Skip to main content
Sign in
The DAO Hack 20161 decision on this page

Audit log

Every state-changing event for The DAO Hack 2016: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-06-01 17:49:44Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,640,516
    sig
    3nDDBBLGVH6x…DPXy1wS2explorer ↗
    hash
    4Ka66uhYcZqN…USvDc5K6sha256 → base58
    verifying row…full verify ↗
    canonical bytes (21099 B) ▸
    {"actor":"system:backfill","investigation_id":"cf4fc863-726e-492a-a76a-c6e4b303cdcd","kind":"publish","page_slug":"the-dao-hack-2016","published_at":"2026-06-01T17:49:44.475Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"The DAO Hack 2016","sections":[{"content":"The DAO (Decentralized Autonomous Organization) was conceived and built by Slock.it, a German blockchain startup co-founded by brothers Christoph Jentzsch and Simon Jentzsch. Christoph Jentzsch, serving as CTO of Slock.it, principally authored the open-source smart contract code that governed The DAO. It was designed as a decentralized, investor-directed venture capital fund with no conventional management structure or board of directors — all investment proposals and governance decisions were to be managed on-chain through token holder votes. The DAO launched its token sale on April 30, 2016, with a 28-day crowdfunding window. The campaign raised over $34 million by May 10, surpassed $100 million by May 15, and ultimately accumulated more than 11.5 million ETH — valued at over $150 million — from more than 11,000 participants by May 21, 2016. This made it the largest crowdfunding campaign in history at that point.","heading":"Background and Fundraise","severity":"medium","sources":[{"credibility":2,"name":"The DAO - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/The_DAO_(organization)"},{"credibility":2,"name":"The DAO Raises More Than $117 Million In World's Largest Crowdfunding To Date - Bitcoin Magazine","type":"news_article","url":"https://bitcoinmagazine.com/business/the-dao-raises-more-than-million-in-world-s-largest-crowdfunding-to-date-1463422191"},{"credibility":2,"name":"DAO Hack Explained: How a Vulnerability Split Ethereum - Gemini Cryptopedia","type":"other","url":"https://www.gemini.com/cryptopedia/the-dao-hack-makerdao"}]},{"content":"On June 17, 2016, an attacker began draining ETH from The DAO's smart contract by exploiting a reentrancy vulnerability — the first major reentrancy attack in Ethereum history. The flaw resided in The DAO's token-splitting and withdrawal logic: when a user called the splitDAO() function to exit, the contract sent ETH to the caller before updating its internal balance records. By deploying a malicious contract that recursively re-called the withdrawal function before the state update occurred, the attacker could drain ETH in a continuous loop. The attacker exploited this to transfer approximately 3.6 million ETH — roughly one-third of all funds held by The DAO — into a \"child DAO\" they controlled. At the time, this represented approximately $50–70 million USD. The attack was noticed in real time by community members and the ETH price fell from approximately $20 to $13 within hours. Days before the attack, Cornell professor Emin Gün Sirer and colleagues had published \"A Call for a Temporary Moratorium on The DAO,\" warning explicitly of the recursive-call vulnerability. Despite these warnings, no patch was deployed in time. The attacker published an open letter on June 18, 2016, claiming their actions were a legitimate use of a \"feature\" in The DAO's code and asserting a law firm had confirmed no U.S. criminal liability, though this framing was widely rejected by the community.","heading":"The Reentrancy Exploit (June 17, 2016)","severity":"critical","sources":[{"credibility":2,"name":"Reentrancy Attacks and The DAO Hack Explained - Chainlink","type":"research","url":"https://blog.chain.link/reentrancy-attacks-and-the-dao-hack/"},{"credibility":2,"name":"DAO Hack Explained - Gemini Cryptopedia","type":"other","url":"https://www.gemini.com/cryptopedia/the-dao-hack-makerdao"},{"credibility":2,"name":"The DAO - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/The_DAO_(organization)"},{"credibility":3,"name":"An Open Letter to the DAO Community (attacker