In this episode, we interview Matthew Leising, formerly reporter of Bloomberg news between 2004-2021.
Now the co-founder of DeCential Media, and author of a great book:
Out of the Ether: The Amazing Story of Ethereum and the $55 Million Heist that Almost Destroyed It All
Matt made his book available as a special edition, as an NFT collection at outoftheether.net.
We cover the story of Ethereum of the early years, up to the DAO hack which would define the Ethereum governance for years to come, and it would be one of the most important events that defined the Ethereum ecosystem.
Thanks Matt for joining this conversation, it’s a pleasure to have you here.
Thank you for putting together such a book that is Out of The Ether. Which is the story of the DAO, the Decentralized Autonomous Organization hack, but it’s way more than that. It’s the story of Ethereum in the early days, in the early years, it’s an incredible story.
So the effort that went into the book for the people that will be reading it, it’s incredible. So thanks for taking the time. But so, let’s start from there.
- What prompted you to cover Ethereum?
- How did Vitalik Buterin got to actually create Ethereum in the first place?
- Can you tell us a little bit about the early days of Ethereum?
- What happened with the Ethereum crowdsale?
- And at that point who were the people around the project? Like from the initial people that we saw before, who was left after the crowd sale?
- What happened next? How did the hack happen? Was there also intrinsic weakness of the code? What happened there?
- Do you think it’s possible that this attack was made by two different people or group of people? Or was it the same … was done by the same person or group of people?
- Did you eventually manage to understand if there was a person that was in charge of these attack?
- What happened next? So how did eventually Ethereum and Vitalik Buterin solve the situation? So what happened?
- But especially Wood, Gavin Wood, which had played such a key role, what happened next? There was an important, I think, point in which he split from the project and started to work on his own, what happened there?
- And to close this up, what’s next for you? Are you planning a sequel or at least what’s interesting for you in the ecosystem, the crypto system?
What prompted you to cover Ethereum?
Yeah, of course. So I’ve been a reporter my whole life, a lot of that was spent at Bloomberg News and I was covering Wall Street and finance went through the financial crisis and all of that as a reporter. And my beat was market structure, which is like, how do markets work? What’s the kind of regulation that people are facing? Legislation is there, does this market need to be updated? So I was covering that for the derivatives market and the bond market for Bloomberg for many years.
So once I finally understood what blockchain technology was, I realized it could really change the things that I was writing about. And this was around the same time that Wall Street was starting to wake up to that Bitcoin wasn’t just a cryptocurrency, it had this blockchain technology that for the first time allowed you to engage in trustless transactions with anyone around the world, which was transformative.
So that was in 2015, I started covering blockchain as part of my beat, like I said, Wall Street was getting involved, so it was a really good time to write about it because there was a lot of interest, and to be honest not a lot of people knew much about it. So it was fun to just learn and write as I went along. So, it started just with blockchain in general, and then Ethereum had just been released in 2015, I didn’t start paying attention to it until early 2016 because there was this project that everyone was getting excited about called the DAO, it’s the Decentralized Autonomous Organization.
And I’ve written it, that’s a terrible name come up by coders that is meant to scare children in the night. But basically what this was, was, in traditional finance you have venture capital firms that have money and they want to find startups to invest in, to help them grow their business and get off the ground, and then also have an investment stake in these companies that they can then sell for lots of profit later. It’s a classic Silicon Valley model. And so the DAO was that sort of model, but just in a blockchain form.
So what it was, was a smart contract where you could send your ether, the cryptocurrency that’s used in Ethereum is called ether. You send your ether into this contract and you get tokens back. These tokens would then allow you to vote on projects that would make presentations to the members of the DAO. So it’s a big pot of money that was meant to help develop startups that would were building for the Ethereum ecosystem.
So, pretty good idea, it’s not like it’s a new idea, but it was a new format. And what happened was, they raised way more money than they ever thought they would. The people who created it were in Germany and they thought maybe five, 10 million would come in. By the time the fundraising stopped, it was at 150 million. And of course that’s ether, that’s in a contract so it goes up and down as ether goes up and down in value. So a few months later, by June of 2016, the amount of ether in the DAO had risen to about $250 million.
So a quarter of a billion dollars was sitting in this smart contract and it got hacked. There was a lot of security bugs and issues that had been already pointed out by a lot of people in the industry, but this hack was new and nobody had exactly exploited it until the hackers did. They got away with $55 million and it started this whole big process that I’m sure we’ll get into. But, that really just grabbed my attention and I ended up writing a magazine story about it and talking to the people involved, and the hackers that were good guy hackers and bad guy had.
And the good guy hackers all came together and made sure that the rest of the money in the DAO was safe, and it was just a fascinating story, I really just loved digging into it. So, that kind of sent me on my way, and I used that magazine story to write a book proposal, and that’s how I figured the story of the DAO hack and what happened in the aftermath is so dramatic that it would make a great way to spread that throughout the book and then have other chapters about where did Ethereum come from? Who are the people who invented it? What is it all about? And so that turned into my book out of the ether, and here we are today.
Yeah, interesting. And you emphasize an important point which is, the DAO it’s, let’s say the story as you tell it, and then it’s sort of the end of the story of probably, hey, Ethereum in the first phase. So Ethereum of the early days, because after that, as we’ll see, as a consequence of actually the DAO hack, the most important decision that Ethereum meant to make going forward was whether to split the blockchain protocol with the soft or hard fork, and there was an extremely important decision, which changed the way the community would be handled forever.
And of course the final decision as we see was an hard fork, which means that now there was a different protocol which went in a different direction which was Ethereum Classic. But before we get to that, what’s the context back then, how did the main character of the story, of course, which is Vitalik Buterin.
How did Vitalik Buterin got to actually create Ethereum in the first place?
