A ticking clock nudges ever closer, click by click, towards July 14. There is a sense of nervousness, the palms ease a slithery film of sweat, the fingernails becoming the “plat du jour”. Back in 1789, July 14 became France’s new sense of purpose when an angry crowd symbolically attacked the jail that traditionally housed anti-monarchy reactionaries of the day. It was to become the permanent French symbol of freedom that changed the direction of France irrevocably. And so it is with the Blockchain and its community, as it has to deal with its first significant test since easing into the corporate zeitgeist.
On July 14, around $50m of funds will automatically transfer to the parties that instigated an attack on what was to be the blue-eyed symbol of the brave new world of the Blockchain, the DAO (Decentralized Autonomous Organisation).
BACKGROUND TO THE DAO
In May this year, the DAO successfully raised the equivalent of $168m, via a crowdfunding campaign, based on the basis of a 29-page whitepaper. It was the world’ s largest crowdfunding campaign – that most people had never heard of. The DAO was further funded entirely by using the Ethereum cryptocurrency as payment (Ethereum is the smart contract platform for the blockchain), which represented almost 15% of the total Ethereum available in the market at that time. Many of the original Ethereum founders and members of the Ethereum foundation also invested in the DAO, and even though the DAO code had undergone preliminary security audits from some of the smartest people around, it soon became clear that there were vulnerabilities. One such vulnerability was exploited by an attack back in June.
The attacker was able to siphon c $50m from the DAO into what is known as a “child DAO”, exploiting a small, but critical, bug in the indelible code written into the DAO itself. As luck would have it, a 27-day delay was also indelibly set into the computer code for any transfer of funds out of any “child DAO’s”, and ultimately into the hands of the attacker. This 27-day delay expires on July 14 and developers from within the Ethereum and wider cryptocurrency space have been working around the clock to formalize a solution that is as desperate as it is necessary. To lose c$50m funds right now in the development cycle of the cryptocurrency and blockchain spaces would have too many adverse consequences (see our article on the DAO fallout for more ideas on this), and unless this can be stopped, these funds will automatically transfer to the attacker on July 14.
Not only are $50m of funds under threat, but also the whole credibility of the Ethereuem smart contract platform, its cryptocurrency and the public Blockchain itself.
If handled badly, this has the potential to set back the cryptocurrency space, perhaps irrevocably. The stakes are high; very high.
The ultimate objective for the Ethereum and the DAO developers is to ensure, with all available means at their disposal, that the attacked funds do not transfer into the hands of the attacker. Like a surgeon cutting out cancerous growth; the development teams have had to consider their final backstop, their lifesaving position in an almost desperate measure to ensure no loss of funds occurs. They are seeking to implement what is known as a “hard fork” to the Ethereum blockchain itself.
HARD FORK – THE PRO’S AND CONS?
A hard fork is similar to a permanent software upgrade. It equivalently means you cannot read old versions of the software. In this way, the majority of miners who form the infrastructure and the underlying security of the Ethereum blockchain have to agree to run the new version of the software underpinning the Ethereum blockchain. Once implemented, it should enable the attacked funds to be isolated, stopping the attacked funds from being transferred to the attacker. There are pros and cons to undertaking this:
- As a moral imperative, the community doesn’t want the attacker to get away with the attacked funds. The hard fork helps ensure this doesn’t happen.
- The attacker potentially would have access to a significant amount of Ethereum – around 15% of the total volume available. This not only has the potential to influence the Ethereum market, but also has potentially adverse implications for the underlying structure and security of the Ethereum platform itself going forward, especially when the protocol shifts to what is known as proof of stake (where future mining rewards are determined by the actual volumes of the Ethereum cryptocurrency held)
- Even if the original stated goal was for the smart contract code of the DAO to act as arbitrator & governor alone, there is an argument to say future projects will be better served knowing that there needs to be such a back-stop scenario if the worst-case happens – a kill switch if you like.
- Ultimately, all the Ether will be returned to the original owners, and it would be as if The DAO never happened. The lessons can be learned and the blockchain space can move on, far stronger for the experience.
- The promise of The DAO was that there is no explicit social contract, that the immutable code was king. The attacker just did what the code allowed them to do. So was the attack actually illegal? There is some opinion that suggests that by stopping the attacker from getting access to their funds, it compromises the ideology of immutable code making decisions unilaterally.
- The hard fork is reminiscent of the 2008 GFC ‘bailouts’ in the global banking system. Those were done to ensure confidence remained in the banking system. If the hard fork is carried out for one specific project by hard-forking the entire Ethereum blockchain, how will future projects be treated? Will other smart contracts that have mistakes in them also be ‘bailed out’? It presents an important moral dilemma.
- There are potential conflicts of interest between the developers working with the Ethereum foundation who have invested heavily into The DAO, and have no desire to lose money. This may be unfair to the other members of the Ethereum community who didn’t participate in the crowdsale.
- The move could push users towards other blockchains, especially private blockchains, that do not rely upon unknown parties. Indeed, at the recent Blockchain Summit in Melbourne this is already being seen anecdotally from many financial institutions. Can the Ethereum blockchain realistically be trusted with large sums of money over which the banks do not have complete control?
- The Ethereum blockchain may not be considered truly decentralized by application developers in the future. Developers may be incentivised to move to other platforms and blockchains in the future to create truly decentralized applications, where the code is everything.
- Regulation – if it can be shown that the transfer of funds can be blocked, what is to stop regulators saying “a specific transfer of funds was a terrorist organisation and if you don’t cancel it you are going to jail?” The hard fork could present an uncomfortable precedent – just consider the dilemma that Apple faced over the authorities requesting a “back door” be created for their iPhone operating system.
The decision to hard fork is a difficult one, and the Etheruem foundation is caught between a rock and a hard place – damned if they do and damned if they don’t , but
“Desperate times call for desperate measures.”
Whilst Ethereum has gained a lot of popularity among developers, investors, and even the financial industry, the hard-fork is also a fork in the road for Ethereum and its future. No matter what the community decides, it will colour the applications that are built on Ethereum going forward. How the broader business community reacts is something we’ll have to wait and see – with interest.
The incident highlights how new the whole blockchain space really is, how raw the technology is and how quickly things can sour on a project. In a matter of weeks, the DAO has gone from the blue-eyed child sold as a testament to new governance models, to a cancerous patient requiring life support. But as the French discovered with the storming of the Bastille they found a new found sense of freedom by attacking those that attacked the beliefs of the crowd, which has lasted to this day. Let’s hope on Bastille day, the hard fork enables the blockchain to discover a new sense of freedom and that, despite its controversy, it succeeds in ensuring no money is lost and that deep lessons are learned as a consequence of the whole debacle.
Without it, the blockchain is in danger of being relegated to being an experimental technology that is just too risky for widespread commercial adoption.
If you are interested in understanding more about the Blockchain, its power and its challenges, why not check out my new book Down The Rabbit Hole, a book for business & non-technical people, like you, to truly understand the Blockchain & to capitalize on its power. Its available on :