statement) - Pastebin","type":"other","url":"https://pastebin.com/CcGUBgDG"},{"credibility":2,"name":"CoinDesk Turns 10: 2016 - How The DAO Hack Changed Ethereum and Crypto","type":"news_article","url":"https://www.coindesk.com/consensus-magazine/2023/05/09/coindesk-turns-10-how-the-dao-hack-changed-ethereum-and-crypto"}]},{"content":"The hack triggered a deep philosophical and political schism in the Ethereum community. One faction argued that the Ethereum blockchain's defining principle was immutability — that code is law, the attacker had exploited a bug that existed in a deployed contract, and intervening to reverse on-chain transactions would fundamentally undermine trust in the platform. The opposing faction, including much of the Ethereum Foundation, argued that the scale of the theft, representing approximately 5.6% of all ETH in circulation at the time, justified an extraordinary intervention to protect investors and preserve the nascent ecosystem. The Ethereum Foundation organized a community coin vote to gauge support for a hard fork. Approximately 5.5% of the total ETH supply participated in the vote, with roughly 80% of voters supporting the hard fork. Critics noted the low turnout and questioned whether a coin vote adequately represented the full community. The vote's result was used to set the hard fork as the default option in the updated client release.","heading":"Community Debate: Bailout vs. Immutability","severity":"high","sources":[{"credibility":2,"name":"Ethereum Classic - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/Ethereum_Classic"},{"credibility":2,"name":"Classic History - Ethereum Classic","type":"official","url":"https://ethereumclassic.org/knowledge/history/"},{"credibility":2,"name":"CoinDesk Turns 10: How The DAO Hack Changed Ethereum and Crypto","type":"news_article","url":"https://www.coindesk.com/consensus-magazine/2023/05/09/coindesk-turns-10-how-the-dao-hack-changed-ethereum-and-crypto"}]},{"content":"The Ethereum hard fork activated at block 1,920,000 on July 20, 2016. The fork executed an irregular state change that transferred approximately 12 million ETH from the attacker's \"Dark DAO\" and a \"Whitehat DAO\" (holding rescued funds) into a WithdrawDAO recovery contract, from which original DAO token holders could reclaim their ETH. Approximately 85% of Ethereum miners adopted the forked chain. However, a portion of miners and community members refused to upgrade and continued mining the original, unforked chain. This chain was subsequently branded \"Ethereum Classic\" (ETC) and listed on the Poloniex exchange under the ETC ticker on July 24, 2016, surviving predictions that it would quickly become abandoned. By the time of the fork announcement, approximately 4.5 million ETH had already been returned to token holders through the recovery contract, with an additional 463,000 ETH held by a designated curator.","heading":"The Ethereum Hard Fork and Creation of Ethereum Classic","severity":"high","sources":[{"credibility":1,"name":"Hard Fork Completed - Ethereum Foundation Blog","type":"official","url":"https://blog.ethereum.org/2016/07/20/hard-fork-completed"},{"credibility":2,"name":"Ethereum Executes Blockchain Hard Fork to Return DAO Funds - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2016/07/20/ethereum-executes-blockchain-hard-fork-to-return-dao-funds"},{"credibility":2,"name":"Ethereum Classic - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/Ethereum_Classic"},{"credibility":2,"name":"Classic History - Ethereum Classic","type":"official","url":"https://ethereumclassic.org/knowledge/history/"}]},{"content":"On July 25, 2017, the U.S. Securities and Exchange Commission issued a Report of Investigation concluding that DAO tokens were securities under Section 2(a)(1) of the Securities Act of 1933 and Section 3(a)(10) of the Securities Exchange Act of 1934, applying the Howey test. The SEC found that DAO token holders invested money (ETH) in a common enterprise with a reasonable expectation of profits derived primarily from the managerial efforts of Slock.it and the Curators who screened investment proposals. The report noted that DAO token holders had limited practical ability to exercise meaningful control, as they were widely dispersed with limited communication channels. While the SEC declined to bring