For most of the world the attack began on a Friday in June 2016. The planning and testing and tinkering had been in the works for weeks. Everything would have to be just right or it would fail. What was about to unfold was one of the most elegant, complicated, and weirdest thefts in history.
The clock read 3:34 in Coordinated Universal Time. That's the same as Greenwich mean time, for those who remember. The wee hours in Europe, still Thursday in New York City, and half past 11 in the morning in Beijing. A pair of eyes checked the screen again; a finger hovered over a mouse button. This was a moving machine with many parts: all interacting, all in code, all in cyberspace. It's baffling and complex, and some of the best computer scientists in the world struggle to put into plain English what happened. Robots attacking robots on the web. That's how one person put it to me, and I've never forgotten it. In this case the reward the robots battled over was immense – a quarter of a billion dollars.
None of this would have been happening if not for a new computer science discipline known as blockchain. While certainly a buzzword, blockchain is simply a new way of implementing databases. Instead of one company or government controlling access to data, the ledger is shared and spread among computer hard drives all over the world. It is what made Bitcoin possible.
Bitcoin, of course, ushered in the era of cryptocurrencies, a time where a new type of money came to exist, one that isn't backed by a government or bank but instead derived from whether people believe it's useful. Bitcoin was the pioneer, but by mid-June 2016, the second-most valuable cryptocurrency after Bitcoin was called ether. Ether is the fuel that allows the Ethereum blockchain to work.
The hacker looked at the contract he'd written one last time, then clicked his mouse. His target: a computer program that held $250 million worth of ether. What it also held was an enormous bug in its code that the hacker believed would let him walk right in and steal it all.
His first try failed. Four minutes later, he tried again. That attempt failed too – a red exclamation point next to his transaction declared “Error in Main Txn: Bad Jump Destination.” Shit, he thought he'd nailed this down. He took some time to check all the inputs, the addresses, and codes. Seventeen minutes later, at exactly 3:34:48 UTC, he tried a third time. Then, he saw it. His account had received 137 ether from the computer program that held the $250 million. That was a cool $2,700 he just stole.
The attack had begun. Thousands of these small transactions would accrue throughout the day as the theft continued. People all over the world watched as it occurred, helpless to stop it. Eventually $55 million of ether was stolen, making it the largest digital heist in history at the time.
●●●
I remember that day. I'd called in sick to my job as a reporter at Bloomberg News in New York. June 17, 2016. I'd wrapped some blankets around me as I sat on the couch in my Brooklyn apartment and checked my phone for whatever news I was missing.
I'd been at Bloomberg for 12 years, reporting on Wall Street and energy and oil markets, and then, for most of that time, my beat became the financial infrastructure that keeps the whole system humming but that no one talks about. How exchanges work, for example, or the ins and outs of US Treasury bond trading. Then the world went through the worst financial crisis since the Depression. I covered the Dodd-Frank Act's debate and passage: legislation written in hopes of reining in the financial world to stave off another crisis. I never thought I'd end up being a financial reporter – it just sort of happened, and then I found myself involved in one of the biggest stories of the century.
In 2015, all that background brought me to the realization that a new concept – blockchain – could radically change everything I wrote about. I'd dismissed Bitcoin as a fad for years. I didn't understand it. I thought, how in the world could anyone value something that was nothing more than ones and zeroes?
Blockchain, though, was different. Most of the financial plumbing I spent my days talking to people about was antiquated and in great need of updating. Banks like JPMorgan were sitting atop technology systems that would make the mazes of Babylon seem a snap to navigate. That's because they inherit IT systems when they buy other banks. And then they build systems in-house that might be designed according to the whims of a certain part of the bank, which then won't work with a system in another part of the bank. Some of these systems were written in Cobol, a programming language popular in the 1970s that faces the very real possibility that no one who knows how to fix it will be alive in a few years.
The best thing to do would be to rip it all out and completely redesign these systems. Which is impossible, of course. But Wall Street's need to catch up to the twenty-first century in terms of technology systems was critical. Blockchain turned many heads for this reason. Not only could it streamline bank IT systems, it held the potential of speeding up transactions, which would save banks a lot of money.
That's what I realized, thanks to a short article I read in the Economist in 2015. Soon after, I told my boss I wanted to include blockchain on my beat. He said, “That's great. What's blockchain?”
As I lay on my couch on that day in June 2016, the news hit that this thing called the DAO had been hacked. The DAO is the computer program I told you about, the one that held $250 million. I didn't use the name at first because I don't want to confuse you any more than absolutely necessary. I'll do my best to make this as painless as possible, but there are still going to be technical details. And names like decentralized autonomous organization, or DAO. Please – stick with me, hold my hand. We can do this.
So anyway, ether was being stolen, even as I read the story on my couch. I think I remember this vividly because I immediately experienced the pang of guilt any reporter feels when they are out of the loop as a big story is breaking on their beat. I should call in, I thought; I need to help tell this story. But I really was sick, and I didn't have many good Ethereum sources at that time.
