Research

The DAO

The DAO, a Distributed Autonomous Organisation, was created by a group of coders that set out to create the first decentralised venture capital fund. It was subsequently drained of around USD 50 million worth of Ether.

First Published 22nd June 2016

The DAO

'Make it Rain' with all that non-existent Ether.

3 min read  |  Reflare Research Team

We have previously covered the deregulated nature and inherent instability of cryptocurrencies in previous instalments of this briefing. This week, a company called The DAO and its Ether currency were the victims of what they call a hack but which is turning out to likely be the abuse of legitimate platform features.

To put the attack into perspective, we will have a look at the abuse of a special offer made by the US Treasury in 2011. Buyers were able to buy $10 US coins for $10 with no shipping fees charged. Enterprising individuals quickly realised that they could thus buy thousands of dollars worth of coins using their credit cards and then use the acquired coins as legal tender to pay off said credit cards and repeat the purchasing process. This allowed them to quickly accumulate large amounts of bonus points and miles.

The attack on The DAO is similar in nature. The DAO offered a split feature on its Ether that was exploited by a regular user. Every time a split was performed, a user would be awarded some bonus Ether. The attacker figured out that he could split the cryptocurrency and then split it again on the previous split indefinitely. It appears that splits were then automated and performed extremely often. This caused the cryptocurrency platform to be quickly drained of funds. Reports estimate that the attacker was able to accumulate up to USD 50 million from the exploited feature.

This latest abuse once again highlights the underlying issue of all current cryptocurrencies: Due to their volatile and unregulated nature, they can yield high returns but can also easily lead to a complete loss of investment. The DAO has gone offline to address the loss of funds. The attacker, or someone posing as the attacker - claims that the money was legitimately earned and is threatening legal action if The DAO should attempt to recover its losses.

In a regulated environment, financial institutions rely on a number of specialists from compliance, to finance, to legal, to development to security to safeguard their assets. Cryptocurrency marketplaces are usually developed by a small number of people, who commonly only have a development background. This greatly increases the likelihood of critical vulnerabilities being exploited. The appeal of cryptocurrencies is largely that of the "wild west", where huge earnings and losses are possible.

Before you trade, always understand the potential pitfalls. If you wouldn't feel comfortable placing assets in conventional high-risk financial instruments, you shouldn't place them in cryptocurrencies either.

Subscribe by email