Blockchain-based Venture Capital Fund Hacked for $60 Million
News emerged Friday that The DAO, a venture capital fund operating through a decentralized blockchain inspired by Bitcoin, had been robbed of more than $60 million worth of Ether digital currency, or about 1/3 of its value, through a code exploit. The DAO, which raised more than $150 million in May, had been intended as a showcase for the potential of Ethereum, a blockchain platform for cloud-based financial agreements.
The nature of the hack was outlined in an open letter claiming to be from the attacker, posted to Pastebin this morning. In part, it reads:
I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward.
In a blog post yesterday, Vitalik Buterin, the creator of Ethereum, described the hacker’s tactic as based on a “recursive calling vulnerability” in The DAO’s code.
Get Data Sheet, Fortune’s technology newsletter.
According to one member of the development team who spoke with CoinDesk, the DAO will now be shut down, with funds to be returned to investors. An alternative would be the creation of a ‘fork’ that would nullify the transactions initiated by the hack.
But the damage done by the exploit goes far beyond direct investors in The DAO. The market for Ether cratered on news of the theft, with the price of the digital currency dropping from a peak of over $21 yesterday to around $12.93 as of this writing, as tracked by CryptoCompare, on surging volume. That drop wiped out more than half a billion dollars of Ether’s market value.
The severity of Ether’s drop reflects an existential crisis triggered by the hack. The DAO has been touted as the first major implementation of a Decentralized Autonomous Organization, a financial organization underpinned by so-called “smart contracts,” written in computer code and enforced through a blockchain which controls investors’ digital currency holdings.
In principle, that means any and all transactions possible in The DAO’s code lie within the terms of the membership agreement. According to The DAO’s website: “Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in the DAO’s code.”
For more on blockchain technology, watch our video.
In short, the DAO is meant to eliminate lawyers and other humans from contract negotiations and financial dispute resolution. That possibility, along with security advantages, has contributed to major banks’ surging investment in blockchain technology.
But by finding an unintended code exploit, the DAO hacker has called into question the core idea that code can substitute for human-dependent legal and financial processes. In the hacker’s own words:
A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. Such fork would permanently and irrevocably ruin all confidence in not only Ethereum but also the in the field of smart contracts and blockchain technology.
It is even unclear under precisely what terms anyone could alter or roll back The DAO, which, at least in principle, has no managers or authorities.