The next entry in our series of ICO case studies is Ethereum’s Decentralised Autonomous Organisation (DAO) – a success turned failure.

The cryptocurrency community is defined by big ideas, and so it should be. After all, you can’t make an entirely new form of money without a little ambition.

But sometimes a great idea isn’t enough – and especially if it comes at the expense of security. The ‘crypto’ part of cryptocurrency is all-important: if you can’t assure the general safety of your offering, you can’t assure anything else about it either.

That’s how the DAO fell…um…short.

What was the DAO?

Ethereum’s Decentralised Autonomous Organisation (DAO) was to act as a venture capital fund for cryptocurrency and decentralisation-related projects – reducing costs and providing superior control and access to investors.

The DAO therefore had obvious and immediate appeal: its initial token sale brought in over $168m, and at one point, when Ether was trading at $20, the total Ether from the DAO was worth over $250m.

Why did The DAO fail?

Shaky foundations

The DAO’s ICO didn’t ‘fail’, as such. It was actually very successful. Unfortunately, it was also built on very shaky foundations.

Before the DAO’s first crowdsale, concerns were expressed about the code’s vulnerability to attack – and on June 18, 2016, these concerns were realised when an attacker took advantage of a flaw in the smart contract.

An exploit in the splitting function allowed the malicious actor to withdraw Ether from the DAO multiple times using the same tokens – effectively allowing them to ‘ask’ for the cryptocurrency to be returned before the balance could be updated.

Loss of investor confidence

This obviously had bad consequences. The DAO lost $50m in the hack, and on hearing of it, traders dumped the token immediately, which naturally led to a massive fall in its price. Eventually, its token was completely delisted from every major exchange in late 2016.

The worst part is that all this was likely avoidable. Before the ICO, several crypto experts raised concerns that the DAO was overstepping the bounds of its crowdfunding mandate – and potentially breaching securities laws in multiple countries. They also pointed out that the creators were liable for any issues that may have arisen; a responsibility that they were quite possibly unaware of.

The attack eventually forced the Ethereum Foundation’s developers to launch a ‘hard fork’ between its cryptocurrency and everything that came before – splitting both its blockchain and its community into Ethereum, and Ethereum Classic. Ethereum may still be one of the largest cryptocurrencies in terms of value and market cap, but the DAO is well and truly dead.

As with Icarus, the DAO flew too close to the sun, and didn’t give enough consideration to safety and structural integrity. Just as Icarus should have explored more than one (famously melty) option for his wing adhesive, the company should not have gotten drunk on confidence and ambition when basic security were at stake.