Yeah. So Vitalik is a fast person, he’s obviously off the charts smart. And one thing that I learned that was really interesting in doing the reporting for the book is I went to his high school in Toronto where he grew up, and I talked to his teachers and I talked to the principal of the high school and, they still had nothing but glowing things to say about him. And you would imagine he’d be really good in math and maybe science, and probably say he’s a great programmer. But he also excelled in Greek and in Chemistry, and in basically every class he had.
And he was going to an elite high school in Toronto for kids who were super smart to begin with because, the public school system just was boring to him, it wasn’t challenging. So he’s a bit of a Renaissance man. He’s also a really good writer, he excelled in English. And so he has a very broad educational background and after his dad introduced him to Bitcoin, and I think it was, I’m not going to say the year because I’m going to get it wrong.
But his dad introduced him to Bitcoin and Vitalik became fascinated with it. Because it combined his love of programming and economics and math through the cryptography. And so, the problem was he was a broke teenager in high school and didn’t have any money to buy Bitcoin, so he looked around and figured out that he could write about it and get paid in Bitcoin. So he started doing that through a blog called Bitcoin Weekly. And then later after some of his articles got published, a guy named Mihai Alisie reached out to him and said, “Hey, let’s start a magazine.”
And so they started a Bitcoin Magazine and the articles are still up by Vitalik in Bitcoin Magazine and they’re really good. And so he was getting paid in Bitcoin and was getting to dig into this thing that he loved. But what happened was, soon he realized that Bitcoin was great, but he felt that it was limited. Because what Bitcoin does really well is it allows you to move value from one point to another. So, you and I could be you trading Bitcoin between our wallets anywhere in the world. It’s not really built for much more than that, the code is limited.
And so after a while that frustrated Vitalik, and he saw the potential of this underlying global network of computers that forms a consensus layer and allows decisions to be made. And he thought, I want to do something more with that. So he came up with the idea of Ethereum, which is basically a blockchain network that employs something called a smart contract, which is just a bunch of code, it’s just a program. But it now allows you to do whatever you want. So and of course you can move currency around, you can move ether around but, you can also create a contract to sell a coin to people to raise money like we were talking about, called an initial coin offering.
So if you’ve got a startup and you want to try to raise money, you can do that through Ethereum by saying, hey, here’s my idea, buy my coin and that money will help develop the idea and then I’ll deploy it to the network. It allowed for NFTs to be created, non-fungible tokens, which have been going crazy lately where it’s a piece of digital art, or maybe it’s a piece of music, or whatever it is, it’s a digitized thing that is authenticated and validated by the blockchain, which makes it have scarcity.
And so it could now be traded and collected, and have a value like anything in the real world. So what he did was give the world a canvas with Ethereum and then said, here paint what you want on this canvas. And so it was groundbreaking and Ethereum has become the most used blockchain in the world. And it’s been a huge success and really, I think, at its core goes back to Vitalik’s innate mastery of all these different subjects that he’s so good in, and it was something that, I think somebody with that temperament had to create.
Yeah, interesting. And for a bit of a timeline here, I found the white article of course, and also referenced, I think in your book where most probably Vitalik Buterin was introduced to Bitcoin for sure in 2011. And the same year he started, as you said, just to give a little bit of context how things evolved to the audience. There he started to publish on a weekly magazine or to earn some money, but to earn actually some cryptocurrency because he wanted to get involved as much as possible into the project.
From there, I think the magazine, this weekly magazine a certain point it went … actually it closed. And so he also later on founded his own magazine. And also it’s interesting because I believe the first version of the Ethereum white paper would come along around like 2015 and there was really this grandiose idea, as you said, to build a different kind of blockchain protocol where it was more like the most, bad word to use, its work computer. But really it was more like, let’s develop a language instead of applications.
So instead of having a thinking process where you develop APIs, with those APIs you can just do limited things, Vitalik Buterin thought, let’s develop the whole language. And with this all sort of language, we can enable anyone to do anything on top of this application. And it’s very interesting this point because, later on in the story and in Valley Source interviews of vital Buterin, he himself was very actually surprised about some of the applications. Because there are some applications that he was very interested about, and one of those is definitely the DAO, the Decentralized Autonomous Organization, and another one it’s ENS, so the Ethereum Name System.
But he was also very surprised by new applications like NFTs. I mean, probably he also thought those were things that were very weird, had things that were created on top of the blockchain. But there was the whole approach, I guess, of the Ethereum, so enabling application. So the platform approach rather than just saying, this is what the protocol is about. And that’s what makes it very interesting, and what also drew me to look into it a few years ago. So I wanted to emphasize this point.
And another element it’s of course about, again, the evolution of Ethereum and the people that really helped shape it in the early days. Can you tell us a little bit more about the team more. So especially the initial co-founders, what happened there, because the study is so interesting that it would be nice to dig a little bit deeper into that.
Can you tell us a little bit about the early days of Ethereum?
Yeah, sure. So, Vitalik wrote his white paper at the end of 2012 and sent it out to people. At first he was nervous, he didn’t know how it would be received, he was expecting to get a lot of criticism. But actually the opposite occurred. He got a lot of people saying, this is amazing, and how can I help? So, he started gathering people around him who would become the co-founders of Ethereum, obviously Vitalik was there. He knew that he needed coders to help him write the actual code.
And what he wanted to do from the beginning was, write it in different languages, so different programming languages. So there was going to be the Go clients, there was going to be Python, and I believe it was C was the other one. So, Gavin Wood reached out to him and Jeff Wilke reached out to him. They’re both brilliant programmers. And so they joined the group and started writing the language, the Ethereum code in the different languages. Of course you need money for a startup so, there were a couple people who reached out to Vitalik that were able to support the project early with their own funding.
The first was Anthony Di Iorio, who was a Canadian entrepreneur and real estate owner, and he had done a lot of things in his life, but he had also found Bitcoin quite early and made a lot of money through it. So, he got introduced to Vitalik through the white paper and wanted to join and said, “Hey, I can help fund this development.” The other person with some money was named Joe Lubin. He had been a software engineer at Goldman Sachs and had run a hedge fund, and was a bit older than most of the other people in this group.
