Decentralized Autonomous Organization (DAO) – The Organization Of The Future?

14

October

2022

No ratings yet.

written by Robin Fieseler, 14th of October 2022, 5min read

Table of content:

  1. The $50M ‘The DAO’ hack
  2. What is a DAO?
  3. Opportunities and Threats of a DAO
  4. Key Take aways
  5. References

1. The $50M ‘The DAO’ hack

Spring 2016, the world’s first decentralized autonomous organization (DAO) on Ethereum, ‘The DAO’, was created on a P2P network to be the first decentralized venture capital fund. The DAO raised $168M of individual investors. In June 2016, headlines all over the news stated that The DAO was hacked by $50M (Mehar et al. 2019).
Before the threats are unveiled, let’s start with a simple explanation and dive deeper into the crypto space. Afterwards you will learn what areas DAOs could affect and what opportunities a Dao can create. Finally, the threats of DAOs are discussed by unveiling what caused the hack.

2. What is a DAO?

A decentralized autonomous organization is internet-based globally operating collectives using resources together for a common and predefined goal (creating products or services). Everyone who invests in a DAO benefits from governance, i.e. reciprocal voting rights. This leads to a dehierarchisation. The DAO is a company with programmed rules, e.g. how to use the money or what happens with the money if the project fails. These rules are programmed as Smart Contracts resulting in an action as soon as the needed votes are reached. Everyone can raise new topics on which the DAO investors/members will reconcile (Welpe 2022).

What is DAO, Source: https://cryptooa.com/wp-content/uploads/2018/12/DAO.png

Furthermore, it is stated that it could be a legal organization to acquire goods or art, to focus on a social goal or crowdfunding, functioning as an investment vehicle like The DAO or being a whole decentralized business. The last point could mainly focus on new businesses like start-ups. This example would look like: if a start-up wants to create a decentralized app, the DAO would be the company making the decisions with smart contracts about for example raising the money needed to pay salaries and decisions about the allocation of salaries (Welpe 2022).

3. Opportunities and Threats of a DAO

After understanding what a DAO is and in which area a DAO could operate, the following focus is on opportunities and threats. On the one hand, DAOs are part of the decentralized movement leading to the abolition of the intermediary. This leads to reduction in costs for not needing lawyers, banks etc. Focusing on investments, individuals might not be able to participate in funding due to minimal amount of money to invest (Wang et al. 2019). For example, a DAO called ConstitutionDao was founded and raised $3.5M to buy a rare copy of the U.S. constitution. Not having or wanting to invest that much money would mean there is no possibility to participate in the auction (Rachel Lerman 2021).

The threats incorporate security and privacy issues, and an unclear legal status. For this post the focus lies on the security. How does it come that in a decentralized (more secure) world, security is such a big issue. It comes by the nature of the blockchain itself. The blockchain stores the data openly accessible for everyone. But, if everyone can read the code of the contracts and the organization, then also everyone is able to find bugs. In the case of The DAO, a bug was identified in 2016 and immediately tried to be solved. However, everyone has the same amount of knowledge due to open access to the data. So, in this specific case an anonymous hacker group stole $50M due to a bug in the code. Moreover, a company is succeeding due to it’s unique selling proposition. Now imagine if the data is openly accessible for anyone. Anyone can just copy and paste the data and create a similar company. In reality, it is not as easy as juts pressing ctrl + c, but the threat still exists. Lastly, there is no legal status on DAOs meaning there is a lot of risks of new laws regulating or banning (Liu et al. 2021; Mehar et al. 2019; Wang et al. 2019).

4. Key Takeaways

To conclude, a DAO is the best way to eliminate the intermediary and invest collaboratively with
anonymous others with the same goal into projects. While the opportunities show that it economical
to reduce the intermediaries and gives opportunities to compete with hedge funds, the risks explain
why DAOs are more used as investment vehicles than actual companies. If you invest and use a DAO
as the vehicle, make sure the programmers who created the company know what they do.
For those of you who want to learn more about the hack now, click on the link to learn what a hard fork is, how The DAO programmers made sure people didn’t lose all their money and why we have Ethereum Classic today.

5. References

Liu, L., Zhou, S., Huang, H. et al. (2021), ‘From Technology to Society: An Overview of Blockchain-Based DAO’, IEEE Open J. Comput. Soc., 2: 204–215.

Mehar, M. I., Shier, C. L., Giambattista, A. et al. (2019), ‘Understanding a Revolutionary and Flawed Grand Experiment in Blockchain’, Journal of Cases on Information Technology, 21/1: 19–32, accessed 13 Oct 2022.

Rachel Lerman (2021), ‘A group of crypto enthusiasts lost out on the auction to buy a rare copy of the U.S. Constitution’, The Washington Post, 19 Nov <https://​www.washingtonpost.com​/​technology/​2021/​11/​18/​crypto-​dao-​constitution-​auction/​>, accessed 14 Oct 2022.

Wang, S., Ding, W., Li, J. et al. (2019), ‘Decentralized Autonomous Organizations: Concept, Model, and Applications’, IEEE Trans. Comput. Soc. Syst., 6/5: 870–878.

Welpe, I. (2022), ‘#323: DAO – Modell der Zukunft?’, Podcast, Trends: NFT, Krypto, Web3 & Social Media, 14 Oct.

Please rate this

Was Huawei allowing an unknown app to invade into our phones?

7

October

2019

5/5 (2) As many of you probably know already, the Trump administration banned US companies from doing business with Huawei a few months ago. As a consequence, the Mate 30 Pro, Huawei’s latest flagship phone was launched without Google apps due to the import ban. The phone came with a basic, open-source Android instead of the advanced Google Mobile Service (e.g. Google Play Store, Gmail and Google Maps) we are accustomed to.