enforcement action in this particular case, it explicitly warned that other digital token offerings could qualify as securities under the same analysis, and that exchanges facilitating trading in such tokens must register as national securities exchanges unless exempt. The report was a landmark regulatory moment establishing that securities law applies to digital assets regardless of the technology used.","heading":"SEC Investigation and Securities Determination","severity":"critical","sources":[{"credibility":1,"name":"SEC Issues Investigative Report Concluding DAO Tokens Were Securities - SEC.gov","type":"regulatory","url":"https://www.sec.gov/newsroom/press-releases/2017-131"},{"credibility":1,"name":"Report of Investigation Pursuant to Section 21(a) - SEC.gov (full PDF)","type":"regulatory","url":"https://www.sec.gov/files/litigation/investreport/34-81207.pdf"},{"credibility":2,"name":"SEC Report of Investigation Concludes that DAO Tokens Were Securities - National Law Review","type":"news_article","url":"https://natlawreview.com/article/sec-report-investigation-concludes-dao-tokens-were-securities"}]},{"content":"The identity of the DAO attacker was not publicly confirmed in 2016 or for years afterward. In February 2022, crypto journalist Laura Shin published the book \"The Cryptopians\" along with an accompanying Forbes article naming Toby Hoenisch — a 36-year-old Austrian-born programmer, co-founder, and former CEO of Singapore-based crypto debit card company TenX — as the alleged attacker. Shin's investigation was conducted with assistance from blockchain analytics firm Chainalysis, which used then-novel de-mixing technology to trace a 50 BTC transaction through a Wasabi Wallet mixer to four exchanges and ultimately to wallets linked to Hoenisch. A further chain of evidence pointed to the stolen ETH being swapped for privacy coin Grin and withdrawn to a Grin node identified as grin.toby.ai — a domain and handle Hoenisch used across multiple platforms including Twitter (@tobyai). Shin also reported that Hoenisch had prior familiarity with The DAO's codebase, having communicated with Slock.it about vulnerabilities. Hoenisch denied the allegations in an email to Shin, stating \"your statement and conclusion is factually inaccurate,\" but did not follow up with the promised rebuttal evidence. No criminal charges have been filed against Hoenisch. The identification remains alleged and unconfirmed by law enforcement.","heading":"Alleged Attacker Identity","severity":"high","sources":[{"credibility":2,"name":"New research claims to identify the man who hacked The DAO - The Block","type":"news_article","url":"https://www.theblock.co/post/135017/new-research-claims-to-identify-the-man-who-hacked-the-dao"},{"credibility":2,"name":"Former Crypto CEO Denies Responsibility for $11 Billion Ethereum DAO Hack - Decrypt","type":"news_article","url":"https://decrypt.co/93547/crypto-ceo-denies-11-billion-ethereum-dao-hack"},{"credibility":2,"name":"TenX CEO Toby Hoenisch Named as $11 Billion Ethereum DAO Hacker - BeInCrypto","type":"news_article","url":"https://beincrypto.com/tenx-ceo-toby-hoenisch-named-as-11-billion-ethereum-dao-hacker/"},{"credibility":2,"name":"New Book Claims to Have Identified the Hacker Behind a Massive $11 Billion Crypto Theft - Gizmodo","type":"news_article","url":"https://gizmodo.com/hacker-behind-11-billion-crypto-theft-believed-identif-1848577454"}]},{"content":"The DAO hack is widely regarded as the most consequential security incident in Ethereum history and the event that defined reentrancy attacks as the canonical vulnerability class in smart contract development. The hack prompted the introduction of the checks-effects-interactions pattern as a Solidity development standard: contracts must update their internal state before making external calls, preventing recursive re-entry. OpenZeppelin subsequently developed the ReentrancyGuard modifier, which became a standard inclusion in production DeFi smart contracts. The incident effectively launched the blockchain security auditing industry — major DeFi projects now routinely undergo multiple third-party code audits before launch, a practice that was nearly non-existent prior to 2016. The philosophical debate over the Ethereum hard fork remains unresolved and