So, he had money as well, and had already discovered Bitcoin, and thought that the decentralized nature of the network that it enabled was going to change the world. So, he was very excited about the Ethereum project. There was Mihai Alisie, who was also a co-founder who Vitalik knew, of course through Bitcoin Magazine. They were friends, I would say the only friend that Vitalik had in the group was Mihai. There was Charles Hoskinson who was introduced … Anthony Di Iorio brought Charles in. Because Anthony wasn’t too technical, but he knew Charles through some work they had done together and he passed the white paper on to Charles and said, “Hey, what do you think of this?”
And Charles has a good background in programming and thought that it definitely had a lot of potential. Charles of course, went on to form Cardano, which we can get onto later. And then the last one was a man named Amir Chetrit, who had met Vitalik when Vitalik was traveling through Europe and Israel on his journey to understand whether Bitcoin could be changed into something that was more flexible or whether he had to create something new like Ethereum.
So, I don’t think I’ve forgotten anybody, those are the co-founders that Vitalik gathered around him, and they all met for the first time in Miami in January about, let’s see in 2013, so nine, is that nine years ago? They were there for the North American Bitcoin conference where Vitalik presented the Ethereum white paper.
Interesting. And those are all, as you’re also recounting the book, those are all interesting characters. And just to mention a few of them of course, for instance as the example of Charles Hoskinson, he would later on develop, actually co-found Cardano, and Gavin Wood which was the main developer actually initially, probably was one of the few developers around, the few technical people around as he was the one who actually developed from scratch, the main language behind the Ethereum protocol.
Still today if you want to build on top of it, of course, I guess you have to really program in the language that Gavin Wood developed, and they later on will still go on and co-found, build up another protocol, which is Polkadot. Anyhow, the way things evolved were quite interesting, and it was initially also a debate which was about whether to set up the project as a corporation versus a foundation, which I think it’s also important because it tells us a little bit the different views between the various people within the project.
Yeah. That was one of the first sticking points among the group, they all got together in January for the first time, and then the conference was a big success and they went their separate ways but agreed to meet up again in a few months when Anthony Di Iorio was going to be hosting a convention in Toronto for blockchain. And so, the group came back to Toronto in a few months and the big question was, as you said, do they want to form a corporation, what they refer to as crypto Google? Or do they want to form a nonprofit, which they call crypto Mozilla?
Mozilla is the nonprofit, of course, behind the Firefox browser. And so, there was a definite split amongst the group. People like Anthony and Charles Hoskinson and Amir Chetrit , were definitely interested in the profit potential here, and wanted the profit to be maximized. Vitalik and Mihai I think were definitely more of the foundation, nonprofit mindset, and wanted it to be open source. And so that split the group. But the decision basically was made that they would go forward as a nonprofit.
And so, very early into the project there was already riffs that were appearing and people were maybe, I think Anthony has said, he always thought that he was in this to create a company, create a corporation. And he had seen what Bitcoin could do and realized that with Ethereum, he was in on the ground floor of something that he considered to be a $1 billion enterprise, which of course it is that many times over. But I think Vitalik held a lot of sway, and the idea of having a foundation and a nonprofit won the day, and that’s how Ethereum has been ever since.
Yeah, this is a very important step, and of course among the interesting people I forgot to mention also the key role that Joe Lubin played because Joe Lubin had the main role actually was, not only was probably the oldest of the group but, he was also the most of them, between them, the one grounded in enterprise. So he was also the one who actually started the right on to enable the usage of Ethereum at enterprise level, something that probably Vitalik Buterin didn’t pay attention initially, because of course he had this vision that Ethereum to democratize and go as wide as possible.
But Joe Lubin vision, especially in the short term, was extremely important as with consensus he started to partner up with the enterprise to actually enable the adoption at enterprise level of blockchain. And this is a very smart move. Because as we know, in many cases when new technologies come to market, it’s very hard for them to prove successful at consumer level right on, you want to work first on solidly the enterprise level projects and when this proves to be successful, then you can move on and go down the supply chain, the market, so you can scale up. So definitely also he played a key role.
And as you said, the final choice was the foundation. Because the foundation, it was more like we are Mozilla rather than we are a corporation like Google, and this was an extremely important point. And the divergence of views between especially Buterin and Hoskinson, which wanted right on, I think, to look for VC, investment from venture capitalists, was a wide divergence which later on would also end up in a bad way for Hoskinson, which as we’ll see, would be, let’s say, kicked out from the project.
What happened in the days going to the crowd sale? And also, can you remind us really how Ethereum managed to, because, I think that is where also the DAO enters into the picture. Because Ethereum had to actually go through the crowd sale. So it had to figure out how to sell to the public without being also classified as a security.
What happened with the Ethereum crowdsale?
Well, yeah, the timing on this is funny because, they thought they might be able to do a crowd sale very soon after the Miami Bitcoin conference, so that would have been January of 2013. They quickly learned that there were a lot of security laws to pay attention to, as you mentioned, they didn’t want to run a foul of the securities and exchange commission in the United States, or regulators in Europe. They were also looking for a place to have their headquarters to a jurisdiction. And they looked around a few places in Europe and in Asia, but decided on Zug in Switzerland, because it’s got very favorable tax laws, and they felt that it was, regulatory wise, it was a good move.
So that’s going on at the same time as their consulting lawyers about what they want to do, this is a role where Joe Lubin was very important because he had experience in the business world, anthony Di Iorio was involved in this as well. So basically what they thought would take couple of weeks, ended up taking more than a year because they really just wanted to get everything in place on a legal front, and then also technically they were, this was very early in the blockchain space so you have to remember, they were going to sell ether coins for a Bitcoin, and the ether would be distributed at a later date.
