The DAO Attack: Who’s To Blame?



Stop Thief!

Within the whirlwind of discussion after the recent DAO attack, some people within the community have developed a perspective surrounding the attacker that I’d like to challenge.

The perspective is that the attacker hasn’t actually done anything wrong. In fact, they’ve provided a great service to the DAO and overall cryptocurrency community by pointing out fatal bugs within the codebase. Some even go so far as to congratulate and praise. Their actions will, as it’s pointed out, allow us to make our future projects more resilient and secure. It’s also argued that the attacker should be exempt from any “human moralizing” because they simply conformed to the rules within the code itself. They executed a function, and that function ran as expected. Additionally, nothing new was introduced into the environment like common viruses do, nor should anybody be surprised that a risky investment went belly up. In fact, the 50 million dollar heist is actually the fault of the token holders themselves for trusting such a risky project!

I think we can all agree that the wisdom gained from the attack will not be overlooked. It’s extremely valuable information that we as a community will use productively and learn from. However I’d like to argue that despite this seeming benefit, the attacker should still be regarded as a thief who harmed not only the token holders, but the entire cryptocurrency community at large.

Case in point. Nobody can dispute how much the Slock.it team has done for the Ethereum community during the months leading up to this event. Hours upon hours spent writing code, speaking at conferences, giving back to the community. Unlike many people who talk about making the world a better place, they’ve actually been dedicating their lives everyday to actually doing it. People like Griff Green who gave so much excitement and inspiration to all of us. Now, instead of watching the tremendous creative energy of the human spirit, we have the predictable aftermath that comes when people like James Taggart, Wesley Mouch, or this attacker contribute their ideas to the world. All for what?

If the argument is that it’s appropriate to commit such an act out of the desire to reveal bugs, then I would never want to write software with you. This kind of act wasn’t needed to fix code defects, hell, we all knew they existed already and were in the process of fixing them. Anyone who writes software for a living knows that programs are never bug free. Yet, we don’t go around attacking other people’s applications. We submit pull requests.

Nowhere in the contract of the DAO did it say “We reserve the right for the Ether you invest to be transferred to a random address, never again to be given back to you”. If it did, no one would have invested in the first place. The implied contract was, and always has been, that the Ether belonged to each investor via a proxy called DAO tokens. We were operating under the implied assumption that we maintained full control over our invested Ether. Unless of course we decided to invest in a curator by our own choice. That last part being very important.

We should be very clear about this: the attacker stole our property. Were we storing it with a third party? Absolutely. Are there risks involved with doing that? Of course there are. However lending my laptop to a friend, who is consequently robbed, doesn’t change the fact that the thief is a terrible person.

I’d like to be upfront about the fact that I’m a token holder myself. I didn’t invest much, but it still affected me. And while it is discouraging, I still support not forking at all if doing so would mean compromising the health of the Ethereum network. I take full responsibility for the choice I made and don’t expect anybody to pay for my risk.

Yet loosing money isn’t what I’m upset about. What actually bothers me is the opinion of the attacker that I’ve seen develop in our community during the last two days. I’m not being facetious when I say if there ever was an enemy in this world, this person would be the prototype.

The antagonists of mankind. The destroyers of progress. The depletion of productive creative energy simply for the lulz and their own ego. At least JP Morgan and Goldman Sachs offer some services for people, however morally bankrupt. This was literally destruction to watch the world burn; Atlas Shrugged style.

Meanwhile the people we should be thanking and respecting for their contributions suffer unnecessarily. Not to mention at the same time preventing the rest of us from ever experiencing the brilliance that could have been created; limited only by the efforts of our own minds and creativity. I encourage you as a member of this community not to look at this person as some kind of hero, but for the anti-social, anti-progress criminal that they are.

During the recovery period, we should take time to remember why we’re creating these projects in the first place. What’s the purpose of it all? We’re rapidly approaching a time where code will run most, if not all of our lives. As technology progresses and begins challenging our commonly held beliefs, it’s important for us to maintain our humanity. It’s important for us to remember why we’re creating these amazing machines in the first place. We’re creating them to serve human beings. We’re writing DAOs in order to improve human flourishing and enrich our lives. However, we can’t do that if there’s no longer a human to enrich.

  • albie_cilliers

    I wonder what John Galt would have said ?

    • I don’t think he would be very happy about the situation 🙂

      • albie_cilliers

        I agree. And he wouldn’t have asked for a bailout either. There should be a distinction between the Ethereum blockchain/technology/platform (which is sound) and a failed application using it, ie the Dao.

        • MJ

          Interesting. So a platform that allows failed applications to run on it is sound? I apologize if it sounds like trolling, but I need to her this line of logic all the way out.

