OnChain Fog Start Here 中文
Industry Events

The DAO Hack of 2016: The Attack That Forced Ethereum to Fork

2026-05-29 · 链上迷雾

To understand why Ethereum looks the way it does today — why ETH and ETC both exist, why people get tense when “code is law” comes up, why every audit report is read and re-read — you can’t skip the event that forced the whole ecosystem to take sides in 2016: The DAO hack.

Timeline: from record crowdfund to drained vault

Reading this story in order makes it clear it wasn’t simply “a hack” — it was a chain of decisions stacking on top of each other.

When What happened
Apr–May 2016 The DAO launched its crowdsale, raised about 11.5 million ETH (~$150M at the time)
Jun 17, 2016 An attacker exploited a reentrancy flaw, siphoning ~3.6M ETH into a child contract
Jun 17–27, 2016 A 28-day delay locked the drained funds; the community argued about what to do
Jul 20, 2016 Ethereum executed a hard fork, rolling stolen funds into a recovery contract
After Jul 2016 A subset of nodes refused the rollback and kept the old chain — Ethereum Classic (ETC) was born

In two months Ethereum went from “biggest decentralized crowdfund ever” to an existential crisis — and arrived at an answer no one was fully happy with.

What was The DAO supposed to do?

The DAO stood for Decentralized Autonomous Organization. The pitch sounded futuristic in 2016:

  • Investors sent ETH to the contract and received DAO tokens — effectively shareholder votes.
  • Any team could submit a funding proposal; token holders voted yes or no.
  • The contract auto-distributed funds based on votes. No CEO, no board, no bank account.

It was briefly hailed as Ethereum’s killer app. Within weeks, ~11.5M ETH poured in — roughly 14% of circulating supply at the time. That number alone planted the seeds of every problem that followed: it was already “too big to fail.”

The bug, in plain English

Technically, the attacker exploited a vulnerability called reentrancy. Translated to everyday terms:

Imagine an ATM whose code is written in the wrong order —

  1. You ask for $100.
  2. The ATM hands out the cash first.
  3. Then it updates your balance.

Fine in normal use. But if you could “jump in” between steps 2 and 3 and re-request “another $100,” the ATM would keep paying out until your balance finally caught up.

The DAO had a splitDAO function that roughly worked transfer first, update later, and Ethereum contracts can call back into other contracts when receiving ETH. The attacker wrote a malicious contract that “came back and asked again” before its balance got decremented, repeating the withdrawal until roughly 3.6M ETH sat in a child DAO they controlled.

A small but lethal bug. It taught the industry that “order of operations” in a smart contract isn’t a detail — it’s the whole game. That lesson still applies; pair it with basic on-chain security habits for the practical version.

A cracked smart-contract vault leaking tokens like a data stream

The 28-day delay: the hacker was frozen, the community started arguing

A lifesaver was baked into The DAO: child-DAO withdrawals had a 28-day delay before funds were spendable. So the stolen ETH wasn’t gone yet — it sat there, giving the community a window to fight over what to do.

And fight they did:

  • “Code is law” camp: whatever the contract executes is final; rolling it back betrays decentralization.
  • “Save the users” camp: 30% of 11.5M ETH in an attacker’s hands would shatter ecosystem trust overnight.
  • Soft-fork advocates: block transfers first, buy time to think.
  • Hard-fork advocates: just rewrite the ledger.

This was Ethereum’s first public governance crisis. A hard fork won — at the cost of splitting off ETC, the chain that refused to roll back. You can trace every later Ethereum governance debate, including those around Vitalik Buterin, back to those 28 days.

After the fork: one chain became two

The July 20 hard fork rolled back the stolen funds; DAO token holders could recover ETH pro rata through a new contract. Nodes that refused kept running the old client — Ethereum Classic (ETC) was born.

The split in a sentence each:

  • ETH (new chain): accepts the fork; treats user rescue as community consensus overriding strict code execution, just once.
  • ETC (old chain): “code is law”; would rather leave the funds with the attacker than rewrite the ledger.

Neither chain is “right” or “wrong” — they’re two answers to the same dilemma. Ever since, “code is law vs community consensus” gets dragged back into every major incident debate. You can see that thread running through DeFi exploits, bridge hacks, and stablecoin blowups in key events in crypto history.