In fact, earlier in 2016 was the first time I'd spoken to anyone about Ethereum. I went to visit Joe Lubin in the funky Bushwick headquarters where he'd started ConsenSys, the largest innovation studio for applications that would run on top of the underlying Ethereum network. An Ethereum cofounder, Lubin is quiet and demure. A native Canadian, he has an intense focus that can make you feel you have his entire attention when you speak with him. He shaves off the hair that remains on his head and is strikingly handsome in the way that some men pull off being bald.
Years before I met Lubin I'd lived in Bushwick. The Brooklyn neighborhood had been much rougher in 2004. Restaurants were few and far between. A bar called Kings County was one of the only local gathering spots and was just around the corner from where ConsenSys would later set up shop. I had friends at the bar who told stories of being chased by packs of wild dogs, of returning late to their apartment from the subway to find a tiny slip of paper jammed into their keyhole, put there by the guys in the shadows who demanded everything they had. It was an amazing time.
I knew the building ConsenSys would come to occupy, next to an overpriced natural grocery store. Its facade was forever covered in graffiti long before ConsenSys moved in, a detail no profile of Lubin or his firm has ever seen fit to leave out.
Lubin built ConsenSys in the hopes of fostering the types of digital applications that would make Ethereum indispensable to the world. Think of a blockchain-based digital version of Uber, but without the middleman that is Uber taking 30 percent of every transaction. Consumers pay less, drivers earn more, and hopefully the user experience of clicking an app on a smartphone isn't much different. Or think of an app that directly connects artists with their fans without a record company and lawyers and agents all in the middle taking their cuts.
What's amazing about this idea of a new kind of Internet that's peer-to-peer is that Ethereum has money programmed into it already. Ether is the currency of the realm, meaning that banks can't shut it down. Losing access to banking is almost always a sure way to kill off something you don't like. Here it's impossible.
But what does a blockchain Uber really mean? Let's run through it and call it CarCoin. This is how I first came to understand Ethereum's potential method of mass disruption.
How does CarCoin make money? That has to be the first question. No one wants to build complicated software for free. What you do is create a new cryptocurrency along with the application for your ride-hailing business. CarCoin will be created and sold to the public. Importantly, you must have a CarCoin balance to access the app on your phone.
Now imagine CarCoin hits it out of the park. Everyone wants some. The price of CarCoin goes up. The founders and developers of CarCoin, meanwhile, have made sure to give themselves a lot of CarCoin for free.
They do this in hopes that its value rises; then they're sitting on pure profit and all their hard work has paid off. This is smart contract 101 stuff once you understand the 360-degree nature of the ecosystem Ethereum's inventor Vitalik Buterin and his colleagues created. The app, the coin, and the supply demand dynamics all intertwine. It makes sense, yet I now understand it never really was the vision in the early years.
The people who invented and created Ethereum were flying blind. Very little of how the project became a reality followed any kind of thought-out process. That goes as far as making sure to have a way of making money.
Fabian Vogelsteller was an essential early programmer for Ethereum. Starting in about 2014 he built, with Alex Van de Sande, the Mist wallet, one of the earliest and most important Ethereum apps as it allowed users to access the Ethereum blockchain and hold the different digital currencies they owned.
“There was no business model at the time,” Vogelsteller said. The economics are rather limited, as he spelled out. You can't charge for using smart contracts and people are already spending ether to access Ethereum – that's fundamental. A digital application can only hope to earn money if it provides a useful service to people. But that was the last thing on early developers' minds, he said.
“We never thought about business models at all. It was only about what to build, not how to make money,” Vogelsteller said. I was speaking to him in 2020 for a story I was writing about his new project, Lukso, an arts, culture, and fashion focused blockchain based on Ethereum. I ran my CarCoin example by him, and he zeroed in on the big problem right away: Why is CarCoin – i.e., the new cryptocurrency – necessary? Why not just use ether for everything? It's taking the money aspect of Ethereum a bit too far to build an entirely new coin on top of it.
While this criticism doesn't blow a hole in the idea of digital applications, it does call into question the nearly two-year-long orgy known as the initial coin offering market that took place from about 2016 to early 2018. Billions of dollars were raised by legitimate and completely fraudulent dev teams alike. Everyone was welcome at this scamfest. And all of it can be seen in hindsight as an enormous waste of time, energy, and the little creativity that went into most ICO projects. It was a folly, but only one of many to come.
“The whole Ethereum community, from the core developers and on, is pure idealism,” Vogelsteller said. This sanguine vibe is strongly tied to one of the universally shared beliefs among the people who created Ethereum: the Internet should be free so we can all share it and build cool things, to paraphrase how Fabian Vogelsteller described it to me.
The correct incentives are the next ingredient in this idealism pie. Fabian compared it to a jungle: brutal, yes, but it all works because the incentives line up in favor of keeping the entire ecosystem healthy. Shitty incentives in the jungle lead to death for everything. Blockchain has to believe in incentives because its core function – to date, at least – is tied directly to the network of computers that mine and validate transactions. Making as much money as possible by mining comes with a nifty side effect – it provides the best security for a blockchain network. Greedy miners are wanted.
