Code Is Law?
Code is Law: The 2016 DAO Hack and the Collision of Decentralized Ideals with Human Nature
Contribution by Erik
Imagine a cutting-edge, fully automated safe. There’s no need for a guard, police, or judge because “the safe is the law.” But then someone finds that by dialing the combination in an unexpected way, the vault door still opens. A burglar exploits this loophole to help himself to someone else’s money. As the safe’s creator, you might argue that the safe itself is the law—if something is possible, it can’t really be theft. Yet most would simply call it stealing.
This is the essence of the debate at the heart of the newly released documentary Code is Law. Can the law still prevail after a hack in a world designed to eliminate human intervention? When everything ultimately is governed by software?
Sleepless Nights for Developers
It quickly becomes clear in the film that a DeFi protocol isn’t some infallible “law” but rather the result of human choices—and, inevitably, mistakes.
If there’s one thing that lingers after watching this fascinating documentary, it’s the anxiety felt by developers who must push their DeFi applications live at a critical moment. The programmers interviewed recall breaking into a cold sweat the instant they hit the “live” button, fully aware that bug fixes would no longer be an option. This is something seldom experienced by programmers in other fields. And it makes them vulnerable: one unforeseen error in the code can cost millions, as witnessed in the 2016 Ethereum DAO hack.
After such a hack, makeshift “war rooms,” endless nights without sleep, and sometimes even death threats follow. Few developers have endured as much turmoil as the team behind the Ethereum DAO—perhaps only the engineers who built the first lunar lander in 1969, who saw an error message flash just before Apollo 11’s historic landing.
Code is Law is the first documentary to feature in-depth interviews with the team that launched the Ethereum DAO. While Vitalik Buterin isn’t among them, notable developers like Fabian Vogelsteller and Lefteris Karapetsas share their experiences. They describe the mounting pressure as the DAO raised $160 million in ETH in a short period—a huge jackpot secured solely by their code. This was an enormous responsibility; it involved 15% of all ETH in circulation at the time.
A few days after the DAO’s crowdfunding closed, everything went awry. A hacker began draining the treasury, stopping only after siphoning off about five percent of all ETH. The DAO team tried a Robin Hood–style rescue of the remaining funds, but after much debate, it was decided to roll back the blockchain to a state before the hack. This controversial decision led to a fork of Ethereum. In the end, it was clear that code was not the final authority.
Laura Shin
Regarding Laura Shin’s hypothesis that Toby Hoenisch was the hacker, the documentary does not address this. Hoenisch was, at the time, the founder and CEO of the now-bankrupt crypto firm TenX.
Hacks Across a Spectrum: From Bugs to Price Manipulation
Code is Law makes it clear that hacks come in many flavors—it’s a broad spectrum. On one end are obvious technical flaws that get exploited; on the other are vulnerabilities in trading strategies that destabilize the system and manipulate token prices.
The DAO hack was a textbook “bug exploit.” A flaw in the code created a re-entrancy vulnerability, allowing the hacker to repeatedly withdraw funds because the smart contract disbursed payments before finally updating the balance.
A second hack featured in the documentary involved Indexed Finance (2021), a sort of index fund for cryptocurrencies. Here, it wasn’t a straightforward bug but an “economic leak.” The attacker temporarily skewed the pricing ratios in a smart contract by executing extremely large swaps. Clever? Yes. Fair? Debatable. The hacker was identified as Andean Medjedovic, an 18-year-old Canadian math student at the time. Not your typical hacker—he never demanded a reward, nor did he return the funds after his identity was exposed by Indexed Finance. He has since been charged, but the case is stalled while he remains at large.
Decentralized Perfection Is Impossible
The documentary exposes a stark cultural divide in the crypto world. On one side are the anarchistic idealists who believe that the blockchain itself is the law, and that a successful hack merely reveals weak code. On the other side are the pragmatic builders, committed to creating a reliable, regulated infrastructure where decentralization goes hand in hand with accountability and trust.
The vision of an independent, parallel financial system is fragile, crumbling when bad actors strike. Although the key figures behind the hacked protocols reject the “code is law” mantra as the ultimate principle—firmly deeming such breaches as theft that should be tried in traditional courts—they are equally disheartened by the damage incurred when the community can no longer resolve its own issues.
Laurence Day, one of the creators of Indexed Finance, puts it this way: "The genesis of crypto was an independent financial network. That means moving away from banks: that doesn’t mean moving away from legal systems. But as we start sentencing people, it does feel like something is getting lost…”
The dream of a self-guarding safe falls apart in reality. As long as humans remain in control—fallible and occasionally driven by ulterior motives—the law won’t be replaced by machines anytime soon.
More Alpha
Are you a Plus member? Then we continue with the following topics:
- Three Developments Driving the Crypto World, According to a16z
- This Is Why Bitcoin’s Price Is Faltering
- The ‘Revenue Meta’: What 1kx Saw in 1,200 Protocols