So what you had to do was basically ensure that the wallet that you’re offering people to send their Bitcoin to is secure. So they had to build a lot of systems from scratch that didn’t exist at that point. And that took time as well. And they wanted to do that right because the last thing they wanted was to raise a bunch of Bitcoin to fund Ethereum development and then have it get hacked, or to lose it in some manner. So, all of that took time and it was in the summer, I believe, that they had a window in 2014, in mid 2014 where you could buy ether for a Bitcoin, and the price started at one point and then went up slowly until the crowd sale ended.
They ended up brazing, I think around 22 or $24 million in the crowd sale. And then it wasn’t another year then the next year was spent really diving into the coding and making sure that Ethereum could launch in 2015, which it did.
There was definitely an intense period, and as you said, it’s funny to think they thought already they would do it at the time of the Miami Bitcoin Conference, instead it took them quite some time to figure out how to really make sure they could do the crowd sale without incurring into legal issues. And I guess, of course one thing that also helped was the fact that Ethereum was considered a utility token.
Well, yeah, I should say, it’s funny the SEC did come out later and say that they thought Ethereum was a security, but they chose not to do anything about it. One reason they’ve said that they’ve given for that is they think that it became sufficiently decentralized over time. Another funny thing about the crowd sale is, they had all this Bitcoin and they didn’t hedge the money they raised, they kept it in Bitcoin and Bitcoin was actually falling at that time, at the end of 2014 it dropped quite a bit by almost by half, I think.
So they lost quite a bit of the money that they raised by not selling their Bitcoin. There’s definitely … Joe Lubin was involved here and he’s a staunch believer in Bitcoin and in crypto, and wanted to keep it in Bitcoin. When Vitalik found out about that he’s like, no, we got to stop these losses. So he got involved and they started selling so that they eventually ended up with somewhere, I think 12 to 14 million was what they were left with to fund the project after having raised somewhere around 22 to 24 million.
And at that point who were the people around the project? Like from the initial people that we saw before, who was left after the crowd sale?
So after the decision to go nonprofit, like I said, rifts had formed there. Because none of these people knew each other, the only people who knew each other, well, I shouldn’t say that, the group didn’t know each other. Charles and Anthony knew each other, and of course Vitalik knew Mihai. But the group dynamic was starting to develop where Gavin Wood in particular was upset that there were people who were non-technical in leadership roles. He thought that the project should be run by the people writing the code.
Anthony Di Iorio was upset with the decision to go in a, in a nonprofit direction. Amir Chetrit, people didn’t really know what he was doing, he was involved with the project in Israel, and he seemed more dedicated to that. And at one point, at least one point he said to people directly, “I’m in this for the money.” Which didn’t sit well with the other co-founders. Charles Hoskinson was one of the younger members of the co-founding team and he has a way of rubbing people the wrong way a lot of times.
He was telling people that he was Satoshi Nakamoto, the inventor of Bitcoin. He was trying to convince people of that. He would tell stories that he had ties to the CIA, that he had a limp in his leg from jumping out of a Black Hawk helicopter in Afghanistan. Obviously none of this was true. And so the group and the people around the group just were feeling uneasy about that and so, everything kind of came to a head in the summer of 2013. They had their headquarters in Zug and they had a big house that they were renting. It was a very luxurious house, had an elevator in it and it was large and modern. And that was another point of contention.
Anthony Di Iorio was in Toronto and felt like there was a developing rift between the people in Toronto on the Ethereum team and the people in Switzerland. So, basically Vitalik called a meeting of everyone and they all gathered in the Zug house. And had a long meeting where everybody gathered around the table, and everybody aired their grievances and they didn’t mince words, as I was told by the people who were around that table. And basically the only person that everyone trusted was Vitalik at that point.
So he had a decision to make, and he went out on the balcony and paced around for quite a while, before coming in and announcing that he was firing Charles Hoskinson and Amir Chetrit. So they would no longer be co-founders. They got very nice exit packages, I guess you could call them, it was several hundred thousand ether were promised to them for their efforts for six months of work. So, wouldn’t feel too bad for them, but it was the first personnel shakeup in the Ethereum group, and there would be many more to come.
And so only six months into the project, there was already a lot of personal politics involved and maneuvering, and this was all something that was very new to Vitalik and to quite a few of the other members who didn’t have a lot of experience in the business world at that point in their careers.
Yeah. And also it’s worth pointing out, they were all very young. They were all very young people also, Vitalik by the time at probably 19, 20 years old. And, so it was not an easy decision to make for Vitalik at the time. And on the other side, this paranoia which developed for some of the team members like Hoskinson as well was also the result, I guess, of many young dudes living altogether for many months in a very intense period where, yes, there were very few technical people doing the actual work, getting good, and then there were also many other who were doing other stuff, which was way less technical.
And these points are also very important point that we are going to probably look at, see later, especially when it comes to Gavin Wood and the role that he played later on. But how did we go to the hack? What happened next? So Ethereum goes to the crowd sale, it is very successful, one of the most successful ones, I guess, since Bitcoin actually, even more successful, I guess, of Dutch Coin. It’s interesting the point in order that they lost money by having the money locked into Bitcoin for a while.
weakness-of-the-code-what-happened-there">What happened next? How did the hack happen? Was there also intrinsic weakness of the code? What happened there?
So, the crowd sale all happened in the summer of 2014. By late August, I think it was late August, 2015, Ethereum was ready to go live. They were done with the coding, they had done a lot of work. Gavin, Jeff and Vitalik all had been in Berlin together testing and making sure that the clients … the thing is when you write in different computer languages you need them to talk to each other and one client has to understand that this message is exactly the same from another client, and they have to agree on everything.
