Out of the Ether. Matthew Leising
is required to be regulated from its moment of creation, whether that's through an initial public offering or a secondary offering.
Yet selling ether to the pubic in a crowdsale is a great way to raise money. So that's just what the Ethereum cofounders did. The Ethereum crowdsale in 2014 was one of the most successful at the time, netting over $18 million. By then the money was desperately needed to continue to develop Ethereum, but we'll get to that part later.
This dilemma of raising money to fund development was hardly unique to Ethereum. What about all the other applications people wanted to build? By late 2015 the crypto world was exploding with new projects that seemed to be sprouting up daily. Every one of them needed to raise money in one way or another if it was going to have a shot at succeeding.
The way the Ethereum community solved this fundraising dilemma circa late 2015 starts with a theoretical physicist named Christoph Jentzsch. It ends with something that sounds straight out of futurist nineteenth-century science fiction – a decentralized autonomous organization, or DAO, which is basically a corporation that runs entirely from a codebase, meaning no humans are involved once it's deployed. DAOs are also very difficult to govern once deployed. In between Jentzsch and the DAO is a startup called slock.it, which Jentzsch cofounded. Their product was called a smart lock, or a slock. (I always think of Evil Dead II when I hear the word slock, thinking of S-Mart. “Shop smart. Shop S-Mart.”)
A slock is an Ethereum-enabled lock, which you could put on your bike, for example. Someone with the slock.it app on their phone could come along and read a QR code that links to the bike's slock. The interaction is managed by a smart contract on the Ethereum blockchain. If the passerby pays the required amount of ether, the slock unslocks and the bike can be rented for a period of time. This is similar to how Bird scooters and the bikesharing systems that took over American cities in 2019 work, but slock.it preceded them by many years and is decentralized.
It was a clever idea, and Jentzsch and his partners had some fun when they unveiled slock.it at the first Ethereum developer conference in London in November 2015. Jentzsch gave a live demonstration in which he unlocked a slock that controlled a teakettle: pay the slock some ether and the power turns on to heat the water. As the audience watched, miners on the Ethereum blockchain verified the transaction. A few minutes later the kettle boiled and Jentzsch's partner Stephan Tual came on stage to pour himself a cup of tea. The look on Tual's face as he poured the boiling water was knowing but also held an air of wonder – like, can you fucking believe what we just did?
Slock.it hoped to connect the Ethereum blockchain to the Internet of things, or IoT, the catchall phrase used to describe the system that controls your smart refrigerator and smart thermostat.
Yet to make slock.it a reality and not just a demo, the startup needed money. So Jentzsch set the hook.
“I hope those things were amazing to you, but we have just another thing, a really cool thing,” Jentzsch said to his London audience. He then introduced his idea for having a decentralized autonomous organization act as a fundraising mechanism. The idea of a DAO wasn't Jentzsch's – that honor belongs to Dan Larimer, another early blockchain pioneer. Vitalik Buterin had also long been fascinated by DAOs, which he mentioned prominently in his 2013 Ethereum white paper, “Ethereum: The Ultimate Smart Contract and Decentralized Application Platform.” Now, though, Jentzsch said the way to raise money – not just for slock.it, but for any developer team that wanted to work with Ethereum – was with a DAO.
While the name is rather scary, the premise of this DAO is simple: Create a smart contract that will collect ether from people. In exchange for that ether, they are given tokens. The DAO token holders can then vote on projects that are seeking development funding. Token holders who voted for a winning project can share in the profit if the endeavor succeeds. In the world of finance this is similar to how venture capital works, except a DAO is completely automated and runs exactly as its code is written. Once a DAO is initiated, in other words, the process to change or fix a bug in its programming is complicated and relies on a stakeholder vote. It's asking code to be perfect from the get-go, in other words. And yet anyone who's run Windows will know how unrealistic it is to expect perfect code.
Jentzsch's idea proved to be more successful than his wildest dreams. The DAO became so popular, in fact, that it turned into a nightmare for the German. Instead of collecting the $5 million Jentzsch had expected, ether users poured $150 million into its coffers. Another way of measuring the DAO is that it held 11.944 million ether, which fluctuates in value, meaning the DAO's total holdings rose or fell according to the cryptocurrency's price. By Friday, June 17, 2016, it had ballooned to $250 million. It made Christoph physically ill, and his health and family life suffered. And it only got worse when hackers broke into it on that day.
●●●
One of the curious aspects of the DAO attack is that it stopped. The thief was inside, the mechanism for changing the code of the DAO was complicated and risky, and the Ethereum community might not have been able to mobilize in time to save the money that hadn't yet been stolen. Given enough time, the thief should have been able to drain every cent. But he didn't. Sure, $55 million had been snatched, but there was about another $200 million left. Why leave that on the table?
The best theory I've heard is that it has to do with the mechanics of the attack contract used – that is, the smart contract the thief wrote to steal the ether. The theory is that while the contract would work for several hours, it would also have a tendency to break after a certain time. And while you could try to launch the attack again once the original contract had broken, getting all the necessary variables lined up again could take time or simply not work again.
In any case, the original DAO attack lasted a bit more than seven hours. A total of 3.689 million ether was stolen.
The bug that the ether thief exploited was now in the public realm as blockchain sleuths pointed it out on message boards and reddit subthreads. The code itself, in fact, was viewable in the attack contract the thief had used, as it still existed in the Etherscan blockchain records. Not only could the original attacker be readying a second go at the DAO, a host of copycats could as well. And in fact, that's what started to happen.
Four days after the first attack, a second started. The mechanics were all the same; the only difference was the location where the stolen ether was sent.
The Ethereum community didn't take this lying down. From the first moments of the DAO attack on June 17, people tried to discover who was behind the hack and to figure out what to do about it. They would fight this. These were the people who had written the DAO code as well as other developers and programmers who had made a career out of working with Ethereum. A driving force in the group was Griff Green. One of the first employees at slock.it, Griff had realized early on the mysterious power of DAOs. Only he called them decentralized autonomous corporations at first, as in a paper he wrote on them for his master's degree in cryptocurrencies from the University of Nicosia.
If you meet Griff and for some reason don't like him, there's something wrong with you. He's a hugger, first and foremost, and an all-around genuine person. He was the mayor of Ethereum at this point in time; he knew just about everyone and was heading up slock.it's communication and community outreach. From the attack's inception, Griff helped recruit other Ethereum community members to form a kind of emergency response team. The beginning days were almost entirely organized via a Skype chat that they named Robin Hood.
“The Robin Hood Group was just a shit show,” Griff told me in 2017 when I was writing the magazine story. “I hope the movie portrays it better than it actually was.”
He's being modest; what the group did to save the remaining money in the DAO was amazing. Another member was Alex Van de Sande, whom everyone calls avsa, after his online name. While Griff was in rural Germany when the DAO was attacked, avsa was in his apartment in Rio de Janiero.
The Robin Hood Group (RHG) also included a few extremely good coders, like Lefteris Karapetsas and Jordi Baylina. They quickly figured out how to replicate the attack so they could break into the DAO in order to “steal” the rest of the funds to keep them safe (hence the name).
When