“In nature we have a lot of these systems” of aligned incentives, Vogelsteller said. “In society we don't believe it's possible, but blockchain shows it is possible.”
So does CarCoin work, or not? I wish I could tell you, but advances in crypto-economics aren't exactly whizzing about the industry. As far as I know, as of early 2020 the debate about incentives goes on without a clear answer. There are many problems Ethereum has to face if it's to become universal, not least of which is how people make money from it.
But the middlemen are still there and seem ripe for the taking. The speed at which Uber overtook the taxi industry was phenomenal. It just feels right that they could be disrupted in a similarly brutal and quick fashion.
In the world of finance the applications for Ethereum are particularly ripe, as Wall Street is – at its core – the insanely well-entrenched pure expression of middlemen profit-takers, making their money from other people's money solely by virtue of sitting in between transactions.
Joe Lubin wanted to build a different way of conducting business. He's a great evangelist for Ethereum. He's the one who first explained it to me and made the light bulb go off above my head. I've spoken to many other people who had the same experience with him as he laid out his vision of an Ethereum-enabled financial system. For me, when he kept repeating the words “global computer” I finally saw it and had one of those moments when you think, Man, that is fucking cool.
Yet all of this stuff was incredibly speculative. In 2016, the idea that Ethereum could be used in the financial world was only being discussed by a few far-thinking bankers. On the one hand, Ethereum promised the world, it was a hell of a story, but in 2016, in terms of what you could point to as an actual product, Ethereum had nothing to show.
When I cowrote a story for Bloomberg Markets magazine in 2015 about Blythe Masters, a former JPMorgan executive who was now heading a blockchain startup, I didn't even mention Ethereum. This is not a knock against Ethereum – I certainly could've known more about it at the time – but it's also true that it was simply too early to be taking Ethereum seriously in a financial markets' sense. So I didn't dig into the story of the $55 million hack when I went back to work. It was fascinating, yes, but for Bloomberg readers it didn't have enough of a connection to Wall Street or finance to justify me chasing it.
In the following months blockchain certainly didn't disappear from the headlines. There was plenty of hype, and I plead “no contest” to the charge that I contributed to it. But at the same time I felt that there was something there. People like Blythe Masters don't jump into things lightly, I told myself. Blockchain seemed to have some staying power.
Masters is what you would call Wall Street famous. She's beautiful and brash and ruthless. She rose within JPMorgan from being an intern in its London office when she was 18 to sitting on a trading desk to running bank divisions. She helped create credit default swaps, the derivative that allowed investors to bet on a bond's price decline. Credit default swaps also ensnared Wall Street banks and their customers in a wicked web of interdependency during the financial crisis that required the Fed to step in and bail out the financial system. Everyone on “the Street” knows who Blythe Masters is.
There were also other big names taking blockchain seriously, like the Bank of England and the World Economic Forum. This helped me take it seriously too, and then near the end of 2016 the editor of Bloomberg Markets, Joel Weber, said he was planning a heist issue for the next year. Did I have any good heist stories?
Oh, man, did I.
●●●
I love complicated things. I love the process of figuring out how things work and then describing them to people in a way they can understand. I know for sure this trait allowed me to carve out the niche I have within Bloomberg News. When I started learning the details of the ether hack, I realized that I'd stumbled upon one of the most convoluted yet brilliant stories I could ever hope to untangle.
Metaphors will be our friends in this story. Imagine it this way: a bank has been built underground, with a central vault that holds $250 million. The design of this bank is such that once built, nothing about it can be changed. Not its layout or its vault or how any of its banking processes work. Its banking processes are weird, but we'll get more into that in a bit.
This bank has thousands of customers, the depositors, whose money makes up the $250 million. Now, under the rules of this bank, if someone wants to get their money out, they have to tell the bank 7 days ahead of time. During this week the depositor creates a small room underground near the vault. Once that's done, they have to wait for another 27 days. Let's say that it takes the bankers that amount of time to tunnel to the small room so they can deliver the money to be withdrawn.
If all goes according to plan, the money is delivered to the small room, a staircase appears, and after 34 days the customer can climb to the surface with his cash. But what if there is a flaw in the design of this bank? What if once the request to create the small room is made, the customer turns evil and realizes that they can dig a second tunnel from their room that leads back to the vault? Because of the flaw there are no security guards to block this second tunnel and it leads straight to the money in the central vault. Once the digging was done the evil customer could start grabbing as much cash as possible, like a game-show contestant in a chamber with $100 bills flying all around. Because the bank design can't be changed, the flaw that allows for the second tunnel is part of the bank, a glaring hole that customers can exploit.
That's basically what the DAO hacker accomplished, only using computer code instead of a shovel.
I spent months reporting on the hack for the magazine. It was the most fun I'd had in my career. I met and got to know almost all of the people quoted in this book during that period. We called the article “The Ether Thief,” a nod to the great New Yorker story “The Silver Thief,” which Joel Weber gave me to read for inspiration. And yet all through the reporting for the magazine story, no one I interviewed said they knew who had pulled off the heist. The ether thief's identity remained a mystery.