So it takes a lot of testing and working out bugs and things like that to get them all on the same page. So August, 2015 they launch it and so now it’s live. And so what do you do next? Well, there wasn’t a whole lot of projects in the early days and so Ethereum just cruised along for the rest of that year, towards the end of 2015. But there was a developer who worked on Ethereum was named Christoph Jentzsch. And he was the guy that would … he was basically testing the code that Gavin and Jeff and Vitalik was writing, and he’d try to break it.
So he was a very, very smart developer and smart coder and was helping to make sure that the code that these guys were writing was good and solid. And so, he had an idea to use Ethereum to create a smart lock, is what they called it. So it would be a lock, like let’s say on a bike, that would be connected to the Ethereum blockchain. And if you’re, say you’re in Amsterdam and you want to get a bike, you come up to the bike and it’s on the street, and you scan a QR code, and that takes you to the Ethereum blockchain and you deposit a little bit of ether into that contract, it gets processed, and then the lock on the bike now opens, you can take the bike and right around Amsterdam for say an hour or two hours, whatever you paid for.
So, he had this idea, he started developing it and went around to people. Everyone was very interested, seemed like a great kind of application to use Ethereum for. So of course like any startup he needed money to develop the project. And so he was thinking about like, how do I develop, or how do I raise money? And, as he was thinking it through, he realized that everybody that he knew in Ethereum who was trying to build these new applications was in the same boat, they all needed money.
So rather than every one of those different startups raising money on its own he thought, why don’t we make this one thing that can raise a whole bunch of money for everybody, and then projects will get chosen for funding by a voting mechanism. And that was his early idea for the DAO. So he was at Slockit, it was the name of the company that was developing the smart lock and they, basically put the idea for the DAO together, released that to the community, and it was widely popular because everybody saw the utility in having one common fundraising tool.
And so, again, like I said at the beginning, they started raising money, they got way more money than they ever thought they would, and Christoph was terrified of this because, it was his code, it was his project, and he was just really worried that something was going to go wrong. So, what happened was, while there were many bugs that were pointed out in the DAO code prior to it going live, there were fixes that were made, but the project had too much momentum, I think is the way people characterize it now for anyone to try to say, hey, let’s take a break, let fix this code and make sure that it’s perfect before we go live with it.
That didn’t happen and there was a bug in the code that Christoph wrote, incredibly enough it comes at line 666 in the code for the DAO contract, which was a detail that I could not believe was true when I found that out. And what it allowed, if you knew how to exploit it, it basically allowed an attacker to come in and take money out of the big pot of money and then recycle it so that you could then do that attack again and come back over and over again, to drain money out of the DAO.
It’s a very elegant attack and I go into quite a bit of detail in the book about it. It’s a two stage attack. And what was fascinating is that, the way the DAO code was written by Christoph was, if you wanted to leave, let’s say you had bought DAO tokens and wanted to participate but then for whatever reason you wanted to get your money back and you were like, just for whatever reason you wanted to leave the DAO, you could but there was a process you had to go through where there was a number of days you had to wait to get your money out of the DAO.
And so the attacker, the hacker who exploited the bug had to go through this same process. So basically had somewhere right around 30 days where the money was sitting in a contract still within the DAO but the attacker couldn’t get that out until 30 some days later. So it’s one of those little quirks that I found so fascinating in this story was like, you basically robbed the bank, but you’re sitting there in the bank for like a month before you can go and get it in your getaway car, and drive off.
So this quirk of the code gave the Ethereum community time to decide what to do about the fork, or excuse me, about the hack, and it allowed … the money wasn’t actually gone yet so, other kind of famous, or fascinating details to me makes this like no other heist that I’ve ever come across.
Yeah. And there was nothing also they could do actually to stop it at that point, once the money was ready to go out, even if the hacker was supposed to wait, still there was nothing that they could do to stop it!
That’s right. Yeah that’s one that made Christoph so nervous was he knew, once he put the code out into the world for the DAO contract, it’s very hard to change that code. You basically have to get the community and everyone who’s running the code on their computers to do an upgrade or an update, and change the code and that’s very difficult. It takes a lot of time. And, so if there’s a hack, you can exploit that hack within hours. Whereas to change the bug and the software would take days or weeks, or maybe even months.
So, they had their hands tied behind their back about fixing the bug and what they actually did, the good guy hackers who came in to secure the money that hadn’t been stolen, that was remaining in the DAO contract, they used the same flaw in the code to get the money out. So, they basically went on Twitter and said, “Hey, we are draining the DAO, don’t panic, we’re good guys.” And so-
Yeah, they called themselves the Robinhood group. Because that was the name they gave themselves in the chat group that formed on the day of the hack to coordinate this. Because you had people in Germany, you had people in the UK, you had people in Brazil, you had people all over the world and so they had to coordinate through a chat. And yeah, so they came to me known as the Robinhood group.
What was the main language behind Ethereum and why was it so important?
That’s right. So solidity is the code that smart contracts are written in? So the DAO contract is written in solidity. Of course then underlying the Ethereum network is written in the different languages that I’ve mentioned like, today it’s like GATH is a big one, it’s the Go client. There’s other languages that actually are the infrastructure layer of the blockchain. So the problem with the DAO was not in Ethereum itself, it was in the smart contract. So the bug was in the code of the smart contract that Christoph created to run the Dow.
So it was not like the underlying infrastructure was compromised, it was more like the layer on top of it, which was the DAO, was actually compromised.
Yeah. And we’ve seen that in many other smart contracts over the years, there have been many bugs that have been exploited by people for various means. I can’t think of an example when Ethereum itself was the problem, it’s always the smart contract that runs on top of Ethereum.
Yeah. And that’s of course, still today, one of the key issues of the developing blockchain protocols. Because, there is this trilemma where you try to balance out, of course, security and privacy with scalability, and blockchain products like Bitcoin or Ethereum, you might like them or not, but especially Ethereum, it’s a lot focused on two sides for now, which are security and decentralization. And now it’s starting like scalability with Ethereum 2.0. But this is very important what you said because, when we start building out things which are outside the main blockchain protocol, security becomes … speed becomes possible, but then it also a little bit compromises security.