continues to inform discussions about blockchain governance, protocol immutability, and the role of social consensus in decentralized systems. Ethereum Classic persists as a live network, representing the \"code is law\" minority position. The SEC's 2017 DAO report became a foundational regulatory document for the classification of digital assets and ICO enforcement actions in subsequent years. Reentrancy attacks have continued to cause over $1 billion in cumulative DeFi losses in the years since, underscoring the lasting relevance of the original vulnerability.","heading":"Legacy and Industry Impact","severity":"medium","sources":[{"credibility":2,"name":"Reentrancy Attacks and The DAO Hack Explained - Chainlink","type":"research","url":"https://blog.chain.link/reentrancy-attacks-and-the-dao-hack/"},{"credibility":2,"name":"CoinDesk Turns 10: 2016 - How The DAO Hack Changed Ethereum and Crypto","type":"news_article","url":"https://www.coindesk.com/consensus-magazine/2023/05/09/coindesk-turns-10-how-the-dao-hack-changed-ethereum-and-crypto"},{"credibility":3,"name":"Understanding the DAO Hack: Lessons from 2016 - Clovr","type":"other","url":"https://www.clovr.com/blog/dao-hack/"}]}],"sources_used":[{"credibility":2,"name":"The DAO - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/The_DAO_(organization)"},{"credibility":2,"name":"Ethereum Classic - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/Ethereum_Classic"},{"credibility":1,"name":"SEC Issues Investigative Report Concluding DAO Tokens Were Securities","type":"regulatory","url":"https://www.sec.gov/newsroom/press-releases/2017-131"},{"credibility":1,"name":"SEC Report of Investigation (full PDF) - 34-81207","type":"regulatory","url":"https://www.sec.gov/files/litigation/investreport/34-81207.pdf"},{"credibility":1,"name":"Hard Fork Completed - Ethereum Foundation Blog","type":"official","url":"https://blog.ethereum.org/2016/07/20/hard-fork-completed"},{"credibility":2,"name":"Ethereum Executes Blockchain Hard Fork to Return DAO Funds - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2016/07/20/ethereum-executes-blockchain-hard-fork-to-return-dao-funds"},{"credibility":2,"name":"CoinDesk Turns 10: 2016 - How The DAO Hack Changed Ethereum and Crypto","type":"news_article","url":"https://www.coindesk.com/consensus-magazine/2023/05/09/coindesk-turns-10-how-the-dao-hack-changed-ethereum-and-crypto"},{"credibility":2,"name":"Reentrancy Attacks and The DAO Hack Explained - Chainlink","type":"research","url":"https://blog.chain.link/reentrancy-attacks-and-the-dao-hack/"},{"credibility":2,"name":"DAO Hack Explained: How a Vulnerability Split Ethereum - Gemini Cryptopedia","type":"other","url":"https://www.gemini.com/cryptopedia/the-dao-hack-makerdao"},{"credibility":2,"name":"New research claims to identify the man who hacked The DAO - The Block","type":"news_article","url":"https://www.theblock.co/post/135017/new-research-claims-to-identify-the-man-who-hacked-the-dao"},{"credibility":2,"name":"Former Crypto CEO Denies Responsibility for $11 Billion Ethereum DAO Hack - Decrypt","type":"news_article","url":"https://decrypt.co/93547/crypto-ceo-denies-11-billion-ethereum-dao-hack"},{"credibility":2,"name":"TenX CEO Toby Hoenisch Named as $11 Billion Ethereum DAO Hacker - BeInCrypto","type":"news_article","url":"https://beincrypto.com/tenx-ceo-toby-hoenisch-named-as-11-billion-ethereum-dao-hacker/"},{"credibility":2,"name":"New Book Claims to Have Identified the Hacker Behind a Massive $11 Billion Crypto Theft - Gizmodo","type":"news_article","url":"https://gizmodo.com/hacker-behind-11-billion-crypto-theft-believed-identif-1848577454"},{"credibility":2,"name":"Bitcoin Magazine - The DAO Raises More Than $117 Million In World's Largest Crowdfunding","type":"news_article","url":"https://bitcoinmagazine.com/business/the-dao-raises-more-than-million-in-world-s-largest-crowdfunding-to-date-1463422191"},{"credibility":2,"name":"Classic History - Ethereum Classic","type":"official","url":"https://ethereumclassic.org/knowledge/history/"},{"credibility":2,"name":"National Law Review - SEC Report Concludes DAO Tokens Were Securities","type":"news_article","url":"https://natlawreview.com/article/sec-report-investigation-concludes-dao-tokens-were-securities"},{"credibility":3,"name":"An