A symbolic split railway track diverging into two glowing paths under a starry sky

Lessons that still matter today

Almost ten years later, the lessons from The DAO are about more than “be careful with smart contracts.” Spelled out:

  • Code isn’t God, but humans aren’t either. Every DeFi exploit since has proven: contracts have bugs, writers miss things, reviewers miss things. Audits, formal verification, gradual rollouts — all common sense post-DAO.
  • “Decentralization” is a matter of degree. When one contract holds 14% of a chain’s supply, “autonomy” gives way to “too big to fail” fast. The pattern echoes later, in a different shape, with the FTX collapse lessons.
  • Reentrancy is only one trap among many. The industry codified patterns like Checks-Effects-Interactions and reentrancy guards, but new classes of attack keep showing up. “Audited once” is not “safe forever.”
  • The cost of community governance is public arguing. A hard fork doesn’t end in unanimity — it ends in “majority approves + minority forks.” Expecting universal consensus is more naive than the chain split itself.
  • The ordinary user’s defense is diversification plus scrutiny. When a project locks an eye-popping sum, you don’t have to pile in. Read incident histories first; pair with common crypto misconceptions, busted.

Questions people still ask

  • Is ETC still around? Yes — smaller hashrate and market cap than ETH, but the community persists.
  • Did the attacker keep the money? Not on the ETH chain (funds were rolled back). On ETC, those funds remain theirs on paper, but cashing out into the real world is a different story.
  • Who was the hacker? Various investigations have pointed at different people; the community has never agreed on a final answer.
  • Was this Ethereum’s “original sin”? Depends on stance. Critics say it broke “code is law”; supporters say it proved the community could fix its own mistake.
  • Could it happen again today? In a different shape, yes — variants of the same contract bug and rescue debate keep playing out in DeFi.

Closing thought

The DAO isn’t just a “how much got stolen” story. It was Ethereum’s first real test of self-definition: what decentralization means, who gets the final word when code and justice collide, whether a community can live with splitting in two. There’s no settled answer, but the event left the industry a long-term reference point. Next time you see “code is law” or “let’s just hard fork it” being argued, revisit those two months in 2016 and the noise tends to clear. This article is historical education, not investment advice. </content>

This article is for education only and is not financial advice. Crypto is volatile and risky — only ever risk what you can afford to lose.

Latest

Myths

Why Nine Out of Ten 'Insider Tips' Are Traps

"I have insider info" is the cheapest and most common opening line in crypto. Strip away the packaging and the real structure is almost never sharing — it's a carefully designed exit-liquidity funnel.

 Exchange Safety

Why Is Storing Crypto Long-Term on an Exchange So Risky? Lessons Before the Next Blow-Up

Leaving coins on an exchange is convenient and looks normal. But "long-term" on an exchange is a thing that has blown up repeatedly in this industry. This article lays out why it remains unsafe.

 Mindset & FOMO

Why You Should Not Flex Your PnL in Telegram Groups, and What It Actually Costs You?

Posting a PnL screenshot in a TG group feels like 5 seconds of pride, then 5 minutes of peer attention, then potentially 5 months of being targeted, copied, or kidnap-budgeted. This piece splits "why not to flex" into four layers — security, mindset, social, execution — and shows the bill on each.

 Asset Security

What the $284M Trezor Phishing Wave Teaches Hardware Wallet Users

The early-2026 Trezor phishing wave drained roughly $284M without breaking a single chip. It stole something simpler — users' trust in "official" email. Here is how the chain worked and what to do about it.

 Asset Security

Is My Wallet Actually Safe? How to Run a Thorough Self-Audit on Your Own

Most people only feel their wallet is "probably fine" and never sit down to verify. This article walks through a self-audit you can run alone — covering seed phrases, approvals, signatures, devices and asset distribution.

 Asset Security

Your Exchange KYC Data Got Leaked — Now What?

You wake up to find you're on yet another exchange KYC leak list. What to do in the first hours, what defenses to build long-term? This piece is an ordered checklist focused on "protect assets first, identity next, habits last."