So that’s why also the main data usually it sits on top of the main blockchain protocol, and then on the additional outside layers, usually we bring things that are not critical for the, I guess, for the functioning of the applications that we’re building. And also there is another important point here. You said it was a two stage attack. So it means that, of course, one reason probably was because they needed to wait before they could launch another attack and drain more money from the DAO.
Do you think it’s possible that this attack was made by two different people or group of people? Or was it the same … was done by the same person or group of people?
Well, yeah, so that’s a good question. The one thing that I didn’t know before I really dug into this for the book was that, there were several different hacks of the DAO. The first one is the one that everyone knows about and that I’ve been describing. And that was on a Friday in June of 2016; that’s where 55 million was stolen through this two, and what I mean by a two stage attack is, everything has to be funded in a blockchain transaction on Ethereum.
So, what the attack did was it took money out of the DAO, the big pot of that’s DAO held, it took money out, but then used a little bit of it to fund the next hack, or the next time that the money would be taken out. So in the book I write about it, it’s kind of like you go to the bank and you go to the first teller and you say, “I’d like $100.” And before they give you the $100 you go to the next and you say, “I want 100.” And you do that again all the way down for 10 tellers.
And then at the end, you get your money, you get your $1,000 but in your bank account you actually only had 100. So that’s sort of the analogy that I’ve used to describe how that hack worked. And then I’m sorry, remind me of the question after that.
Yeah. So was it … interesting analogy.
Oh right, right the people.
So I think, and I got a lot of help in the book on this from blockchain forensics people because I’m not an expert at this at all, but I had a lot of experts who were really good at this helping me and looking at the code. And what I found was, the original hack was very elegant and was done by somebody or a group of people who really knew the ins and outs of solidity, and how to orchestrate this hack. Once that attack contract is launched, however, it’s public and you can, if you know what you’re doing, you can go and click on the contract and you can see where the money is going into, out of the DAO into this attack contract, and you can see the code of the attack contract.
So, now if somebody wanted to come along and basically just copy and paste that code into a new smart contract to attack the DAO they could. So that’s what the Robinhood group knew. They knew that this was now a publicly known exploit in the DAO, and that they knew that either the original attacker or a copycat could come back at any time and start draining more money out of the DAO. So that’s why they were worried. And so what I think is, I think the first attack was done by one group, and it was … one thing that I found really interesting was, when I showed the code to people, they just thought it was very elegant and it was really nicely put together, and it looked nice.
And then there was a second hack that started on the Tuesday after that original Friday attack. And this one, if you look at the code used on this one, it’s not pretty, it’s got a bunch of returns in it and it looks sloppy. And I had never thought of code like that. But, these folks who look at smart contracts all the time they do think in this way.
It’s like for you looking at an article, you know, as a writer, you know which article is going to be written extremely well and which not.
Yeah. Yeah, exactly. If the formatting’s all off and the font is changing, and whatever.
The style, the grammar, many things that as an author you’re pretty intuitive about…
Yeah. So that one to me and to other people who are much smarter about this than I am, it all seemed like this was a copycat attack. And that’s one area that I was able to follow in the book, and I think I was able to find somebody who was involved in that copycat attack on the Tuesday. And because another thing, the attackers on the Friday attack were … they covered their tracks really well. It’s basically impossible to, without law enforcement or a subpoena power to trace how they got the money into the contract and all sorts of things.
They were very good at covering their track. The person who did the copycat attack, I was able to follow the steps they took with some help from some people who I spoke to, and kind of figure out, okay, this seems to be where the money came from to fund the second attack. Because as I’ve said, you always have to pay for transactions on Ethereum. And so you can look at, where does the funding for this contractor originally come from? And that’s one of the cool things about blockchain is, it’s publicly available and you can see, here’s the first transaction, now I can backtrack and go, where did that come from? And I can backtrack it from there.
And so you can look like hop, skips and jumps, and you can follow the trail, so to speak. So I was able to do that during the book, which was a lot of fun.
And also, eventually did you manage because you went through, as you explained in the book, you went through such an investigation.
Did you eventually manage to understand if there was a person that was in charge of these attack?
Yeah. So again, nobody that I know of knows who did the original attack on Friday. The one that I think was very elegant and very smart, whoever did that. I think I found some links to somebody who was involved in the second attack on Tuesday, and I write about it in the book. And I met that person in Tokyo and interviewed him, and I’ll let readers check it out because it was a very interesting conversation. And, I’m only a reporter so I could only ask questions.
And I left that meeting with the person, I’m not sure, his answer was very interesting to me but definitely not definitive. I’m not sure that I expected anyone to confess to me but, again, I’ll leave it up to people to read in the book because I think it’s one of the more interesting parts and I don’t want to spoil it.
Yeah. Also because if, let’s say, if this person was acknowledging it, in any case was acknowledging probably a second copycat attack. So anyhow, it’s still a very bad thing to do but not the original attacker which probably was the most worrying one because we can imagine that the first attack was done by very smart people, they knew what they were doing. It’s possible to speculate also that if they knew from the inside out also the main language, they have been very close to the project or in the community and all. So there are many speculations.
Yeah, that’s a really interesting point. At that point in time, the people who understood solidity at this level to do that attack, it was a small group of people. There was maybe a couple dozen around the world, tops. So I find that really just fascinating and I’d love to know who actually did it. I don’t still, and it still kind of bothers me, but yeah.
This may be actually the right angle for the sequel. So start with, who was the attacker and move forward on how Ethereum evolved after that.
Yeah. If the attacker is listening to this and they want to reach out to me, I can protect your identity, don’t worry.