Open Letter to the DAO Community (alleged attacker statement) - Pastebin","type":"other","url":"https://pastebin.com/CcGUBgDG"},{"credibility":1,"name":"Fortune - Ten years after Ethereum's DAO disaster","type":"news_article","url":"https://fortune.com/2026/04/28/ten-years-after-ethereums-dao-disaster-its-time-to-try-again/"}],"summary":"The DAO was a decentralized autonomous organization launched on Ethereum in April 2016 that raised approximately $150 million in ETH — the largest crowdfund in history at the time. On June 17, 2016, an unknown attacker exploited a reentrancy vulnerability in its smart contract code, draining approximately 3.6 million ETH (roughly $60–70 million at the time). The incident led to a contentious Ethereum hard fork on July 20, 2016, splitting the chain into Ethereum (ETH) and Ethereum Classic (ETC), and triggered the SEC's 2017 finding that DAO tokens were unregistered securities.","timeline":[{"date":"2016-04-30","event":"The DAO token sale launches on Ethereum, built by Slock.it (Christoph and Simon Jentzsch). A 28-day crowdfunding window opens.","source":"The DAO - Wikipedia","source_url":"https://en.wikipedia.org/wiki/The_DAO_(organization)"},{"date":"2016-05-15","event":"The DAO surpasses $100 million raised, marking the largest crowdfund in history at that time.","source":"The DAO - Wikipedia","source_url":"https://en.wikipedia.org/wiki/The_DAO_(organization)"},{"date":"2016-05-21","event":"The DAO token sale closes, having raised over 11.5 million ETH (~$150 million) from more than 11,000 participants.","source":"Bitcoin Magazine","source_url":"https://bitcoinmagazine.com/business/the-dao-raises-more-than-million-in-world-s-largest-crowdfunding-to-date-1463422191"},{"date":"2016-06-09","event":"Emin Gun Sirer and colleagues publish 'A Call for a Temporary Moratorium on The DAO,' identifying the recursive-call vulnerability that would later be exploited.","source":"CoinDesk / Fortune","source_url":"https://fortune.com/2026/04/28/ten-years-after-ethereums-dao-disaster-its-time-to-try-again/"},{"date":"2016-06-17","event":"An unknown attacker begins draining The DAO via a reentrancy exploit, recursively calling the splitDAO() withdrawal function before state updates occur. Approximately 3.6 million ETH (~$50-70M) is transferred to a child DAO controlled by the attacker.","source":"Chainlink Blog / Gemini Cryptopedia","source_url":"https://blog.chain.link/reentrancy-attacks-and-the-dao-hack/"},{"date":"2016-06-18","event":"The alleged attacker publishes an open letter claiming their actions constituted use of a legitimate 'feature' in The DAO's code. ETH price drops from ~$20 to ~$13.","source":"Pastebin open letter / CoinDesk","source_url":"https://pastebin.com/CcGUBgDG"},{"date":"2016-07-20","event":"The Ethereum hard fork activates at block 1,920,000, executing an irregular state change that transfers ~12 million ETH from the attacker's child DAO into a recovery contract. Approximately 85% of miners adopt the forked chain.","source":"Ethereum Foundation Blog","source_url":"https://blog.ethereum.org/2016/07/20/hard-fork-completed"},{"date":"2016-07-24","event":"Poloniex lists the original, unforked Ethereum chain as Ethereum Classic (ETC), the first exchange to recognize the minority chain.","source":"Ethereum Classic History","source_url":"https://ethereumclassic.org/knowledge/history/"},{"date":"2017-07-25","event":"The U.S. Securities and Exchange Commission issues its Report of Investigation concluding that DAO tokens were securities under federal law, applying the Howey test. No enforcement action is brought but the report warns future token issuers.","source":"SEC.gov Press Release","source_url":"https://www.sec.gov/newsroom/press-releases/2017-131"},{"date":"2022-02-22","event":"Journalist Laura Shin publishes 'The Cryptopians' and an accompanying Forbes article, alleging — based on Chainalysis blockchain forensics — that TenX co-founder and former CEO Toby Hoenisch was the DAO attacker. Hoenisch denies the claim.","source":"The Block","source_url":"https://www.theblock.co/post/135017/new-research-claims-to-identify-the-man-who-hacked-the-dao"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 28d171d2-2f1b-4ed0-a342-de104c46d494
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.