The DAO

The DAO was a digital decentralized autonomous organization and a form of investor-directed venture capital fund. After launching in April 2016 via a token sale, it became one of the largest crowdfunding campaigns in history, but it ceased activity after much of its funds were taken in a hack in June 2016.

The DAO had an objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises. It was instantiated on the Ethereum blockchain and had no conventional management structure or board of directors. The code of the DAO is open-source.



In June 2016, users exploited a vulnerability in The DAO code to enable them to siphon off one-third of The DAO's funds to a subsidiary account. The Ethereum community controversially decided to hard-fork the Ethereum blockchain to restore approximately all funds to the original contract. This split the Ethereum blockchain into two branches, each with its own cryptocurrency, where the original unforked blockchain continued as Ethereum Classic.

By September 2016, the value token of The DAO, known by the moniker DAO, was delisted from major cryptocurrency exchanges (such as Poloniex and Kraken). The DAO had in effect become defunct.

History
The open source computer code behind the organization was written principally by Christoph Jentzsch, and released publicly on GitHub, where other contributors added to and modified the code. Simon Jentzsch, Christoph Jentzsch's brother, was also involved in the venture.

The DAO was launched on 30 April 2016 with a website and a 28-day crowdsale to fund the organization.

The token sale had raised more than US$34 million by 10 May 2016, and more than US$50 million-worth of Ether (ETH)—the digital value token of the Ethereum network—by 12 May, and over US$100 million by 15 May 2016. On 17 May 2016, the largest investor in the DAO held less than 4% of all DAO tokens and the top 100 holders held just over 46% of all DAO tokens. The fund's Ether value was more than US$150 million, from more than 11,000 investors.

As of May 2016, The DAO had attracted nearly 14% of all Ether tokens issued to date.

On 28 May 2016 the DAO tokens became tradable on various cryptocurrency exchanges.

A paper published in May 2016 noted a number of security vulnerabilities associated with The DAO and recommended that investors in The DAO hold off from directing The DAO to invest in projects until the problems had been resolved. An Ethereum developer on GitHub pointed out a flaw relating to "recursive calls". On June 9 it was blogged about by Peter Vessenes, founder of the Blockchain Foundation. By June 14, fixes had been proposed and were awaiting approval by members of The DAO.

On June 16, further attention was called to recursive call vulnerabilities by bloggers affiliated with the Initiative for CryptoCurrencies & Contracts (IC3).

On June 17, 2016, the DAO was subjected to an attack exploiting a combination of vulnerabilities, including the one concerning recursive calls, that resulted in the transfer of 3.6 million Ether - around a third of the 11.5 million Ether that had been committed to The DAO - valued at the time at around $50 million. The funds were moved into an account subject to a 28-day holding period under the terms of the Ethereum smart contract so were not actually gone.

Members of The DAO and the Ethereum community debated what to do next, with some calling the attack unethical but valid, since it did not violate DAO rules as coded, while others called for the Ether to be re-appropriated and/or The DAO to be shut down. The DAO community manager, Griff Green, organized a volunteer group of coders known as The White Hat Group to recoup the funds in the other 500 wallets before they could also be hacked. Eventually on July 20, 2016, the Ethereum network was hard forked to move the funds in The DAO to a recovery address where they could be exchanged back to Ethereum by their original owners. However, some continued to use the original unforked Ethereum blockchain, now called Ethereum Classic.

In September 2016, Poloniex de-listed DAO trading pairs, followed by Kraken in December 2016.

Operation
The DAO was a decentralized autonomous organization that exists as a set of contracts on the Ethereum blockchain, with no physical address or officials with formal authority. The theory underlying the DAO was that keeping operational power directly in the hands of owners, not delegated to managers, would ensure that invested funds would be used in the owners' best interests, thus solving the principal–agent problem.

As an on-chain organization, The DAO claimed to be completely transparent, since everything was done by the code which anyone could see and audit. However, the complexity of the code base and the rapid deployment of the DAO meant that neither the coders, the auditors, nor the owners could ensure the intended behavior of the organization, with the eventual attacker finding an unexpected loophole.

The DAO was intended to operate as "a hub that disperses funds (currently in Ether, the Ethereum value token) to projects". Investors receive voting rights by means of a digital share token; they vote on proposals submitted by contractors, and a group of curator volunteer make sure the projects are legal and the contractors properly identified before whitelisting them. The profits from an investment will flow back to their stakeholders as specified in an on-chain smart contract.

The DAO did not hold the money of investors; instead, the investors owned DAO tokens that gave them rights to vote on potential projects. Anyone could pull out their funds by the time they first voted.

The DAO's reliance on Ether allowed people to send their money to it from anywhere in the world without providing any identifying information.

In order to provide an interface with real-world legal structures, the founders of The DAO established a Swiss-based company, "DAO.Link", registered in Switzerland as a limited liability corporation (Société à responsabilité limitée, SARL), apparently co-founded by Slock.it and Neuchâtel-based digital currency exchange Bity SA. According to Jentzsch, DAO.Link was incorporated in Switzerland because local law allowed it to "take money from an unknown source as long as you know where it's going."

Marketing
In May 2016, TechCrunch described The DAO as "a paradigm shift in the very idea of economic organization. ... It offers complete transparency, total shareholder control, unprecedented flexibility, and autonomous governance."

The group's logo featured a capital letter Đ.

Risks
In May 2016, the plan called for The DAO to invest Ether into ventures. It would back contractors and receive in return "clear payment terms" from contractors. The organizers promoted The DAO as providing investors with a return on their investment via those "clear payment terms" and they warned investors that there was a "significant risk" that the ventures funded by them may fail.

The risks included unknown attack vectors and programming errors. Additional risks included the lack of legal precedents: it was unknown how governments and their regulatory agencies would treat The DAO's ventures and contracts. For example, legal systems might not acknowledge a corporate veil protecting investors from individual legal and financial liability for actions taken by The DAO and its contractors. It was unclear if The DAO was selling securities, which are highly regulated, and if so, what type of securities.

The DAO has a democratized organizational structure so that control can be spread among members, with no official leadership or regulation. Normally, there is no way to recover funds if a member mistakenly transfers cryptocurrency to the wrong wallet, including in case of fraud.

Additionally, to function in the real world, contractors would likely need to convert the invested Ether into national currencies. In May 2016, attorney Andrew Hinkes said that those sales of Ether would likely depress its market value.

The code behind The DAO had several safeguards against anyone capturing the voting rights of shareholders to win investments. However, this would not prevent fraudulent or over-optimistic proposals. A paper cited a "number of security vulnerabilities".

Proposals
Slock.it (a German Blockchain venture), and Mobotiq (a French electric vehicle start-up) were listed as seeking potential funding on the daohub.org website during the May "creation period". Both Jentzsch brothers were involved in Slock.it as well.

Regulation
On 25 July 2017, the U.S. Securities and Exchange Commission published a report on initial coin offerings (ICOs) and The DAO, examining "whether The DAO and associated entities and individuals violated federal securities laws with unregistered offers and sales of DAO Tokens in exchange for 'Ether,' a virtual currency." The SEC concluded that DAO tokens sold on the Ethereum blockchain were securities and therefore possible violations of U.S. securities laws.