The DAO hack at 10: From $50 million exploit to a $130 million Ethereum security fund

Ten years ago yesterday, The DAO was hacked, draining millions of ether (ETH) from what was, at the time, the largest crowdfunding event in history, and ultimately forcing Ethereum's most consequential decision: a hard fork that split the chain into Ethereum and Ethereum Classic.

The DAO had been built by German blockchain firm Slock.it under developer Christoph Jentzsch, raising roughly 12 million ETH, about $150 million at the time, from more than 11,000 investors in a token sale that closed less than three weeks before the attack.

On June 17, 2016, a then-unidentified attacker exploited a reentrancy bug in The DAO's splitDAO function, repeatedly draining ether before the contract could update its balances.

Roughly 3.6 million ETH, about a third of the fund, ended up in a "child DAO" carrying a 28-day withdrawal lock, the delay that gave the Ethereum community room to respond.

A loose group of developers, known as the White Hat Group, including The DAO's community manager, Griff Green, raced to drain the remaining vulnerable funds into contracts they controlled, an unprecedented rescue carried out in full view on a live blockchain.