One of the more amazing attributes of blockchain systems is that all of the transactions I'm describing are publicly viewable. This has been the case since Bitcoin was first mined in early 2009, and it's the case with Ethereum. People often claim that blockchain allows users to remain anonymous, but this is wrong. It's pseudonymous, because it's possible to know the identity of the person behind an address. Once that link has been made, a person's activity is traceable for anyone with an Internet connection. But it's rare to know who is behind any given address. And so most of the time we have no idea who is doing what on the Ethereum blockchain. In the case of the DAO, one of the main attack addresses was 0x969837498944aE1dC0DCAc2D0c65634c88729b2D.
But who is that? Even though we can see on the public Ethereum blockchain that this address received 137 ether at 3:34:48 UTC on June 17, 2016, and that hundreds of similar transfers were then made over the next several hours, we have no way of knowing the person behind 0x969837498944aE1dC0DCAc2D0c65634c88729b2D.
It always gnawed at me. The ether thief was out there, and no one knew who they were. It also seemed, after not much time had passed, that no one even really cared anymore. I wanted to change that.
●●●
The first time I met the ether thief was two floors above a Foot Locker in Zürich, Switzerland.
That's probably not how my employer would want me to describe our Zürich bureau, but it's true. I felt nervous in a way I'd never felt before an interview. I wondered if the person I was about to accuse would become angry or violent. I wondered if they'd break down and tell me everything, if they'd feel that the burden of their story and what they'd done could finally be unloaded. I didn't know how I was going to ask small questions at the beginning until I was ready to show the person the evidence I had. It was a Tuesday in September, a beautiful day in Zürich, and I couldn't tell if my hand shook from the coffee I'd had or if I was scared.
The man across the table from me wore glasses and a plaid scarf. He was maybe in his late 50s and had lost some hair. Swiss by nationality, he'd spent his career in Zürich or thereabouts. This part of the world is known as Crypto Valley for its early role in many digital token startups, Ethereum central among them. The technical university in Zürich is known as ETH, the abbreviation for ether, which is just a delicious coincidence. The Eidgenössische Technische Hochschule Zürich is a hotbed of blockchain research, and Albert Einstein was both a former student and a professor of theoretical physics there. It made a certain amount of sense that someone who had brought Ethereum to its knees with the DAO attack would be based in its backyard.
We spoke about his background in banking, and how he grew bored with it and wanted out. Bitcoin had enthralled him, like everyone else in this story, because of how it had created its own independent monetary system without asking permission or giving a care about what anyone thought. Ethereum had been smart to base its operations in nearby Zug, he said, as in 2014 or thereabouts the Swiss regulators and tax authorities treated crypto projects very favorably. He told me that he mined Bitcoin back when you could do it with some high-powered hardware. If he'd kept all the Bitcoin he mined, he'd be a very rich man and wouldn't be talking to me right now.
He spoke English well, with a dose of a German accent. The conversation turned to the DAO attack and what he remembered of it. Then I asked him if he had a theory about who did it.
He paused and smiled.
“Next question,” he said.
I laughed because he'd been speaking quite freely up to that point. “I have more than a theory,” he said. “It's not that difficult to figure out.”
This was possibly the first person to ever say that to me about the hack. It was incredibly hard to figure out, in fact, as I had learned in my previous reporting for the magazine story and this book. The ether thief had covered his tracks meticulously.
Yet here I was sitting across from a person who for years had only been described to me as someone who lived in Switzerland. When researching the “Ether Thief” magazine story in 2017, the Ethereum people who suspected this man wouldn't reveal his name to me. It was rather cute, I thought at the time, and indicative of the ethics held by many in the Ethereum community: they wouldn't help spread the rumor that this man had been involved because they didn't really know if he'd done it.
In journalism, however, it's all about finding the right sources – the people who know the story. And I'd been lucky enough to find one such person. Exchanges are one of the only institutions in crypto that know the identities of their customers, and not even all exchanges do: some let people get an account and trade on their platforms with only an email address. But my hunt for the right source led me to someone who worked for an exchange. The names of three people in the Zürich area were shared with me by this person, along with transaction links from the exchange to their Ethereum transaction histories, links that pointed to the DAO attack. The man across from me was thought to be the leader of the group, I'd been told. I was enthralled, and yet knew this was almost certainly unsolvable. I only had a sliver of the whole story as I sat across from him. I would need him to confess to be certain.
Still, there were a few clues to this mystery and I'd discovered one.
●●●
There would be no DAO without Ethereum, just as there would be no Ethereum without Bitcoin.
And none of it would have existed without the Internet. Possibly the most tantalizing ingredient missing from the World Wide Web is money in purely digital form. For all that the Internet has enabled, it has fallen short in creating a form of value that can be sent around the world as easily as email. It's not as though no one thought of this, however – there was a realization early in Internet history that digital money should be a feature.
In the 1997 Internet Official Protocol Standards, which specifies various aspects of the html protocol that makes the Internet possible, you can find entry 402, designated “payment required.” This is the code that would've created a field to fill in on a web page with the type of digital money you'd be using to buy the latest Sex and the City DVD. It would have embedded digital payments into the DNA of web pages right alongside graphics and text. Yet for many reasons, it never happened. In the more detailed part of the protocol standards, entry 402 receives a harsh dose of reality: “This code is reserved for future use.”
