Museum Wire
Law 0 · Katie's LawEvery system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.Law I · Boundary CollapseWhen data crosses into a system that interprets structure, without being constrained, it becomes executable.2026 IncidentAxios. 70 Million Downloads a Week. North Korea Inside.Law II · Ambient AuthorityWhen a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.AXM-001Set Theory — Membership, Boundaries, and BelongingLaw III · Transitive TrustWhen a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.2026 IncidentClaude Code — The Accept-Data-Loss FlagLaw IV · Complexity AccretionSystems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.Law V · Temporal CouplingCode that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.2026 IncidentCopy Fail — 732 Bytes to Root on Every Linux DistributionAXM-002Boolean & Propositional Logic — True, False, and the Excluded MiddleLaw VI · Observer InterferenceWhen the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.2025Amazon Kiro — The 13-Hour Outage2025Operation Chrysalis: The Notepad++ Supply Chain Hijack2025Replit Agent — The Vibe Code Wipe2025Shai-Hulud — The npm Worm That Ate Its Own Ecosystem2024Air Canada Chatbot — The Policy That Wasn't2024Change Healthcare — One-Third of US Healthcare, One Missing MFA2024CrowdStrike — The Security Update That Broke the World2024Google Gemini Image Generation — The Six-Day Pause2024XZ Utils — The Two-Year Infiltration20233CX — The Supply Chain That Ate Another Supply Chain2023Amazon Prime Video — The Per-Frame State Machine2023Bing Sydney — The Chatbot That Went Rogue2023Samsung ChatGPT Leak — The Employee Who Pasted the SecretEFFODE · LEGE · INTELLEGELaw 0 · Katie's LawEvery system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.Law I · Boundary CollapseWhen data crosses into a system that interprets structure, without being constrained, it becomes executable.2026 IncidentAxios. 70 Million Downloads a Week. North Korea Inside.Law II · Ambient AuthorityWhen a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.AXM-001Set Theory — Membership, Boundaries, and BelongingLaw III · Transitive TrustWhen a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.2026 IncidentClaude Code — The Accept-Data-Loss FlagLaw IV · Complexity AccretionSystems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.Law V · Temporal CouplingCode that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.2026 IncidentCopy Fail — 732 Bytes to Root on Every Linux DistributionAXM-002Boolean & Propositional Logic — True, False, and the Excluded MiddleLaw VI · Observer InterferenceWhen the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.2025Amazon Kiro — The 13-Hour Outage2025Operation Chrysalis: The Notepad++ Supply Chain Hijack2025Replit Agent — The Vibe Code Wipe2025Shai-Hulud — The npm Worm That Ate Its Own Ecosystem2024Air Canada Chatbot — The Policy That Wasn't2024Change Healthcare — One-Third of US Healthcare, One Missing MFA2024CrowdStrike — The Security Update That Broke the World2024Google Gemini Image Generation — The Six-Day Pause2024XZ Utils — The Two-Year Infiltration20233CX — The Supply Chain That Ate Another Supply Chain2023Amazon Prime Video — The Per-Frame State Machine2023Bing Sydney — The Chatbot That Went Rogue2023Samsung ChatGPT Leak — The Employee Who Pasted the SecretEFFODE · LEGE · INTELLEGE
Keyboard Navigation
W
A
S
D
or arrow keys · M for map · Q to exit
← Back to Incident Room
2016breachPublic

The DAO — The $60 Million Function Call

An attacker exploited a reentrancy vulnerability in The DAO's smart contract to drain approximately 3.6 million Ether (~$60 million), triggering a hard fork of the Ethereum blockchain that split the community.

2 min read
Root Cause

The DAO's withdrawal function sent Ether to the caller before updating the internal balance. The attacker's contract implemented a fallback function that re-called the withdrawal function before the balance was updated, draining the contract in a recursive loop.

Aftermath

The Ethereum community voted to hard-fork the blockchain to reverse the theft, creating Ethereum (the forked chain) and Ethereum Classic (the original chain). The event established that 'immutable' blockchain code is only as immutable as the community's willingness to let consequences stand.

The Incident

On June 17, 2016, an attacker began draining funds from The DAO — a decentralized autonomous organization built on Ethereum that had raised $150 million in the largest crowdfunding campaign in history at that time. Over several hours, the attacker siphoned approximately 3.6 million Ether, worth roughly $60 million.

The Root Cause

The DAO's smart contract had a withdrawal function that followed this sequence: (1) check the caller's balance, (2) send the requested Ether to the caller, (3) update the caller's balance to reflect the withdrawal. The vulnerability was in the ordering: the Ether was sent before the balance was updated.

When the DAO's contract sent Ether to the attacker's contract, the attacker's contract contained a fallback function that was automatically triggered by the incoming payment. This fallback function immediately called the DAO's withdrawal function again — before the first withdrawal had updated the balance. The DAO checked the balance (still unchanged), sent more Ether (triggering the fallback again), and the cycle repeated. The attacker recursively drained the contract until the child DAO's balance was depleted.

The vulnerability — sending value before updating state — was a known risk in Solidity development at the time. The checks-effects-interactions pattern (check conditions, update state, then interact with external contracts) had already been documented as the correct approach.

The Aftermath

The Ethereum community faced a choice: accept the theft and preserve the blockchain's immutability, or fork the blockchain to reverse the transaction and recover the funds. After contentious debate, the community voted to fork. The forked chain became Ethereum. The original chain — where the attacker kept the funds — became Ethereum Classic.

Why It Matters

Immutable code on a blockchain means bugs are permanent. There is no patch, no hotfix, no rollback — unless the entire community agrees to rewrite history. The DAO hack proved that "code is law" is an aspiration that breaks on contact with a $60 million theft. And the fix — a hard fork — created a precedent that divided the community: if you can reverse one theft, what stops you from reversing anything?

Techniques
reentrancysmart contract vulnerability