story must start with Bitcoin, it is not about Bitcoin. It's the story of what came next. It's about going beyond Bitcoin to use technology to build even more powerful connections among people. It's the story of Ethereum, a global network of computers known as a blockchain invented in 2013 by Vitalik Buterin, a Russian-Canadian genius who'd yet to celebrate his 20th birthday.
Buterin married the digital money aspect of Bitcoin to the almost unlimited capabilities unleashed by what can be written in computer code. If you think about it in terms of contracts, just about everything I can think of can be boiled down to a written contract. Certainly, legal documents, but also financial transactions, commerce, global trade. Now you could take those contracts and in a sense digitize them by bringing them to life on Ethereum's global network. Once there, they could be accessed by anyone in the world at any time of day or night. There's a money feature embedded in Ethereum too, so you can pay for stuff. And it all takes minutes rather than the days, weeks, or months to complete common transactions in the industries I just mentioned. The efficiency gains are on par with what the Internet provided us in the early 2000s.
At its most valuable, the Ethereum network was worth an astounding $135 billion. Its creators became billionaires and millionaires. Ethereum is – slowly – changing the way finance and mainstream corporations think about the myriad tasks they do behind the scenes to make the world work. This is the story of the people who brought Ethereum to life, and how they changed the world.
But it's also about a $55 million heist that threatened to bring Ethereum down. The DAO attack, as it's known, is one of the strangest tales of thievery I know. A group of good-guy hackers who called themselves the Robin Hood Group fought a ninja war on the blockchain to prevent hundreds of millions of dollars from being stolen. Against them was a malicious but ingenious attacker who for the most part remains unknown to this day. And finally, it's about my effort to find out who did it, to unmask the ether thief.
Part I
It is the business
of the future
to be dangerous.
– A.N. Whitehead
Zero
For most of the world the attack began on a Friday in June 2016. The planning and testing and tinkering had been in the works for weeks. Everything would have to be just right or it would fail. What was about to unfold was one of the most elegant, complicated, and weirdest thefts in history.
The clock read 3:34 in Coordinated Universal Time. That's the same as Greenwich mean time, for those who remember. The wee hours in Europe, still Thursday in New York City, and half past 11 in the morning in Beijing. A pair of eyes checked the screen again; a finger hovered over a mouse button. This was a moving machine with many parts: all interacting, all in code, all in cyberspace. It's baffling and complex, and some of the best computer scientists in the world struggle to put into plain English what happened. Robots attacking robots on the web. That's how one person put it to me, and I've never forgotten it. In this case the reward the robots battled over was immense – a quarter of a billion dollars.
None of this would have been happening if not for a new computer science discipline known as blockchain. While certainly a buzzword, blockchain is simply a new way of implementing databases. Instead of one company or government controlling access to data, the ledger is shared and spread among computer hard drives all over the world. It is what made Bitcoin possible.
Bitcoin, of course, ushered in the era of cryptocurrencies, a time where a new type of money came to exist, one that isn't backed by a government or bank but instead derived from whether people believe it's useful. Bitcoin was the pioneer, but by mid-June 2016, the second-most valuable cryptocurrency after Bitcoin was called ether. Ether is the fuel that allows the Ethereum blockchain to work.
The hacker looked at the contract he'd written one last time, then clicked his mouse. His target: a computer program that held $250 million worth of ether. What it also held was an enormous bug in its code that the hacker believed would let him walk right in and steal it all.
His first try failed. Four minutes later, he tried again. That attempt failed too – a red exclamation point next to his transaction declared “Error in Main Txn: Bad Jump Destination.” Shit, he thought he'd nailed this down. He took some time to check all the inputs, the addresses, and codes. Seventeen minutes later, at exactly 3:34:48 UTC, he tried a third time. Then, he saw it. His account had received 137 ether from the computer program that held the $250 million. That was a cool $2,700 he just stole.
The attack had begun. Thousands of these small transactions would accrue throughout the day as the theft continued. People all over the world watched as it occurred, helpless to stop it. Eventually $55 million of ether was stolen, making it the largest digital heist in history at the time.
●●●
I remember that day. I'd called in sick to my job as a reporter at Bloomberg News in New York. June 17, 2016. I'd wrapped some blankets around me as I sat on the couch in my Brooklyn apartment and checked my phone for whatever news I was missing.
I'd been at Bloomberg for 12 years, reporting on Wall Street and energy and oil markets, and then, for most of that time, my beat became the financial infrastructure that keeps the whole system humming but that no one talks about. How exchanges work, for example, or the ins and outs of US Treasury bond trading. Then the world went through the worst financial crisis since the Depression. I covered the Dodd-Frank Act's debate and passage: legislation written in hopes of reining in the financial world to stave off another crisis. I never thought I'd end up being a financial reporter – it just sort of happened, and then I found myself involved in one of the biggest stories of the century.
In 2015, all that background brought me to the realization that a new concept – blockchain – could radically change everything I wrote about. I'd dismissed Bitcoin as a fad for years. I didn't understand it. I thought, how in the world could anyone value something that was nothing more than ones and zeroes?
Blockchain, though, was different. Most of the financial plumbing I spent my days talking to people about was antiquated and in great need of updating. Banks like JPMorgan were sitting atop technology systems that would make the mazes of Babylon seem a snap to navigate. That's because they inherit IT systems when they buy other banks. And then they build systems in-house that might be designed according to the whims of a certain part of the bank, which then won't work with a system in another part of the bank. Some of these systems were written in Cobol, a programming language popular in the 1970s that faces the very real possibility that no one who knows how to fix it will be alive in a few years.
The best thing to do would be to rip it all out and completely redesign these systems. Which is impossible, of course. But Wall Street's need to catch up to the twenty-first century in terms of technology systems was critical. Blockchain turned many heads for this reason. Not only could it streamline bank IT systems, it held the potential of speeding up transactions, which would save banks a lot of money.
That's what I realized, thanks to a short article I read in the Economist in 2015. Soon after, I told my boss I wanted to include blockchain on my beat. He said, “That's great. What's blockchain?”
As I lay on my couch on that day in June 2016, the news hit that this thing called the DAO had been hacked. The DAO is the computer program I told you about, the one that held $250 million. I didn't use the name at first because I don't want to confuse you any more than absolutely necessary. I'll do my best to make this as painless as possible, but there are still going to be technical details. And names like decentralized autonomous organization, or DAO. Please – stick with me, hold my hand. We can do this.
So anyway, ether was being stolen, even as I read the story on my couch. I think I remember this vividly because I immediately experienced the pang of guilt any reporter feels when they are out of the loop as a big story is breaking on their beat. I should call in,