Have you ever heard of a smart contract? If yes then often you have heard about the “DAO” hack. Well, why I’m associating DAO with the smart contract because it is also a smart contract that was hacked in 2016 due to one of its vulnerability exploits. As we all know the smart contract is a set of codes that are embedded into the system and then run. So the single loophole in the designed code can lead you to a severe loss. This is what actually happened with the DAO smart contract. To know more about this hack, I encouraged you to stay tightly bound with this article. So, there's no time to waste, let's start now.
What Is the DAO Hack?
DAO stands for Decentralized Autonomous Organization, also known as "The DAO", it was actually a smart contract deployed on the Ethereum blockchain and it was responsible to manage the various activities in the Ethereum blockchain such as:
- Manage a pool of funds
- DAO provides a transparent, decentralized platform for users to pool their digital assets and can also make collective investment decisions.
- It is commonly used in the various application such as investment funds, social networks, gaming platforms, and others
- DAOs operated as decentralized which means they excluded the use of intermediaries
- Ad DAOs were a smart contract which means its working was according to the predefined rules and regulations.
But history hit the DAOs infrastructure badly, 2016 was the dark year of this specific smart contract. This year it was hit by a cyber attack and hacked. In this hack, hackers steal all the Ethers (ETH) associated with this contract including all users. As a result, investors have to face a big loss, they lost all their Ether in this attack.
This attack happened due to severe vulnerability in the code of the smart contract which is a “Recursive Call Bug” and the function name was “SplitDAO”. This function is called when the users want to withdraw as well as this particular function facilitates the user to withdraw at any time. Whenever the user withdraws, the function is called backend. After then a new child DAO was created in which the funds of the users were transferred. Well, this function contained a code bug through which the hacker recursively calls this function, known as a “Recursive Splitting Attack”. With the help of this attack, hackers steal 3.6 million Ether (ETH), which was encountered as a big loss.
This attack highlights the importance of the “Secure Software Development Life Cycle” as this attack proved that even a small bug can lead you to a big loss, so that’s why secure design and development should be a necessary part of each organization. And all organizations must add best security practices into their routine activities. So that they can protect their products from future attacks.
In conclusion, DAO was a smart contract deployed on the Ethereum blockchain which aims to eliminate the intermediaries and provide a secure, decentralized platform to the users. DAO was encoded into the computer in the form of code. But there was a loophole in its coding file in the function “SplitDAO” due to which it was under attack called “Recursive Splitting Attack”. In this attack, hackers steal 3.6 million Ether (ETH) which was a big loss.