Ten years ago yesterday, The DAO was hacked, draining millions of ether (ETH) from what was, at the time, the largest crowdfunding event in history, and ultimately forcing Ethereum's most consequential decision: a hard fork that split the chain into Ethereum and Ethereum Classic.
The DAO had been built by German blockchain firm Slock.it under developer Christoph Jentzsch, raising roughly 12 million ETH, about $150 million at the time, from more than 11,000 investors in a token sale that closed less than three weeks before the attack.
On June 17, 2016, a then-unidentified attacker exploited a reentrancy bug in The DAO's splitDAO function, repeatedly draining ether before the contract could update its balances.
Roughly 3.6 million ETH, about a third of the fund, ended up in a "child DAO" carrying a 28-day withdrawal lock, the delay that gave the Ethereum community room to respond.
A loose group of developers, known as the White Hat Group, including The DAO's community manager, Griff Green, raced to drain the remaining vulnerable funds into contracts they controlled, an unprecedented rescue carried out in full view on a live blockchain.
The episode split Ethereum's community into two camps.
One argued the hack had followed the contract's code as written and that the outcome should stand, a position that would eventually become Ethereum Classic.
The other argued a bug was not intended behavior and that the community should use its collective judgment to make victims whole.
The Ethereum known today chose the latter.
On July 20, 2016, at block 1,920,000, the network executed a hard fork that rolled the chain's state back to before the hack, with roughly 85% to 89% of voters in support. The drained ETH moved into a recovery contract, and original DAO token holders could withdraw their share at a rate of 1 ETH per 100 DAO tokens.
Participants on the new chain were made whole and received bonus ETC from the split. On the original chain, Ethereum Classic, the hack stood as recorded and the attacker kept their share of ETC. It was Ethereum's first major hard fork and the event that permanently divided the network in two.
The hack impacted decentralized finance well beyond the fork. To date, it is widely credited with launching crypto's smart-contract security industry, as auditing and formal verification became standard practice rather than an afterthought.
It also became a landmark in U.S. securities law. The U.S. SEC's 2017 DAO Report concluded that DAO tokens qualified as securities under existing law, a facts-and-circumstances analysis that has anchored crypto enforcement actions ever since.
A decade later, The DAO is back, but this time as a security fund rather than a venture fund.
The DAO Fund traces to a commitment made shortly after the hack: any rescued ETH left unclaimed by January 2017 would eventually support Ethereum security work.
The promise sat dormant until a Wintermute researcher rediscovered the old blog post and flagged it to Green, who announced the fund's launch in January.
More than 75,000 ETH from the original recovery, about 70,500 ETH sitting in an unclaimed ExtraBalance contract plus another 4,600 ETH in The DAO's curator multisig, is being staked as a long-term endowment, with the yield funding security research, tooling and incident response.
Seven curators oversee the fund, including Ethereum co-founder Vitalik Buterin and former MetaMask security lead Taylor Monahan, and it coordinates with the Ethereum Foundation's Trillion Dollar Security initiative.
"We've been stuck in a rut for the last six years," Green told The Block in January, pointing to phishing attacks and wallet drains as evidence that security for ordinary Ethereum users has lagged even as the protocol itself matured.
The fund ran its first allocation, the Ethereum Security QF Round, from April 23 to May 14, distributing more than $1 million in ETH across 134 projects selected from over 250 applicants, with market maker Wintermute among the contributors adding $200,000 to the matching pool.
The 75,000 ETH was worth more than $220 million when Green announced the fund in January. At ETH's current price near $1,750, that same stake is worth closer to $130 million.
Not everyone reads the relaunch as a clean validation of Ethereum's 2016 choice.
"'Code is law' was always a frame that wasn't wholly tenable," said Ido Ben-Natan, CEO of wallet-security firm Blockaid. Any system that settles real value needs room for human judgment at the edges, in his view, and restricting the new fund to dormant, already-recovered assets keeps it conservative since it doesn't reopen transactions the network already settled in 2016.
Marcin Kazmierczak, co-founder of oracle provider RedStone, argued that funding security out of a permanent staking endowment instead of passing the hat after each hack marks real progress, but doesn't eliminate trust in the system, only relocates it.
Participants now trust seven curators and a funding process to allocate roughly $8 million a year in yield wisely, rather than trusting that the underlying code is flawless.
"It doesn't remove trust, it just moves it," Kazmierczak told The Block.
The dollar figures also look different in context. Crypto lost $3.4 billion to hacks in 2025, Chainalysis found, with February's $1.5 billion Bybit breach alone accounting for 44% of that total.
Against numbers like that, a $1 million grant round barely registers, Kazmierczak said. Loss size is still the wrong yardstick, he said, since the more meaningful shift is that Ethereum now has a standing, self-funding security pool where it previously had none.
He also questioned whether the fund is chasing the right threat. The DAO hack was a contract bug, a category now largely under control as auditing has matured, while today's catastrophic losses increasingly come from operations: stolen keys, social engineering and compromised signing interfaces.
The Bybit breach was the clearest example, not a Solidity bug, but, in Kazmierczak's words, "a doctored signing screen that turned hardware-wallet approvals into blind signatures." Funding another wave of smart-contract audits, he argued, would miss where the money is actually going now.
Ben-Natan put the same shift more bluntly. He told The Block that reentrancy taught the industry to audit code, but "we also have to watch what's going on when people click approve."
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