You’re going to say this is just for the sake of starting the other book. So, that would be a great thing actually. So to go close and to go forward, and close this up as our time is due. I don’t know how long you can stay.
What happened next? So how did eventually Ethereum and Vitalik Buterin solve the situation? So what happened?
Right. So now we’re at the point where the hack has happened and there’s that 55 million that’s sitting still in the DAO, the attacker can’t get the money out for something like 32 days. And this group of white hat hackers, the Robinhood group gets together. They are nervous about using the same exploit as the attacker because they don’t know if that’s going to be seen as breaking the law. They don’t know the legal ramifications of it. They also know on the other hand, like I said, the attack contract is public and somebody could come along and try it again, and steal more of the money, which they definitely did not want.
So, they were ready to push the button on their own method of draining the DAO but they waited until the second hack began on Tuesday. And it wasn’t until then that they went into action and launched their own attack. And it’s kind of technical, but they had an ability to drain the money out of the DAO way faster than anybody else. They had amassed a whole bunch of DAO tokens and it just made it easier for them to get the money. So, they were able to safely drain the remaining funds within hours of the second attack beginning.
So now that’s also in a contract in the DAO, and so … but the money is safe for now. And then broader Ethereum community, so that was all happening kind of behind the scenes a little bit. Or if you were paying attention during this time on Twitter and on Reddit, you could have been a part of this conversation. But the broader community also had to make a decision about, what do we do about this hack? They had a few different choices. And the first one that you mentioned was a soft fork, which is basically you would blacklist the address that the attacker used and try to censor any transactions and basically freeze that stolen ether in place so it could never be moved.
This was quickly realized that that would have ramifications throughout the whole network and it would not be a good solution. So, the other option is called a hard fork, which is more serious and it’s basically where you change the underlying blockchain. Here what it would do, what was proposed was, the hard fork would … you would update the Ethereum software that you run on your computer, and this is how the network works. People are running the Ethereum code on their computers all over the world, and those computers make up the blockchain network.
So, every so often of course you have to update your code, right? So the hard fork idea was, okay, we’re going to write an update and in this update the only thing that we’re going to change is we’re going to change the DAO contract, the block that that holds the DAO contract to get rid of the DAO and basically change the program, the smart contract there. So, the only thing it does is that if you have DAO tokens, you can now send your DAO tokens to this contract and get the ether back that you originally sent in to receive the DAO tokens.
So, I think a lot of people misunderstand this and they think that Ethereum changed the whole history of the blockchain with the hard fork and that’s not true. That would have been impossible first of all, and second of all, all that they wanted to do was to fix the DAO bug, there wasn’t really anything else that that was needed fixing. So, what you do then is, basically you have to kind of get everybody on board to do that because everyone has to update their software at the same time so that the new version now has that DAO contract where only thing you can do is go get your money back.
So, they spent weeks debating it and talking to people about it, Vitalik was in favor of it, a lot of people were in favor of it as well. And then ultimately what it came down to was a vote by the people who were running the software on their computers. And when the time came several weeks after the attack to do the hard fork, basically everybody in the network updated their software. So now the hard fork was a success and they had changed the history of the DAO but none of the other transactions in the history of the Ethereum blockchain were altered.
So it was all a big success and everybody thought that they were celebrating and everybody was happy, it basically meant that the attacker had all his money taken back so, what he had stole was stolen back from him by the community, changing the blockchain, and everything seemed fine. But then people noticed something weird a day or so after the attack, or I’m sorry, after the hard fork. So the way to visualize this is like a tree branch. And a hard fork is like a new branch that splits off to the right.
And what you hope for in that case is that, there’s the old network branch, and then the new branch is the hard fork and it just keeps growing to the right. What can happen in a blockchain though is, at that point where it splits, the branch can keep growing straight. And so what has to happen for that to occur is, somebody has to keep mining transactions on the old network, and they have to keep paying to publish blocks.
And it’s oftentimes very uneconomic, it’s very costly and it’s not something that people do. But in this case it happened and this is where the story gets even weirder. So, everybody, I said, everybody upgraded their software, that’s not entirely true. There was a mining pool in China that didn’t, it was called F2Pool, I believe they’re still around today. They stayed with the network where the DAO hack was possible, where the bug was still in the DAO hack. And somebody kept mining blocks on that old chain, on the original Ethereum chain and it kept growing and growing.
And then all of a sudden there was two chains. And in a blockchain, you don’t want that to happen because it’s very confusing because a blockchain needs to have one record of transactions that everyone agrees upon on. And if you have this fork, it gets confusing. So basically this new fork that kept growing straight and had the DAO bug in it still was named Ethereum Classic. And the fork part of the network of the chain is what we call Ethereum today.
So hopefully I haven’t lost you yet. But the other thing that happens when you have this new fork, or excuse me, the original fork that keeps growing is, Ethereum Classic now is a blockchain that you have to use ether on for transactions so it has a inherent value. And this new coin was called Ethereum Classic. And suddenly if you had any ether in your account at the time of the hard fork, you now had the same number of ether classic tokens.
And so, within a couple days, I think an exchange here and an exchange there started listing Ethereum Classic for trading on their exchange helping to give a value to this new coin. And so, I know that’s a lot to digest and I’m going to stop here to see if you have questions.
Yeah, yeah that sounds good.
It’s kind of beyond Sci-Fi, it’s just wild.
Yeah. Incredible and let me take a bit … some steps back and we move forward. And one interesting note is, I was looking as we were talking at the market capitalization of Ethereum Classic which was the blockchain that came up as result of the hard fork where today it’s about 2.9 billion and we are in January of 2022. So interesting to notice that this has survived.
And as you said, it doesn’t always make sense because when you do the hard fork, in order for the … what remains of that to survive is actually to have also a group of people is going to maintain that. And it’s not intuitive the fact that Ethereum Classic actually survived as a result of the split. And another key point also to highlight is that, as you said, the main difference between the soft fork and the hard fork is that the soft fork only probably changes are going forward as you need to update with the new rules.
