Home
Crypto News
The DAO Hack 2016: How $60M ETH Changed Crypto History Forever

The DAO Hack 2016: How $60M ETH Changed Crypto History Forever

Crypto Regulation & Policy Press Release Expert

Published 2026-05-13

Updated 2026-05-13

The DAO Hack 2016: How $60M ETH Changed Crypto History Forever

The 2016 DAO hack was the first major smart contract exploit in blockchain history — draining $60 million in ETH through a reentrancy vulnerability and forcing one of the most controversial decisions in crypto: should a blockchain roll back transactions to undo a hack? The response permanently shaped Ethereum's security culture, smart contract auditing standards, and the regulatory treatment of ICOs.

What Was The DAO?

The DAO (Decentralised Autonomous Organisation) launched in April 2016 as an Ethereum-based venture capital fund. It raised 12.7 million ETH (approximately $150 million at the time) from thousands of investors — the largest crowdfunding in history at that point. Token holders could vote on investment proposals. A vulnerability in the smart contract allowed recursive calls before state was updated.

The Reentrancy Exploit

The hacker exploited a reentrancy vulnerability: the "split" function allowed DAO token holders to withdraw ETH. The exploit called the withdrawal function, then recursively called it again before the balance was updated in the contract state. Result: the attacker drained ~3.6 million ETH ($60 million) through repeated recursive calls before the balance registered as depleted.

The Controversial Hard Fork

Ethereum community debate: should the blockchain roll back transactions to return the stolen funds? "Code is law" position: the exploit was technically valid code execution — reversing it violates blockchain immutability. "Social contract" position: the community had the right to correct an obvious theft. The result: Ethereum hard-forked in July 2016 — returning the stolen funds. The minority who refused the fork continued on the original chain: Ethereum Classic (ETC).

Permanent Impact on Crypto

Smart contract security: the DAO hack created the field of professional smart contract auditing. Reentrancy guards became standard (OpenZeppelin's ReentrancyGuard). SEC response: the SEC published a 2017 report declaring DAO tokens to be securities — the first major regulatory guidance on crypto tokens. This directly triggered stricter ICO legal structures that persist today.

For the smart contract audit guide created by this era, see our smart contract audit guide. For the ICO legal framework shaped by the DAO hack, see our ICO regulations guide. For biggest crypto scams in history including the DAO context, see our biggest ICO scams guide.

Glossary

Reentrancy Attack: An exploit where an attacker's contract recursively calls a vulnerable function before state updates complete — the mechanism behind the DAO hack.
Hard Fork: A backwards-incompatible blockchain protocol change — in Ethereum's 2016 case, used to roll back DAO hack transactions, creating Ethereum Classic as the minority chain.
Ethereum Classic (ETC): The original Ethereum chain that refused the DAO hack hard fork, continuing without the transaction rollback.

Disclaimer

Important: This guide covers historical events for educational purposes. CryptoPresaleNews.com is not a licensed financial advisor.

Previous Next

Yara Fernandez Crypto Regulation & Policy Press Release Expert

521+ articles

1 Year experience

Regulation specialty

Yara Fernandez dives into NFT drops, Latin American crypto art, and GameFi projects that bridge culture and blockchain. As a respected name in crypto journalism, she delivers valuable insights on NFT and Web3 topics from around the world. Her work blends deep research with simplicity, making it easy for readers to understand the fast-moving world of crypto. She focuses on topics related to NFT and Web3 reporting and regularly covers emerging trends, technology updates, and community stories.

Read All Articles By Yara Fernandez

✍️ WHAT'S YOUR OPINION?

Your Name

Your Opinion

Frequently Asked Questions

Have questions? We have answers!

What was the DAO hack?

The 2016 DAO hack: The DAO was an Ethereum-based investment fund that raised 12.7 million ETH ($150 million) from thousands of investors — the largest crowdfunding in history at that time. An attacker exploited a reentrancy vulnerability in the smart contract, recursively calling the withdrawal function before balance was updated, draining approximately 3.6 million ETH (~$60 million). The hack triggered Ethereum's controversial hard fork and permanently shaped smart contract security standards.

What is a reentrancy attack?

Reentrancy attack mechanics: a smart contract calls an external contract (or attacker-controlled contract) before updating its own state. The external contract immediately calls back into the vulnerable function. Since the state hasn't updated yet, the original function executes again — the same check passes, and funds are sent again. This loop continues until the contract is drained. The DAO's withdrawal function sent ETH before marking the amount as withdrawn — allowing recursive calls to drain the full balance.