It would take just over a decade before status code 402 passed the baton to Bitcoin. It was not for lack of effort that digital payments hadn't come along until 2009, though – there were many projects over the years that came close. Which is to say, there were people all over the world who craved a form of digital cash. What the mysterious Satoshi Nakamoto did was bring together a set of existing technological pieces into one design that finally solved the puzzle.
Bitcoin looked like freedom. In its purest form, Bitcoin brushed aside any political or social biases when it first gained popularity, leaving its early adherents with nothing but gleaming possibility. Thousands of people all over the world needed Bitcoin for no reason other than it gave them hope for the future again. It made them quit their jobs, invest all of their life savings, or sometimes both, to ensure that this thing succeeded.
What Bitcoin did was to finally present a competitor to the global banking sector. Banks serve a host of purposes, of course, from granting loans and mortgages to making most everyday payment transactions so convenient that a swipe of an ATM card is all that's needed. But for a subset of people, the fact that banks are gatekeepers that can restrict or prohibit certain transactions has always been a big problem. A strong strain of libertarianism ran through early Bitcoin adopters, who wanted to exist outside the traditional financial world.
One of the keys to how Bitcoin works is its hash function. When the latest batch of transactions is sent to the computers in the network for validation – these are the miners – the block comes with a random string of characters associated with it. The miners take this random string and work through trial and error to change it so that it has a certain output value when it's run through the hashing function. In Bitcoin, that output is one that leads with a certain number of zeros. The only way to do it is to add one thing to the input, see how it changes the output, and then try again and again and again until the output has the right number of zeros in front.
Once the input is changed in the correct way, it's a simple operation for the other computers in the network to check the output to see that it's genuine. So it's very hard to produce, but very easy to check. The process also uses a certain amount of electricity to run the hashing hardware, so economic value enters the equation in the form of the cost of that electricity. That's hashing in Bitcoin, and it allows for trusted transactions to take place among users who neither know nor trust each other. And for all their willing effort, the winning miner is rewarded with free Bitcoin.
All of this lives entirely free and clear of Wall Street and government regulators. That's a big key to why Bitcoin is valued as it is. People want it to have value; they want it to work and exist in a world wholly separate from Bank of America ATMs as well as governments and their central banks that set monetary policy.
The big strike against Bitcoin, however, is that it doesn't allow for derivatives. Bitcoin is all Bitcoin is about. It's an amazing thing for what it does, and as of this writing it's been doing it for more than a decade without any person, corporation, or government being able to stop it. But if you want to do more with a global distributed network of computers, Bitcoin can't help you.
That's why Ethereum sprang to life. Ethereum is entirely about the derivative, about being a blockchain system that will support all the weird, amazing, and crazy things people want to build on top of a global digital programmable payment network. As Ethereum cofounder Joe Lubin put it to me, Ethereum's ambition is to be a global computer. In a statement that surely upset Bitcoin loyalists (and there are millions of them), Lubin said that comparing Bitcoin to Ethereum is like comparing a pocket calculator to a desktop.
What I'm about to say now will make some of you laugh, but bear with me. Ethereum is the most successful blockchain in existence. I say that with Bitcoin only a shade behind its younger sibling. Yet in my opinion it's the restrictive nature of Bitcoin that places it second. Ethereum took the distributed security and robustness of Bitcoin and opened a world that allows computer programmers to build whatever they can dream of on top of it. I believe in Ethereum – I'm writing a book about it, for God's sake – but I also know its flaws. I will tell you about them. But as of early 2020, here's what Ethereum has accomplished in brief:
●●●
Ethereum was invented in 2013 by a 19-year-old named Vitalik Buterin. He was familiar to the Bitcoin community at the time as the cofounder and head writer of Bitcoin Magazine, where he penned well-written stories on all aspects of the technology. Buterin possesses the type of towering intelligence that forces people to describe him in otherworldly terms, an alien sent from the stars to live among us. He sort of looks like an alien, too. His head is too big for his body, sitting atop an elongated neck. He's long limbed and has a bit of a mechanical gait. His voice can register in flat, almost computer-like tones at times, though when he laughs in quick bursts his voice deepens. His large blue eyes can be piercing if he takes the time to look at you as he speaks, which isn't often. He has an unmistakable presence: you could spot him across the most crowded conference space. His fashion sense for many years led him to lean toward rainbow T-shirts with pictures of unicorns or Doge, the Shiba Inu dog mascot of the cryptocurrency Dogecoin.
There is a whimsy about Vitalik that not many people get to see. He has a sharp wit and is quite funny. We met in Seattle; Ithaca, New York; and Los Angeles to talk for this book. He was incredibly generous with his time, once I could get on his hectic schedule. He doesn't know how to drive and on average is on a plane once a week. Wherever he lands, he tends to stay from between three days and three weeks. He has no permanent home, though his family all live in Toronto. Like any inveterate traveler, he has his routine down to a science. He packs a bag that measures forty liters in volume. Contents: seven T-shirts (a few long sleeved); seven pairs of underwear; seven pairs of socks; sweater; jacket; spare pants; toiletries; a spread of foreign currencies; and public transport cards for Toronto, Boston, Washington DC, San Francisco, London, Tokyo, Seoul, Beijing, Shanghai, Hong Kong, Taipei, Singapore, Bangkok, and Sydney.
