The night "code is law" cracked
The DAO had raised about 12.7 million ETH from \~11,000 investors, making it the largest crowdfund in history at the time. The stolen amount was worth around $60 million at that day's price.
This was not a server breach, a leaked key, or a phishing scam. The contract did exactly what its code said. The problem was that the code did not do what its authors intended. That is precisely why The DAO became not just the biggest theft of Ethereum's early era, but a turning point - the moment the industry first seriously asked: what does "security" even mean in a world where code executes automatically and irreversibly?
Exactly ten years later, in 2026, the story came full circle - a fitting moment to unpack what it taught Ethereum.
What The DAO was, and where the hole was
The ambition: a corporation without people
The DAO was conceived as a decentralized venture fund: investors contribute ETH, receive tokens, and vote on which projects to fund. No directors, no lawyers - just a smart contract. The idea was described by Christoph Jentzsch, CTO of the German company Slock.it, in a white paper that explicitly promised to "automate governance and decision-making."
The hole: reentrancy
The vulnerability that doomed The DAO is called reentrancy. The withdrawal function was built in a fatal order:
- The contract first sent the requester their ETH;
- And only then updated their internal balance.
The attacker created a contract that, the moment it received ETH, recursively called the withdrawal function again - and again, and again - before the balance could be zeroed out. The contract dutifully paid out against the "not yet debited" balance as many times as it was asked.
It is like an ATM that hands over cash but only writes the withdrawal into the ledger after you walk away - and if you can stick your hand back in fast enough, it hands you more.
A curious detail: the stolen ether did not vanish instantly. Under The DAO's rules, the funds landed in a "child DAO" with a mandatory holding period of about 28 days before withdrawal. That pause gave the community time to react - and triggered the most bitter dispute in Ethereum's history.
The schism: the hard fork and the birth of Ethereum Classic
The community faced a question with no "right" answer.
Option A - do nothing. The blockchain is immutable; code is law. Yes, investors lost money, but that is the whole point: the rules are not rewritten after the fact.
Option B - hard fork. Rewrite the blockchain's history as if the theft never happened, and return the funds to investors.
After a vote on carbonvote.com (in which only a small fraction of all ether participated), the community chose the fork. On July 20, 2016, at block 1,920,000, the network split in two:
- Ethereum (ETH) - the new chain where the theft was "undone." It was adopted by the majority, including the Ethereum Foundation.
- Ethereum Classic (ETC) - those who refused to touch history, preserving the principle of absolute immutability.
The split was not technical but philosophical, and it lives on. Ethereum Classic still exists today: with a hard supply cap of 210.7 million coins (since 2017) and on a Proof-of-Work algorithm. After Ethereum moved to Proof-of-Stake in 2022, ETC became the largest PoW smart-contract platform, absorbing the displaced miners.
The central paradox: in saving investors, Ethereum violated the very principle of immutability it was built on. Bitcoin was a response to the 2008 bank bailouts - and here the crypto community staged a bailout of its own.
How the hack rewrote development culture
The DAO was a painful inoculation. Here is what changed over ten years.
1. The Checks-Effects-Interactions pattern
The most direct lesson: change state first, make external calls second. Today the Checks-Effects-Interactions pattern and reentrancy guards (mutexes) are basic literacy that any junior Solidity developer knows. What was an invisible trap in 2016 gets caught on the first review in 2026.
2. Audits as an industry
Before The DAO, "smart contract audit" sounded exotic. Today it is a market with dozens of firms - Trail of Bits, Hacken, Cyfrin, OpenZeppelin - and an unwritten rule: you do not ship to mainnet without an audit. A serious protocol goes through several independent reviews before launch.
3. Formal verification leaves academia
If an audit hunts for bugs, formal verification mathematically proves their absence relative to a given specification. Until recently this was a researcher's luxury. Today it is an emerging standard:
- Certora open-sourced its prover under GPLv3, democratizing proof-of-correctness.
- Slither (Trail of Bits) ships 90+ vulnerability detectors, Cyfrin's Aderyn has 100+ with direct IDE integration, and Medusa brought parallel fuzzing.
