Changing the rules in the middle of the game. Rescuing the investors who took big risks at the expense of those who behaved prudently. Undermining the credibility of the system.
No, we're not reminiscing about the 2008 global financial crisis. All these familiar plotlines resurfaced Friday in the cryptocurrency world in response to a $60 million theft. The situation has profound implications for the viability of distributed systems and smart contracts, and raises questions for banks that have been considering the Ethereum network as a possible basis for their own blockchain solutions.
The attacker stole the funds — denominated in ether, the cryptocurrency native to Ethereum — from a kind of automated venture-capital fund called the DAO. The most controversial proposed fix would turn back the clock to before the attack occurred, thereby undoing the theft, like Superman bringing Lois Lane back to life by reversing the rotation of the Earth. This would amount to nothing less than a bailout of the DAO's beleaguered investors, jeopardizing the credibility of Ethereum itself.
Below is a breakdown of what we know about the hack and its consequences, what we don't know and what it means for financial institutions investigating the promise and peril of distributed ledger technology.
What We Know
The DAO, which stands for Decentralized Autonomous Organization, launched in May as an open-source project. The brainchild of Slock.it, a startup in Germany, the DAO takes the form of a smart contract running on Ethereum, a public cryptocurrency blockchain similar to bitcoin.
A monthlong crowdsale of DAO tokens, which serve essentially as voting shares in the fund, raised $162 million worth of ether and was hailed by the Ethereum community as the biggest crowdfunding campaign in history.
Like other smart contracts, of which there are, as yet, few examples in the wild, the DAO was designed to execute the terms in its code automatically, without the need for human intervention. Indeed, proponents argue that the contract is the code, and that smart contracts — living on a blockchain, viewable by all parties — could be more efficient and more transparent than traditional agreements.
What has now become clear is just how devastating the consequences can be if that code is flawed.
The attacker exploited a previously unknown vulnerability in the code of the DAO to siphon 3.6 million ether away to a separate entity, known as a "child DAO." At one point worth more than $60 million, the illicit cache dropped in value after news of the attack sparked an ether sell-off. It was worth about $50 million at time of writing.
In a Reddit post, Ethereum's founder, Vitalik Buterin, asked the online currency exchanges to suspend trading of ether and DAO tokens as well as deposits and withdrawals of the cryptocurrency until Ethereum's core developers could stop the bleeding.
In a sense, nothing has yet been stolen. The rules of the DAO prevent its attacker from spending the ill-gotten ether for the next 27 days. Within that time, the Ethereum community could decide to roll back all transactions on the network to a point just before the theft — a so-called hard fork — or to update the network to block any transactions from the attacker's ether address, an option known as a "soft fork."
Either option would require a majority of the network's miners to agree to install a new version of the Ethereum software in place of the existing version.
Buterin threw his weight behind a soft fork, saying in a later post that he "encourage[d] miners to upgrade to a client version that supports the fork." Neither Buterin nor Slock.it returned requests for comment by deadline Friday.
In a separate post on their own blog, Ethereum's core developers also pushed for a fork, saying they would like to give the community "the option to agree on another state of the world."
Such a move, however, would seem to contravene the whole spirit of the Ethereum project. It would amount to a bailout of a single, albeit an especially large and notable, smart contract by a majority of Ethereum users, said Patrick Murck, a lawyer and researcher at Harvard University's Berkman Center.
"The contract is the code, it's unstoppable code, it's unbreakable, it's self-executing and autonomous — right up until everything goes wrong. And then, 'No no no no, that's theft!' Which is some social norm that we've attached to it that's not based in the code, and then we're going to stop the whole system and basically bail it out," he said. "Is this something we're going to do every time a smart contract fails? Or is this just because there are a lot of [Ethereum] insiders in the DAO?"
What We Don't Know
Besides the loss to investors, the theft raises troubling questions about the governance of ostensibly decentralized systems.