He is frugal to an almost ridiculous degree. In high school his dad couldn't convince him to buy a new pair of shoes when his were literally falling apart. Through his early involvement in Bitcoin and then as the inventor of Ethereum, the cryptocurrency fortune he's amassed has at times been in the billions, though he demurs when asked for a specific figure. Yet through the first part of the journey he took across the US and Europe as he formulated the ideas that would become Ethereum he limited himself to a budget of $20 a day. As that level of restraint implies, Vitalik is also fastidious. At one interview we were sitting outside at a café on the Cornell campus, speaking of his fellow cofounder and friend Mihai Alisie. Vitalik peered across the table to my notebook and let me know I'd spelled Mihai wrong.
There is a humility to Vitalik that I find extraordinary and admirable for someone with so much influence and power. He has a joy to him that might come from being independently wealthy – or maybe that's just who he is. After we met at the Washington State Convention Center – Vitalik was speaking at Microsoft's developer conference – he got up from the table, crumpled his paper cup in his hands, and leapt into the air. He kicked his feet out just a touch as he sank the shot in a nearby trash can.
●●●
Vitalik wanted to give the world a way to build whatever its heart desired on top of his blockchain. Two things were necessary to make this possible: smart contracts and ether, the cryptocurrency that must be used to pay for every Ethereum transaction.
In the most basic sense, smart contracts are what separate Ethereum from Bitcoin. Bitcoin is used to send value from person A to person B. It's linear. Vitalik wanted to be geometric, to create a system that could involve however many participants were necessary, linking A to B to F to K to G and then back to A. A way to do that is to have computer programs that are tied to and follow the rules of a blockchain system. That allows the various inputs to the program – the data – to change the state of the system.
Okay, wait. What the hell does that mean? Smart contracts are like a store: let's call it 7-Eleven. Think of all the things you can do in a 7-Eleven. We'll call you Electron Girl, because that's what you are – all blue and sparky, sending out lightning bolts from time to time. As you make your way through the store (let's say you're in Tokyo, which has the best 7-Elevens in the world) you can buy some sushi or get money from an ATM or talk to a friend or look at the magazines until the guy behind the counter yells at you. When you pay for your sushi at the register, you might get a receipt, but if you pay in cash there's not much of a record of the purchase.
All the various things you just did at 7-Eleven you can do digitally while interacting with a smart contract. The programming to secure the purchase of the raw fish is written in code that lives within the smart contract – we buy things in such an automated fashion online every day.
Talking to your friend is just a chat function. And the library (maybe the digital Library of Congress one day?) is just over there. Your digitized self runs through this routine by engaging different Ethereum-based applications that use smart contracts. I don't mean to leave the impression that one smart contract runs the entire 7-Eleven; you engage different, discreet contracts for each interaction.
So, what's this part about changing the state of the system? It's simple: it's just the recalibration of funds – for example, when you got cash from the ATM. Your wallet now has $40 in it, while the bank is less the same amount. And, oh yeah, you're reminded that you owe your friend 20 bucks, so you pay up. In Ethereum, paying your friend can be as simple as reading a QR code from his phone. The digital wallet where you keep your ether, where the original $40 value is stored, is now lighter by $20. The state of that environment changed and the blockchain updates to keep track of it.
In this scenario, Bitcoin can only be used to buy your sushi. You can't talk to your friends or read Moby Dick while using the Bitcoin blockchain. You can using Ethereum.
Much more complicated systems are also possible. It's not unrealistic to say that almost the entire global oil market could be shifted onto Ethereum using smart contracts. Oil output could be monitored and secured on the blockchain. Private trading would be simple to set up because of the small number of participants. What Ethereum is not yet ready for is the speed at which electronic oil markets, like the crude futures traded at the New York Mercantile Exchange in New York, work. Yet OPEC production cuts or gains would transmit via an automatic information feed to the Ethereum network via what's known as an oracle. The oil tanker industry could move its supply chain to Ethereum as well.
Again, I think about it in terms of generic contracts. You made many contracts in your 7-Eleven adventure, even though we don't think of talking to a friend in those exact terms. But conversation is a contract. Now imagine those contracts are on Ethereum. You engage the blockchain differently than how we go online today, no doubt about it. Yet in many ways it's not that far from what we do today when we interact with the web.
These types of transactions are bread and butter for any computer, but until Vitalik came along they hadn't been coupled with a decentralized network. Smart contracts can handle thousands of inputs and outputs, and as long as the code is clean they can live on indefinitely.
Access to such a system, though, has to have a price. This is where ether enters the equation. Vitalik knew that there would be people who would want to try to overwhelm Ethereum, to slow it down or even break it entirely, by spamming it with thousands of simultaneous transactions. If they wanted to do that, they'd have to pay a hefty fee in the form of ether. Gas was the main idea here, like what you put in your car. No gas, no go.