- In March 2026, Nethermind explicitly called formal verification a "security baseline" rather than a best practice - especially in a world of zk-proofs, where a contract cannot be patched after deployment.
4. Bug bounties and account abstraction
The Ethereum Foundation launched a dedicated bug bounty for account abstraction (ERC-4337) with payouts up to $250,000 for critical vulnerabilities. Account abstraction itself (smart-contract wallets, EIP-7702) is an attempt to build security and usability directly into the account layer.
5. AI arrives in security
By 2026 the circle closed technologically too: Uniswap is adopting AI-assisted security review, tools like AuditAgent are emerging, and Certora is experimenting with an AI Composer that checks AI-generated code against safety rules before execution.
The bitter irony: defenses improved, losses grew
Here is the uncomfortable truth of the decade. Despite all the progress, the amounts stolen only went up:
- Ronin Network (2022) - $615 million, compromised validator keys.
- Euler Finance (2023) - $197 million via a flash-loan attack.
- Bybit (February 2025) - $1.46 billion, the largest theft in history: a spoofed signing interface on a cold wallet.
- KelpDAO (April 2026) - $292 million: the attacker tricked a LayerZero contract into making the bridge release 116,500 rsETH, triggering a domino effect across DeFi and a run on Aave.
According to Chainalysis, around $3.4 billion was stolen from the crypto industry in 2025, with the lion's share going to North Korean groups (TRM Labs estimates the DPRK accounted for up to 76% of all losses in 2026).
The key shift: The DAO was a flaw in contract logic, while most modern hacks are no longer reentrancy at all. Today funds are stolen through compromised keys, social engineering, vulnerable bridges, and spoofed signing interfaces. The industry learned to write secure code - but the threat frontier moved toward people, infrastructure, and cross-chain links.
That does not mean reentrancy is dead: the 2023 Curve Finance hack (\~$70 million via a Vyper compiler bug) showed the old ghost returns in new disguises - such as read-only reentrancy.
Full circle: The DAO returns in 2026
The most symbolic twist arrived at the ten-year mark. It turned out that around 75,000 ETH tied to The DAO (overpayments, burned tokens, the ExtraBalance contract) had sat unclaimed for nearly a decade, informally managed by volunteer curators.
In January 2026, Griff Green - the same person who coordinated the White Hat Group rescue effort in 2016 - announced the launch of the DAO Security Fund: these dormant assets, having appreciated to roughly $220 million, are being deployed to strengthen Ethereum's security, with $13.5 million going to grants via DAO mechanisms.
Money lost to a security hole is, ten years later, being spent to make sure such holes never happen again. You could not write a better epilogue.
What we learned in ten years
- Irreversibility is a double-edged sword. It is both the guarantee of trust and the thing that makes any mistake fatal.
- "Code is law" is a beautiful slogan that breaks against reality. When hundreds of millions are at stake, the human community steps in anyway. The only question is whether it admits it honestly.
- Security is a process, not a property. Audits, formal verification, bug bounties, and AI reduced the risk of code bugs - but attackers simply moved to new targets.
- The most expensive lessons were paid for in real money. And sometimes, as with the DAO Security Fund, that same money comes back to protect the next generation.
The DAO did not kill Ethereum - it hardened it. The network that today secures trillions of dollars in DeFi and tokenized assets grew out of that June night in 2016, when it became clear: writing code for money is not the same as writing code for apps.
This article is based on public sources: Wikipedia (The DAO, Ethereum Classic), Christoph Jentzsch's white paper (Slock.it), the 2017 SEC 21(a) report, Gemini Cryptopedia, CryptoBriefing (10th anniversary, June 2026), CoinDesk and Decrypt (DAO Security Fund, January 2026), Gitcoin (TheDAO Security Fund), Chainalysis (Crypto Theft 2025), TRM Labs (2026), Immunefi and Cyfrin (reentrancy), ethereum.org and Nethermind (formal verification), and reporting on the Ronin, Euler, Bybit, and KelpDAO hacks.