If the top investors in something like the DAO are also among the leaders of the blockchain network on which it runs, what is to stop them from bailing themselves out even to the detriment of average users? On the other hand, without central leadership, can a complex system carrying more than $1 billion of value — as Ethereum does — react appropriately in times of crisis?
In their early days, open-source projects need "enlightened and friendly dictator[s]" to keep things ticking over, says Alexis Roussel, the co-founder of Bity, a digital-currency exchange which partnered with Slock.it to launch a commercial contract service around the DAO. Linus Torvalds, the creator of Linux, is a famous example. Even Satoshi Nakamoto, the shadowy creator of bitcoin, operated in such a fashion in bitcoin's early days to keep the network on track, Roussel argued.
Once the project gains traction, the original leader can take a step back and allow true community consensus to reign in his stead. Bitcoin has passed that point, said Roussel, while Ethereum has yet to reach it.
Peter van Valkenburgh, the director of research at Coin Center, a think tank in Washington, took a similar view of Ethereum as a nascent ecosystem beset by challenges.
"This is a laboratory for community governance, and it won't always be pretty," he said in an emailed statement. "But it's important we let the process play out, and take a longer view of the evolution of these fantastic new tools."
As yet, no decision has been reached as to the future of the Ethereum network, whether a majority of its miners will pursue a hard fork or a soft fork or whether, instead, they will resign themselves to the loss of tens of millions of dollars in cryptocurrency.
Some experts say that if Ethereum forks, the damage to its reputation could be severe.
"If a smart contract reverses on you, how is it any better than a regular contract?" said Emin G n Sirer, co-director of the Initiative for Cryptocurrencies and Contracts at Cornell Tech.
Murck goes further. "The DAO thing is already bad," he said. "But it feels like we're at a critical point for Ethereum, where they could just do the hard thing and say, 'I'm sorry, but that's how open systems work,' or they can make things a lot worse for the Ethereum project by setting a precedent that they will censor transactions and roll back mistakes."
The take-your-lumps approach is appealing inasmuch as it avoids moral hazard and preserves the principles of the network. On the other hand, said Sirer, "the intent of the DAO was not to act as a capture-the-flag competition for some hackers. There's really no good path out of here. There will be a lot of heartache."
By now even the largest banks are investing heavily in blockchain research and partnerships, lured by the potential of the technology to cut costs, reach new customers and increase transparency. Ethereum has positioned itself as a leading platform for blockchain solutions, and particularly of smart contracts, which have the potential to reduce the need for expensive lawyers and compliance officers.
But in light of the DAO exploit, banks will need to proceed with caution.
"Writing smart contracts is much more difficult than people realize," Sirer said. "Language for writing them needs to be targeted toward creating robust, well-understood code. At the moment it turns out it's all too easy to write code but it's not easy to write robust, secure code that others can take as a financial contract."
The DAO, for its part, may be effectively dead. It is still running for now, which is to say that token holders can propose projects and vote to fund the deserving ones, but winning back users' trust may be impossible. Companies will likely shy away from fundraising via the DAO, leaving investors in the fund no way to earn risk-adjusted returns.
"The governance structure of the DAO has questionable viability," said Kirill Gourov, an early bitcoin adopter and analyst at Expand Research, where he covers fintech and potential blockchain applications across various industries. "You lose the benefits of a fiduciary, where a fund manager has a legal responsibility to act in the best interest of the client. You lose every risk and compliance control around fund withdrawal. You lose all legal recourse since there isn't a liable party."
In other words, as sexy as decentralized systems and automation are these days, human involvement is still necessary in many areas.
"Looking at traditional fund management and financial services and the number of safety measures and compliance protocols in place, you start to realize the downsides of fully automating the process," Gourov said.
The whole situation may prompt a reconsideration of just how self-sufficient smart contracts can be. "If you take as an assumption that the contract is the code, is this even theft?" Murck asked. "I mean, [the vulnerability] was in the code."