That means ether would have an inherent value, as it's vital to how Ethereum operates. Whether that value was 10 cents or $1,000 would be up to the people who wanted to use it.
Ether differs from Bitcoin in an important way – one that the Ethereum cofounders were very aware of. In the beginning, ether would be created out of thin air. Some of this ether would go to the founders as a reward for their work on the project, or what's known as a pre-mine. A much larger quantity would be sold to the public to fund ongoing development. Bitcoin never did a pre-mine: every Bitcoin in existence has been earned by the computers on its network that ensure transactions are valid. If ether were to be created, however, it risked falling under the jurisdiction of the US Securities and Exchange Commission, among other global regulators. That's because the SEC could view ether as a security like a stock, which by law is required to be regulated from its moment of creation, whether that's through an initial public offering or a secondary offering.
Yet selling ether to the pubic in a crowdsale is a great way to raise money. So that's just what the Ethereum cofounders did. The Ethereum crowdsale in 2014 was one of the most successful at the time, netting over $18 million. By then the money was desperately needed to continue to develop Ethereum, but we'll get to that part later.
This dilemma of raising money to fund development was hardly unique to Ethereum. What about all the other applications people wanted to build? By late 2015 the crypto world was exploding with new projects that seemed to be sprouting up daily. Every one of them needed to raise money in one way or another if it was going to have a shot at succeeding.
The way the Ethereum community solved this fundraising dilemma circa late 2015 starts with a theoretical physicist named Christoph Jentzsch. It ends with something that sounds straight out of futurist nineteenth-century science fiction – a decentralized autonomous organization, or DAO, which is basically a corporation that runs entirely from a codebase, meaning no humans are involved once it's deployed. DAOs are also very difficult to govern once deployed. In between Jentzsch and the DAO is a startup called slock.it, which Jentzsch cofounded. Their product was called a smart lock, or a slock. (I always think of Evil Dead II when I hear the word slock, thinking of S-Mart. “Shop smart. Shop S-Mart.”)
A slock is an Ethereum-enabled lock, which you could put on your bike, for example. Someone with the slock.it app on their phone could come along and read a QR code that links to the bike's slock. The interaction is managed by a smart contract on the Ethereum blockchain. If the passerby pays the required amount of ether, the slock unslocks and the bike can be rented for a period of time. This is similar to how Bird scooters and the bikesharing systems that took over American cities in 2019 work, but slock.it preceded them by many years and is decentralized.
It was a clever idea, and Jentzsch and his partners had some fun when they unveiled slock.it at the first Ethereum developer conference in London in November 2015. Jentzsch gave a live demonstration in which he unlocked a slock that controlled a teakettle: pay the slock some ether and the power turns on to heat the water. As the audience watched, miners on the Ethereum blockchain verified the transaction. A few minutes later the kettle boiled and Jentzsch's partner Stephan Tual came on stage to pour himself a cup of tea. The look on Tual's face as he poured the boiling water was knowing but also held an air of wonder – like, can you fucking believe what we just did?
Slock.it hoped to connect the Ethereum blockchain to the Internet of things, or IoT, the catchall phrase used to describe the system that controls your smart refrigerator and smart thermostat.
Yet to make slock.it a reality and not just a demo, the startup needed money. So Jentzsch set the hook.
“I hope those things were amazing to you, but we have just another thing, a really cool thing,” Jentzsch said to his London audience. He then introduced his idea for having a decentralized autonomous organization act as a fundraising mechanism. The idea of a DAO wasn't Jentzsch's – that honor belongs to Dan Larimer, another early blockchain pioneer. Vitalik Buterin had also long been fascinated by DAOs, which he mentioned prominently in his 2013 Ethereum white paper, “Ethereum: The Ultimate Smart Contract and Decentralized Application Platform.” Now, though, Jentzsch said the way to raise money – not just for slock.it, but for any developer team that wanted to work with Ethereum – was with a DAO.
While the name is rather scary, the premise of this DAO is simple: Create a smart contract that will collect ether from people. In exchange for that ether, they are given tokens. The DAO token holders can then vote on projects that are seeking development funding. Token holders who voted for a winning project can share in the profit if the endeavor succeeds. In the world of finance this is similar to how venture capital works, except a DAO is completely automated and runs exactly as its code is written. Once a DAO is initiated, in other words, the process to change or fix a bug in its programming is complicated and relies on a stakeholder vote. It's asking code to be perfect from the get-go, in other words. And yet anyone who's run Windows will know how unrealistic it is to expect perfect code.
Jentzsch's idea proved to be more successful than his wildest dreams. The DAO became so popular, in fact, that it turned into a nightmare for the German. Instead of collecting the $5 million Jentzsch had expected, ether users poured $150 million into its coffers. Another way of measuring the DAO is that it held 11.944 million ether, which fluctuates in value, meaning the DAO's total holdings rose or fell according to the cryptocurrency's price. By Friday, June 17, 2016, it had ballooned to $250 million. It made Christoph physically ill, and his health and family life suffered. And it only got worse when hackers broke into it on that day.
