We emailed Slock.it to ask about the Blog post Stephen Tual posted indicating that the exploit that was eventually used to steal over 3 million ether from the DAO fund had been fixed. We mentioned this issue in our last article. They did not directly address that concern but did give us this statement, indicating that the DAO “experiment” is over. The statement was apparently sent to other media outlets as well.
“Basically, ‘The DAO”s journey is over but all funds are safe. The concept of DAO however continues to live on. The DAO is a brilliant – and I mean that literally- social experiment. It attracted so many good people. The response was unbelievably positive.Nothing was lost, and thanks to the support of the community, everyone moving to a contract where they can only withdraw their funds.Thanks to a process called a ‘fork’ resulting from coordination with the Ethereum Foundation, all stolen funds will be retrieved from the attacker. The same ‘fork’ process will make it possible for The DAO ether to be transferred to a smart contract which only contains a withdraw function. Since no money in the DAO was ever spent, and nothing was stolen, nothing was lost.Longer version:About 15 hours ago someone exploited a bug in a design pattern the programming language for Ethereum, Solidity.This person using the attack to drain the funds from the DAO.We’re assessed the situation with the community, experts in the field, the Ethereum Foundation, miners and exchanges. The whole community has come together on this one to fight the attack.We saw a strong mobilization of the entire community: and what’s important here is that this was not an attack on the DAO, but an attack on Ethereum itself considering that a) The DAO was its flagship application b) 14% of all ether was contained inside the DAO c) the attack was only possible due to a design pattern commonly used across all smart contracts in Ethereum.The DAO doesn’t belong to anyone but the token holders. Yet, to have people from outside that community coming together to help shows the project is important to the ecosystem and that the ecosystem will help its own.Furthermore, having the exchanges involved could mean the attackers could be traced and prosecuted.Thank you.”
And so, seemingly, this marks the end to the DAO experiment. The concept of Decentralized Autonomous Organizations will undoubtedly rise again, hopefully with a stronger emphasis on security, but this first attempt has fallen on its face. The only thing to do now is wait to see if they can fulfill their promise of returning investor funds.
We will have more as it breaks.