The hard fork is interesting because it removes from the past, in this case, the DAO. So it’s not like, as you said, it changed the whole history, it just changed the one aspect which was important, which was the DAO hack. So it removed from the history of that so that it could start the fresh again, that’s pretty much what they wanted to achieve. But of course to achieve that, they had to do it by achieving a community consensus, because let’s remember blockchain protocols are most similar to open source software where, there is a group of people developing it and a group of people that handle it.
And so, you need to reach consensus, and of course Vitalik Buterin was a figure around the project so people trusted him, but he was not intuitive at all to solve the issue with the hard fork, it was not a simple choice. And as you said, the other point it’s about Ethereum Classic, how it survived. And, the sort of two parallel histories. One with the Ethereum without the DAO hack, and another one which is Ethereum Classic, which is Ethereum with the DAO hack. So going to close this up, what happened next to the co-founders?
Especially because Hoskinson was out and he would later also found Cardano.
But especially Wood, Gavin Wood, which had played such a key role, what happened next? There was an important, I think, point in which he split from the project and started to work on his own, what happened there?
Yeah. Gavin was instrumental in the Ethereum project because, what he did was he took Vitalik’s white paper which, Vitalik had worked out some things, some details. But, what needed to happen was, the next step was writing a technical spec basically so that anybody could come along and figure out how to work with Ethereum, and create their own node, for example. And so that’s what Gavin did and it’s called a yellow paper. So it’s basically the technical owner’s manual for Ethereum, and he wrote that.
And it’s incredibly … you definitely need to be a computer scientist and a programmer to understand it, it’s not something for laypeople to sit back and read. So he’s obviously brilliant and I do think he wanted to have more control. He always, as I’ve said, didn’t think the group should include people, the leadership group of Ethereum should include people who weren’t technical. So, he left eventually and started working on his own project which today is Polkadot.
And it’s a smart contract based blockchain. It’s got different features than Ethereum today, it’s faster, I believe it’s on proof of stake already instead of proof of work. And it’s one of the, people call them Ethereum killers, I don’t really subscribe to that, I think there’s enough room for a lot of different blockchains in the world and so I just consider Polkadot to be an alternative similar to Solana, or, take your pick.
But, yeah, so he went on to some great success and took a while to develop and perfect Polkadot. But it’s out there now and people are using it.
Yep. And to recap a little bit what we said so far, so the history of Ethereum is so interesting because again, it was so intense and the way also they figure the things out on the fly was not … because now other, let’s say, layer one protocols have spared up, especially in last two, three years. But when Ethereum did actually was built up, it was the first protocol to try to do something completely different from Bitcoin. So these are the most important aspect.
Of course there was a team of people behind, very smart people, interesting people, also characters that eventually clashed also because they had a different kind of philosophy on how to handle the project as we saw with Vitalik Buterin was for adding it as a foundation, Hoskinson wanted to go more in the part of setting things up more like a corporation. And then also going forward there was also this division between the very technical people like food who were working on an object which is extremely technical.
So as you said, he needed to have technical people as the main founders of the project against the rest were not really technical people. And then we added this scenario where they figured out how to launch when they thought they could launch actually at the time of the Bitcoin conference in Miami. Around 2013 actually they couldn’t, they needed to wait for understanding now from a legal standpoint, they would actually do the crowd sale.
That was one of those elements that helped them really go through this process, but it was eventually hacked. So they solved it with the hard fork and then going forward, of course we saw the [inaudible 01:11:32], another protocol which is Ethereum Classic, which has nothing probably of interesting, if not that it’s the fact that it contains the whole history of Ethereum, but with the DAO hack. Instead, if we look at the Ethereum today, since it was a hard fork, it removed from the history the hack itself.
It’s interesting because at least it has an historic value going forward the Ethereum Classic because it’s going to tell us the history of the hack.
And to close this up, what’s next for you? Are you planning a sequel or at least what’s interesting for you in the ecosystem, the crypto system?
Yeah. So I left Bloomberg News last year in September, and I started my own crypto media company called Decential it’s D-E-C-E-N-T-I-A-l.io. So my co-founder and I, he’s a filmmaker and documentary filmmaking, we realized that, the way I tried to write the book was by telling the stories of the people who were so fundamental like Vitalik and Joe Lubin, and Charles Hoskinson, and tell this complicated story through the characters and through the people. And the challenges and all the successes and the failures and all that.
And so, I think that’s a great way to approach crypto in general. And so at Decential that’s what we’re working on now is really just focusing on telling the stories of the people who are building Web 3 and the people who are building the NFT world, and all the different projects that you’re seeing now from DeFi to the new crop of DAOs that are coming out today. So, it’s very character driven and very much we want to humanize this industry because we feel like a lot of times there’s too much attention to the technical details and to the technology, and it can scare people away.
Whereas if you tell the story through the characters and the people then it’s very engaging and I think it helps people understand it on an easier level. So I don’t have a sequel in the works, I think I’m devoting all of my attention and energy right now to Decential and just trying to get this off the ground. But hopefully, I loved writing the book and it was the funnest thing I’ve ever done in my career so I definitely would like to do that again. I just have to find a topic that is as fascinating as this one.
Yeah. If you find the person who was behind the hack, I think it’s going to be, as we said, a good starting line. Anyhow, a very interesting the project, the new project, and agree, telling those technical stories by explaining actually the characters behind them, it’s the most important way to bring as many people on board on those kind of projects. So, thanks for taking the time to go through so many details and thanks for pulling together the book, it’s a huge, huge work. It was fun, but huge work, I guess.
Well thank you Gennaro, I really appreciate you taking the time, and it’s really fun to talk to somebody with a good understanding of all this like you, it makes it just a lot more fun to have this kind of conversation.
Absolutely, it was my pleasure. Thank you.