However, a few months ago an anonymous Chinese company called Lzplay came with a workaround. Through their website, you can easily download their app to gain access to Google services. Google apps should not be able to work on Mate 30 due to the lack of system-level permissions. However, Lzplay’s method managed to do so. Nonetheless, not without a price. According to John Wu, an Android security researcher, Lzplay used undocumented Huawei APIs inside the operating system that is used for device security to trick Google servers. What does this mean for your phone? After the installation of Lzplay, your Mate 30 Pro’s security is at risk since the application has administrator rights. That means that Lzplay can easily brick your phone or install ransomware without you noticing.

According to Huawei’s documentation for security authorization SDK, third party developers are required to sign legal agreements and let Huawei review it in order to gain access to the software development kit (SDK). Therefore, the developer of Lzplay was somehow aware of these undocumented APIs, signed the legal agreements, went through the reviews and eventually have the app signed by Huawei. It should also be noted that Lzplay was launched 3 days before the public launch of the Mate 30 Pro which means that Lzplay knew well about all of this before the launch and had the time to build an app, went through the review process, and launch a website. Wu suggested that Huawei is aware of the secret tools Lzplay used and explicitly allowed its existence since this will allow people to get Google Play onto the devices that would have been blocked otherwise.

Last week, Wu revealed the information regarding Lzplay and shortly after, the website of Lzplay was taken offline and the signature was remotely revoked by Huawei. Does this mean that Huawei played a part in this? It’s hard to say. According to a Huawei spokesperson, the multinational technology company has no involvement with Lzplay. It could be that Huawei created Lzplay to alleviate Google app anxiety for potential Mate 30’s customers. If this was the case, then it sure did backfire Huawei. Albeit, the backdoor may be shut for now but could be opened again through another method. Probably, a more solid one than the one Lzplay offered.

References:

Amadeo, R. (2019). ‘The Internet’s horrifying new method for installing Google apps on Huawei phones’. Accessed on 7 October 2019 on https://arstechnica.com/gadgets/2019/10/the-internets-horrifying-new-method-for-installing-google-apps-on-huawei-phones/2/

Cooper, D. (2019). ‘Huawei’s Mate 30 loses workaround for installing Google apps’. Accessed on 7 October 2019 on https://www.engadget.com/2019/10/02/huawei-mate-30-workaround-lzplay-shut-down/?guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAF-jsfJEpD19GyD_nXAQn-U0-gpP1qukCY-g7MT-c7nx7eTOV_o2k3bTYi6CoLTeBDOS1_K3xhhys9OsnNdzjmrZrp7qcUacIYBP-q26AJX2LK8XiuegqjcUF0iudVPLpmCsC2Al37FZae8eKAlFkXE0UJEBUWYTcHe4npVX0gmw&guccounter=2

Huawei (n.d.) ‘安全类授权开放开发指南’. Accessed on 7 October 2019 on https://developer.huawei.com/consumer/cn/devservice/doc/30702

Phelan, D. (2019). ‘Huawei Shock: Mate 30 Pro’s Back Door To Google Apps Slams Shut’. Accessed on 7 October 2019 on https://www.forbes.com/sites/davidphelan/2019/10/01/huawei-mate-30-pro-has-the-back-door-to-loading-google-apps-just-slammed-shut/#c69d7dc76a82

Wu, J. (2019). ‘Huawei’s Undocumented APIs – A Backdoor to Reinstall Google Services’. Accessed on 7 October 2019 on https://medium.com/@topjohnwu/huaweis-undocumented-apis-a-backdoor-to-reinstall-google-services-c3a5dd71a7cd

 

Please rate this

Botnets and Smart-houses: Attack on Philip’s Hue Bulbs

15

October

2017

No ratings yet. What is a botnet?

It is a collection of devices which are all connected to the internet, where each one is running one or more bots (autonomous program). These include any type of device that can be controlled by malware. Most of the time, the owners of these devices do not know that their devices are infected.

But why is this topic becoming more important? With more variety and cheaper devices becoming a part of ‘the internet of things’, there is a larger pool of devices which can be infected. Since many of these devices have very little security, they are easily infected and large networks are quickly made.

So, what can the hackers do with these botnets? They can take down websites with large DDoS attacks (you may have experienced these playing online games), that take down the servers by flooding their bandwidth using botnets. Secondly, they can commit click fraud, where advertisers online are led to believe people are clicking their ads. This could ultimately destroy the internet advertising model. Furthermore, they can use these their botnet network to mine bitcoins (and earn a considerable amount of money doing so).

However, another type of attack is equally frightening. The smart-LED-light system from Philips, the Philips Hue is just as vulnerable to attacks as any other device connected to the internet. These Hue lights allow the user to control their lights via the internet, with a lot of different functions. With more people adopting these type of technologies (myself included) large scale attacks can have serious effects.

Researchers from Canada were able to remotely hack hue bulbs from a distance of 70 meters using botnets, allowing them to control them. Not only is this something you obviously do not want as a consumer, but it can seriously damage an electrical grid of a densely populated area. This was all done with equipment only costing a few hundred dollars. Although the researchers worked together with Philips to improve their system, similar attacks may follow.

The Hue lights are only one aspect of a smart house. When more devices are added to your house for convenience, a hack can do a lot more damage. As a consumer who enjoys these technologies a lot, I am left to trust these large companies to improve their software to keep me protected. But to what extent can these technologies put me at risk? Are you willing to trade the risk of being hacked for the reward of  “super cool lights”?

https://www.technologyreview.com/s/603500/10-breakthrough-technologies-2017-botnets-of-things/

https://www.cnet.com/news/new-study-details-a-security-flaw-with-philips-hue-smart-bulbs/

Please rate this