that “the code is the law”. There is no authoritative document describing contractual terms or intent other than the actual smart contract code. This philosophy is central to the smart contract ethos. But if there is a bug, that implies that the bug is part of the de-facto law and that what the hacker did by exploiting the bug was perfectly legal.
The DAO code has built a 28-day freeze into the system, so the hacker cannot withdraw funds until then.
The hacker alleged that his lawyers defend the legality of his position. If that holds, then cybersecurity is about to create a whole new specialty where finding bugs can be lucrative and legal.
If the courts or the developers intervene to effectively “roll back” the hacker’s transactions in order to recover the funds, then the whole concept of autonomous smart contracts is endangered.
The fact that some of the developers are faced with the choice of arguing contrary to their principles or face dire financial consequences makes the arguments and the eventual outcome even less clear. Time will tell.