DAO got hacked to the tune of $150M and hacker used recursive Ethereum to send the exploit.
Wait a second what is this all about DAO, Ethereum , recursive etc . why cant we keep our lives simple in security world. Well unfortunately we can’t more technological growth we shall find more complexity and security events are expected this is more of a vicious pattern to continue to continue till a some Messiah technology arrives in this world.
What is DAO? Why is this security event so unique and special in my view?
The DAO is a digital decentralised autonomous organisation and a form of investor-directed venture capital fund. Its main purpose is to provide a new decentralized business model for organizing both commercial and non-profit enterprises. It has been instantiated on the Ethereum blockchain, and has no conventional management structure or board of directors. The code of the DAO is open-source.
DAO is stateless and not tied to any particular nation. As a result question of which countries regulation would apply to it is currently unclear. DAO was formed through a Token sale in May 2016. As a blockchain-enabled organization, The DAO is completely transparent: everything is done by the code, which anyone can see and audit. The DAO is intended to operate as “a hub that disperses funds (currently in Ether, the Ethereum value token) to projects. Investors receive voting rights by means of a digital share token;they vote on proposals that are submitted by “contractors” and a group of volunteers called “curators” check the identity of people submitting proposals and make sure the projects are legal before “whitelisting” them. The profits from the investments will then flow back to its stakeholders.
The DAO does not hold the money of investors; instead, the investors own DAO tokens that give them rights to vote on potential projects. Anyone can pull out their funds until the time they first vote.
The DAO’s reliance on Ether has allowed people to send their money to it from anywhere in the world without providing any identifying information.
In order to provide an interface with real world legal structures, the founders of The DAO established a Swiss-based company, DAO.Link, registered as a SARL (Société à Résponsabilté Limitée, “the Swiss version of an LTD”) in Switzerland, apparently co-founded by Slock.it and Neuchatel-based digital currency exchange Bity SA. According to Jentzsch, DAO.Link is in Switzerland because Swiss law allows it to “take money from an unknown source as long as you know where it’s going.”
In May 2016 the plan called for The DAO to invest Ether in ventures it would back (contractors) and to receive in return “clear payment terms” from contractors. The organizers of the DAO promoted the DAO as providing investors in the DAO a return on their investment via those “clear payment terms” and they warned investors there is “significant risk” that the ventures funded by the DAO may fail.
Risks included attacks unknown attack vectors and from programming errors. Additional risks noted included the lack of precedence in regulatory and corporate law; how governments and their regulatory agencies would treat The DAO and contracts it makes was unknown. There was also a risk that there would be no corporate veil protecting investors from individual legal and financial liability for actions taken by The DAO and by contractors in which The DAO invested. It was unclear if The DAO was selling securities, and if it was, what type of securities those might be.
Additionally, to function in the real world, contractors would likely need to convert the invested Ether into real world currencies. In May 2016, attorney Andrew Hinkes said that those sales of Ether would be likely to depress the value of Ether.
The code behind The DAO had several safeguards that aimed to prevent its creators or anyone else from mechanically gaming the voting of shareholders to win investments.However, this would not prevent the making of fraudulent profitability projections, and in addition a paper cited a “number of security vulnerabilities