By Paul Vigna for WSJ
A futuristic experiment appears to have fallen prey to a common technological risk, as operators of a new investment fund based on a digital currency said they had suffered a catastrophic hack.
Founders of the fund DAO, which stands for Decentralized Autonomous Organization and was built around a digital currency called Ethereum and which raised more than $150 million this spring, said Friday morning they have been forced to shut the fund down and plan for its unwinding.
The attack spirited away funds from DAO to another account, apparently by exploiting a loophole in its code. The Ethereum Foundation said on its website that the hacker’s account, which currently holds 3.6 million ether, was identified and effectively frozen. The foundation said that through a coding process calling forking, the transactions that fed into that wallet will be neutralized, and a “hard fork” will restore the old account balances, which will then be returned to the original holders.
“The DAO’s journey is over but all funds are safe,” Stephan Tual, the founder of Slock.It, the group that created DAO, told The Wall Street Journal via email. “All stolen funds will be retrieved from the attacker.”
The attack occurred in the early morning hours on Friday and quickly led to drastic plunges in the price of the DAO tokens and the Ethereum currency itself. The price of Ethereum was around $21 before the attack started. Within an hour, it dropped 38% to $13. It is currently trading around $16.
The hack didn’t target the Ethereum network itself.
“DAO token holders and Ethereum users should sit tight and remain calm,” Vitalik Buterin, the creator of Ethereum, wrote on the Ethereum Fuondation’s blog. “Exchanges should feel safe in resuming trading.”
Still, it is a black eye for the industry. DAO was set up in May as an experiment in using digital currencies and self-operating digital contracts to create a venture-capital fund that could run itself. But it was criticized early on for being poorly constructed, and there were calls for it to halt operations while it worked out its bugs. Those criticisms now appear prescient.
DAO’s funds were planned to be spent supporting Ethereum-based startups through a proposal-and-voting mechanism. Startups would request funding, DAO stakeholders would vote on it, and if the proposal was approved, funds would automatically be dispersed.
The startup began a crowdfunding drive in May. Investors put in Ethereum and got tradable DAO tokens in return, which conferred voting rights. DAO raised more than $150 million of Ethereum through the month, far more than its creators expected. That made it the top crowdfunding effort on record and brought a high degree of attention in the cryptocurrency world and even from mainstream media.
Write to Paul Vigna at firstname.lastname@example.org
First appeared at WSJ