
The DAO: How a $60M Hack Split Ethereum in Two
On April 30, 2016, The DAO launched on Ethereum — a decentralized investment fund structured as a DAO (decentralized autonomous organization): every investment decision was made by token-holder vote, with no board and no central management. Over a three-week token sale, The DAO raised more than $150 million from over 11,000 participants — the largest crowdfund in history at the time.
On June 17, 2016, an anonymous attacker exploited a flaw in the smart contract: a recursive call to the withdrawal function let them request funds repeatedly within a single transaction, before the contract updated its internal balance. The exploit drained roughly 3.6 million ETH — about a third of the entire fund, worth around $60 million at the time, The Block reports.
The Ethereum community split into two camps: one pushed for a hard fork that would technically "undo" the hack by moving the stolen funds to a recovery contract; the other argued that rewriting blockchain history for a single incident contradicted the entire idea of immutability — "code is law." On July 20, 2016, at block 1,920,000, the hard fork went live with 85-89% voter support. Those who refused to adopt it stayed on the original chain, which became known as Ethereum Classic, while the forked version kept the Ethereum name.
The upshot: ten years later, in 2026, the unclaimed funds from the original recovery mechanism — 70,500 ETH from the ExtraBalance contract and 4,600 ETH from the curators' multisig, about $130 million at current prices — are being turned into an Ethereum Security Fund. It's overseen by seven curators, including Ethereum co-founder Vitalik Buterin and former MetaMask security lead Taylor Monahan, with staking yield (roughly $8 million a year) funding security research, tooling, and incident response.
Griff Green, one of The DAO's original creators in 2016, admits: "We've been stuck in a rut for the last six years," referring to how far ordinary crypto users' basic security literacy still has to go. Marcin Kazmierczak of RedStone frames the industry's security paradox this way: "It doesn't remove trust, it just moves it" — from code to the people who write and review that code.
This article is for informational purposes only and does not constitute investment advice.

Author
Mike RobinsonNews feed editor
I'm constantly writing about crypto, Bitcoin, and altcoins. I cover a variety of topics related to the virtual currency market.
Comments (0)
No comments yet — be the first!
Related news

How a Defective Random Number Generator Drained $5M From Wallets

Web3 Lost $1.31B in H1 2026 — Breaking Down CertiK's Report