●●●
One of the curious aspects of the DAO attack is that it stopped. The thief was inside, the mechanism for changing the code of the DAO was complicated and risky, and the Ethereum community might not have been able to mobilize in time to save the money that hadn't yet been stolen. Given enough time, the thief should have been able to drain every cent. But he didn't. Sure, $55 million had been snatched, but there was about another $200 million left. Why leave that on the table?
The best theory I've heard is that it has to do with the mechanics of the attack contract used – that is, the smart contract the thief wrote to steal the ether. The theory is that while the contract would work for several hours, it would also have a tendency to break after a certain time. And while you could try to launch the attack again once the original contract had broken, getting all the necessary variables lined up again could take time or simply not work again.
In any case, the original DAO attack lasted a bit more than seven hours. A total of 3.689 million ether was stolen.
The bug that the ether thief exploited was now in the public realm as blockchain sleuths pointed it out on message boards and reddit subthreads. The code itself, in fact, was viewable in the attack contract the thief had used, as it still existed in the Etherscan blockchain records. Not only could the original attacker be readying a second go at the DAO, a host of copycats could as well. And in fact, that's what started to happen.
Four days after the first attack, a second started. The mechanics were all the same; the only difference was the location where the stolen ether was sent.
The Ethereum community didn't take this lying down. From the first moments of the DAO attack on June 17, people tried to discover who was behind the hack and to figure out what to do about it. They would fight this. These were the people who had written the DAO code as well as other developers and programmers who had made a career out of working with Ethereum. A driving force in the group was Griff Green. One of the first employees at slock.it, Griff had realized early on the mysterious power of DAOs. Only he called them decentralized autonomous corporations at first, as in a paper he wrote on them for his master's degree in cryptocurrencies from the University of Nicosia.
If you meet Griff and for some reason don't like him, there's something wrong with you. He's a hugger, first and foremost, and an all-around genuine person. He was the mayor of Ethereum at this point in time; he knew just about everyone and was heading up slock.it's communication and community outreach. From the attack's inception, Griff helped recruit other Ethereum community members to form a kind of emergency response team. The beginning days were almost entirely organized via a Skype chat that they named Robin Hood.
“The Robin Hood Group was just a shit show,” Griff told me in 2017 when I was writing the magazine story. “I hope the movie portrays it better than it actually was.”
He's being modest; what the group did to save the remaining money in the DAO was amazing. Another member was Alex Van de Sande, whom everyone calls avsa, after his online name. While Griff was in rural Germany when the DAO was attacked, avsa was in his apartment in Rio de Janiero.
The Robin Hood Group (RHG) also included a few extremely good coders, like Lefteris Karapetsas and Jordi Baylina. They quickly figured out how to replicate the attack so they could break into the DAO in order to “steal” the rest of the funds to keep them safe (hence the name).
When the second attack began four days after the original attack, the RHG was ready. Avsa took to Twitter to say, “DAO IS BEING SECURELY DRAINED. DO NOT PANIC.” My favorite reply to this tweet is “NOTHING SAYS DO NOT PANIC LIKE ALL CAPS.”
At the same time, the broader Ethereum community was discussing what to do about the DAO. One thing to keep in mind is that just about everyone who called Ethereum home had bought into the DAO. The pain was spread far and wide. The community really wanted its money back.
Blockchains are constructed to be time ordered; it's crucial that the network knows that block B came after block A. Every transaction is recorded and maintained. So there are ways to change that history if a blockchain community supports such a change. That's because the network is nothing more than software that runs on people's computers all around the world. The people who spend big money to mine Ethereum and get the ether reward for doing so are a huge part of this community. If they all agree to an update to the software that addresses the DAO hack, for example, they can erase what happened. They can change history.
A less stringent approach is to blacklist the addresses known to be involved with the attack. The rest of the computer network could make it so that the ether in those attack addresses could never move, for example, nullifying its value. The first alternative I described (changing history) is known as a hard fork. Blacklisting addresses is known as a soft fork. Each option has its plusses and minuses, and the community seemed willing to go along with the soft fork approach at first.
As public support for a soft fork grew, the second attacker grew angry. He sent an encrypted message to the RHG on June 27, 2016. Here it is, verbatim, including the possibly purposefully broken English and odd syntax.
“This soft fork, and the dao-wars situation is a waste of time for everyone,” the ether thief wrote. “I'm supporting the idea that code is law at smart contract, but also the network consensus is law on blockchain.” He then pointed to the contract that had attacked the DAO on June 21, and said he'd give the money back if the RHG would as well. “Don't you do it also to see productive future?” the thief wrote.
Usually I would never know what this message said because it's encrypted, and I don't hold the private key needed to decrypt it. A person who does have the private key, however, shared a copy of the unencrypted message with me. This also meant I now knew an address associated with the second attack. I hoped it was only a matter of time until I could connect it to the original attack.
Back in Zürich, sitting across from the Swiss man with his plaid scarf and glasses, I passed him a printout of the message and asked if he sent it.