          • albie_cilliers

            Not sure what your own logic is or what you are implying, but it seems you are arguing a system/platform should cease to exist because it allows participants that fail ? That seems really weird thinking. So casino’s should all close because some participants/players/gamblers go bankrupt ? Or Venture Capitalism as system/platform should cease to exist because it allows for failure of firms ?

          • MJ

            Sorry–I meant that your conceptual division between the soundness of a platform and the quality of applications that runs on it seems a little arbitrary. Ive been ready about bugs in the Solidity programming language somehow contributing to the poorly executed code with The DAO (among others). How am I to proceed as a non-technical investor and/or user?

            It would be sad to think that my lack of programming auditing skills preclude me and most people from participating in blockchain environments. And that’s because relying on conceptual understanding is too risky. Sorry but this is how I perceive the disagreement at hand. I’m sure I’m not alone in this assessment, but please correct me if I’m wrong. But if I’m right, then I’m afraid that blockchain technology is going to remain a (relatively) “small-tent” community.

          • MJ

            And now this…

            http://www.joeykrug.com/home/a-serpent-send-exploit

            So, who’s to blame for this this a problem? If one looses their cryptocurrency because the wrong programming language, who’s to blame? Should the user know better even in these scenarios???

          • albie_cilliers
  • Joshua Davis

    There are white hat hackers which operate to steal things too but they never deceive themselves to believing that the things they stole belong to them.
    https://www.reddit.com/user/btcrobinhood
    http://www.coindesk.com/new-cracking-tool-exposes-major-flaw-in-bitcoin-brainwallets/

  • Mark Ranford

    Good post Andrew. Agree with your points. Unfortunately I see so many bitcoiners telling the Ethereum community not to hard fork because it will destroy the protocol. Yet most are hoping are to see ethereum fail for fear that it will supplant bitcoin. That in itself should inform the Ethereum community what Bitcoiners believe is most dangerous for them. They would prefer that the ethereum community does not come together and agree a consensus majority to hardfork. Hardfork is really the only sensible option now, soft fork and fixes involve risks and may take too long and be more damaging.

    A hard fork means we do not let 20,000 or so early ethereum adopters get taken to the cleaners.

    1) Ethereum will not take off without Dapps that are considered “safe”.
    2) Dapps will not be successful without users that can feel “safe”
    3) Users will not adopt anywhere nearly as fast as they would have if they dont feel “safe”
    4) Seeing a history where people have lost everything they invested and over $150M USD worth of eth in total and yet saw the ethereum community did nothing when it was possible to recover those funds will make many people question the whole ethics of the platform, rather than feel assured.
    5) Future users will also question where the ethereum community’s priority lie when the see how those early DAO token holders were ridiculed and vilified on top of losing their funds
    6) Mainstream users will not feel safe when they hear that they should not be surprised or upset when losing funds unless unless they check for themselves that the code is safe enough, and that it has been checked repeatedly by the best minds in the ecosystem.

    Like yourself I believe a significant number of the DAO holders were the kind of people who are believers and leaders for changing the world for the better through decentralization. To throw these people to the dogs is much worse than just burning 20,000 users. These were the ethereum champions, the evangelists, the vanguard, the people ready to put hard earned savings towards projects in the ethereum space that they hoped could change the world. These are precisely the early adopters ethereum needs, to fail these people would be very shortsighted and long term far more damaging than any short term setback that arises out of the need to make sure the issue is resolved fully.

    I hope sincere ethereum people, developers and miners can see through the noise created by those wishing to see ethereum fail and come together as a united community. In this respect Vitalik Buterin really has shown himself to be a shining example of a leader, not just in terms of technical prowess, but in balanced, calm and nuanced thinking and communication to the ethereum community at large.

    • Thanks for sharing your thoughts Mark.

      You make a lot of salient points. I also find the antagonist attitude of Bitcoiner’s towards Ethereum rather strange. Why so much competition and hate? It’s not as if exchanging your Bitcoins into Ether and vice versa is an arduous process. We’re all on the same team. Maybe it’s simply a result that the people interested in crypto at all are mostly teenagers; or at the very least have an immature personality.

      Again, I think it’s important to highlight the fact that this was theft. It wasn’t the result of a company going out of business because of poor insight into future market demand. The 2008 bailouts we’re so ghastly because it was literally socializing the losses while privatizing the gains. This is nothing like that.

      Another way to look at is if “The DAO” was a Wallstreet hedge fund that was stolen from by an attacker, we would expect the hedge fund to have its day of justice in a court of law.

      One of the reasons why this is so controversial is because barely anybody knows what the hell “a DAO” or “The DAO” even is.