Canada
Deutsch
Español
Português
Written By 
Published 
Last Updated 
The 2016 DAO hack is one of the most pivotal moments in the history of Ethereum and decentralized finance (DeFi). More than just a security breach, it catalyzed a philosophical debate about immutability, consensus, and governance in blockchain systems — one that still shapes protocols in 2025.
In this updated guide, we’ll walk through what happened during the DAO hack, how Ethereum responded, and what lessons developers and users continue to learn almost a decade later.
What Was “The DAO”?
In early 2016, a project simply known as The DAO (Decentralized Autonomous Organization) launched on Ethereum. Created by Slock.it, The DAO aimed to operate as a fully decentralized venture fund, governed by token holders and executed via Ethereum smart contracts.
Key features of The DAO:
- Raised over $150 million worth of ETH in its initial token sale
- Promised a voting mechanism for funding proposals
- Had no central authority or traditional legal structure
At the time, The DAO was the largest crowdfunding campaign in history, sparking immense excitement about the future of decentralized governance.
What Caused the DAO Hack?
The DAO was launched before the ecosystem had mature standards for smart contract auditing or security. Unfortunately, it contained a critical vulnerability — specifically, a re-entrancy bug in the withdraw function.
🛠 How the Re-Entrancy Exploit Worked:
- The attacker created a malicious contract that repeatedly called The DAO’s withdraw function.
- Instead of updating the attacker’s balance before the transfer, The DAO contract sent the ETH first.
- The attack contract immediately re-called withdraw() before its balance was updated.
- This loop repeated multiple times, draining ETH with each pass.
By the end, approximately 3.6 million ETH (worth ~$60 million at the time) had been siphoned into a “child DAO” controlled by the attacker.
DAO Hack Timeline: Key Dates
- April 2016 – DAO fundraising launches
- May 2016 – Security experts raise concerns about smart contract vulnerabilities
- June 17, 2016 – The DAO is exploited via the re-entrancy bug
- June 18–July 14, 2016 – Community debates options: do nothing, hard fork, or soft fork
- July 20, 2016 – Ethereum executes a hard fork to return the stolen funds
Ethereum Fork: ETH vs ETC
The DAO exploit split the Ethereum community in two:
- Ethereum (ETH): Chose to reverse the attack via a hard fork and return funds to the original investors.
- Ethereum Classic (ETC): Maintained the “code is law” philosophy, refusing to roll back any transaction history.
To this day, both chains still exist:
- ETH is Ethereum’s dominant fork, hosting DeFi, NFTs, and Layer 2s.
- ETC preserves the original, immutable blockchain.
This split raised philosophical questions:
Should a blockchain ever intervene, even in the face of catastrophic loss?
Key Security Lessons from the DAO Hack
1. Smart Contract Audits Are Non-Negotiable
Today, all major DeFi projects undergo multiple third-party audits. Back in 2016, security review was limited and informal.
2. Re-Entrancy Protection Is Essential
The DAO hack helped standardize checks-effects-interactions and the use of Reentrancy Guards in Solidity.
3. Upgradability and Governance Tools
Modern DAOs use proxy contracts and time-locks to allow safe upgrades and community votes, reducing risk exposure.
4. Immutability vs Human Intervention
The hack forced the crypto community to confront hard questions about governance, decentralization, and intervention ethics.
The DAO’s Legacy in 2025
While The DAO itself never relaunched, its core ideas inspired:
- Modern DAOs like MakerDAO, Aave DAO, Uniswap DAO
- DAO tooling platforms like Aragon, Snapshot, Tally
- Legal frameworks for DAOs in Wyoming (U.S.) and Liechtenstein
In 2025, billions of dollars are governed by DAOs, and many use multi-sig wallets, governance tokens, and smart contract fail-safes to prevent DAO-style failures.
Looking Ahead: DAO Governance & Security in 2025
Today’s DAOs are far more sophisticated than their 2016 ancestor. Key upgrades include:
- Modular contract frameworks with layered permissions
- Formal verification tools for smart contracts (e.g., Certora, OpenZeppelin Defender)
- Cross-chain DAOs using bridges and Layer 2 interoperability
But as DAO treasuries continue to grow, they remain prime targets for attack. Projects must balance decentralization with proactive risk management.
FAQ: DAO Hack & Ethereum History
What was the DAO hack in simple terms?
It was a security breach in 2016 where an attacker exploited a smart contract bug to siphon over 3.6 million ETH from a decentralized fund.
How did Ethereum fix the DAO hack?
Ethereum developers and the community voted to hard fork the blockchain, effectively undoing the hack and returning funds.
What is the difference between Ethereum and Ethereum Classic?
Ethereum (ETH) reversed the DAO hack; Ethereum Classic (ETC) did not. ETH supports modern DeFi and NFTs, while ETC remains a purist chain.
Is another DAO hack likely today?
While possible, it’s much less likely due to improved auditing, re-entrancy protections, and more secure contract standards.
Are DAOs still used in 2025?
Yes. DAOs are now a mainstream governance model in DeFi, NFT communities, and even traditional organizations.
Can smart contracts be changed after launch?
Usually not. However, many smart contracts now use proxy patterns that allow for upgrades with community approval.
🏁 Final Thoughts
The DAO hack was a defining event that shaped how we approach blockchain governance, security, and philosophy. Nearly a decade later, its legacy lives on — not as a cautionary tale, but as a foundation for today’s more resilient DAOs.
In 2025, the DeFi ecosystem is built on the scars and lessons of early experiments like The DAO. And while the tech has evolved, the same core principles — trust, transparency, and community governance — remain at the heart of Web3.
