Established in 2016, The DAO was a decentralized autonomous organization created to act as a venture capital firm directed by investors. The DAO raised about USD$150 million worth of ether (ETH) and was an early crowdfunding effort and popular project developed on the Ethereum blockchain, which was one year old at the time.
On June 17, 2016, the DAO was hacked and 3.6 million ETH were pilfered, the equivalent of USD$70 million then. The attacker “asked” the smart contract (DAO) to give back the ETH several times before it could update its balance. Two major problems made this possible: when the DAO smart contract was made, the coders did not think about the possibility of recursive calls; and the smart contract sent the ETH funds before updating the internal token balance.
On the same day, Ethereum Foundation's Vitalik Buterin issued a critical update about the DAO being under attack and proposed a solution:
A software fork has been proposed, (with NO ROLLBACK; no transactions or blocks will be “reversed”) which will make any transactions that make any calls/callcodes/delegatecalls that reduce the balance of an account with code hash0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba (ie. the DAO and children) lead to the transaction (not just the call, the transaction) being invalid.
The Story of the DAO -- Its History and Consequences
December 24, 2017