How did Ethereum's hard fork work?

Ethereum hard fork (July 2016): the Ethereum Foundation and majority of the community agreed to modify the Ethereum blockchain to move the stolen DAO funds to a new smart contract, effectively returning them to original DAO investors. The hard fork required all node operators to upgrade their software — those who refused to upgrade continued mining the original chain. The forked chain (returned funds) became Ethereum (ETH). The original, unforked chain became Ethereum Classic (ETC). The fork was at block 1,920,000.

What is Ethereum Classic (ETC)?

Ethereum Classic is the original Ethereum blockchain that continued without the DAO hack transaction rollback. Supporters: ideological 'code is law' position — the hack was technically valid code execution; reversing it violates blockchain immutability. ETC has maintained a smaller community and lower market value than ETH. It uses proof of work (vs ETH's proof of stake). ETC has suffered several 51% attacks on its smaller hashrate. It represents the 'pure blockchain immutability' philosophical position from the 2016 debate.

What did the SEC say about the DAO?

SEC's 2017 DAO report: the SEC issued a report (July 2017) concluding that DAO tokens were securities under the Howey Test — an investment of money in a common enterprise with expectation of profits from others' efforts. This was the first major US regulatory guidance on whether crypto tokens could be securities. Impact: triggered a wave of ICO legal structuring to avoid securities classification, drove the narrative that utility tokens (with actual use) were different from investment tokens, and set the foundation for all subsequent SEC crypto enforcement actions.

How did the DAO hack change smart contract auditing?

Post-DAO auditing evolution: (1) created professional smart contract security as a distinct field — Trail of Bits (2012, expanded post-DAO), ConsenSys Diligence (2018), OpenZeppelin Security (2017), (2) reentrancy guards became standard — OpenZeppelin's ReentrancyGuard modifier is now included in virtually all DeFi protocol templates, (3) 'checks-effects-interactions' pattern became standard — update state BEFORE making external calls, (4) mandatory audit requirements emerged for serious projects — any protocol handling significant funds that hasn't been audited is considered negligent by the community.

What was 'code is law' and what did the DAO debate prove?

'Code is law': the blockchain philosophy that smart contract execution is immutable and final — whatever the code does is the legitimate outcome, even if it produces unintended results. The DAO debate challenged this: the community used social consensus to override what the code did (the hack). The practical lesson: in reality, blockchain governance is social, not purely technical. The human community retains ultimate authority to fork the chain. This matters for investors: smart contract immutability is a default, not an absolute guarantee — catastrophic exploits may be reversible through community consensus.

How much ETH was worth during the DAO hack?

DAO hack economics: ETH was trading at approximately $15-20 during the period of the hack. The 3.6 million ETH stolen was worth approximately $55-60 million at the time. At ETH's 2021 ATH (~$4,800), the same amount would have been worth approximately $17 billion. At current prices, the sum represents a very large amount. The attacker had a 28-day waiting period before funds could be moved from the DAO's 'child DAO' — giving the community time to implement the fork that ultimately returned the funds.

What is the DAO hack's legacy for ICO investors today?

Direct legacy for 2026 ICO investors: (1) smart contract audit is mandatory — the DAO hack created the field, and investors now routinely check for published audits, (2) reentrancy guards are standard — professionally audited contracts all include protection against the DAO's specific vulnerability, (3) regulatory scrutiny — the SEC DAO report created the current US regulatory framework for token classification, (4) hard fork precedent — investors know that in catastrophic scenarios, communities can potentially roll back fraud (though this is rare and controversial). Overall: the DAO hack made the ecosystem more secure, more regulated, and more professionally audited.

Was the DAO hacker caught?

DAO hacker identity: has never been publicly and definitively confirmed. Several researchers and journalists have speculated about identities but no official prosecution occurred. The hard fork effectively returned the funds, eliminating the financial loss. Since the funds were returned via the fork, there was less incentive to pursue criminal prosecution across potentially multiple jurisdictions. The case illustrates a fundamental challenge in crypto law enforcement: technically sophisticated exploits of on-chain code may not constitute traditional theft in all legal frameworks — the 'code is law' defense has been raised in subsequent similar cases.

Have Questions?

Our team will answer all your questions. We ensure a quick response.