In principle this was all legal. According to the protocols in this kind of a system the money wasn't stolen, instead the contract was exploited in a way that analysts had missed.
This topic is very interesting because there are two very convincing opposing sides to the story. How does this compare to current governmental systems in the U.S.?
U.S. laws are based on intent, so when something bad happens that wasn’t thought of in the past we still have a way to punish the people involved. For example, when an assault is committed while using weapon that did not exist when the laws were written we can still press charges against that person.
Ethereum and DAOs base their laws on immutable code in an effort to remove the inaccuracy and corruption that is the often the result of human interaction with a system. Ethereum “contracts” do work, but the code involved must anticipate every possible action and situation, and that is hard.
When $225m is drained from a system like this, creating a hard-fork and returning investors’ money actually undermines the very existence of the platform and could potentially destroy the reputation of the Ethereum Foundation.
Proposals to change the code in order to return the funds have been made and voting will begin soon to determine if the community will accept the change to the codebase or let the attacker keep the stolen funds.
As this is a decentralized system, everyone will have an opportunity to decide for themselves whether to accept the change(fork) in the code or ignore it.
Rumors have been circulating online that the original attacker has begun paying off users to vote against the change in an attempt at keeping the stolen Ether. What?!
Currently the community is splitting in two over the decision as it appears that half of the community is pro-fork and half are against it.The last update I saw was that a group of white-hat hackers had come together to preemptively drain the rest of the Ether in The DAO to a safer child DAO using this very same exploit. I can't make this stuff up!
Here are links to the groups involved, the blogs they have published, and the reaction of the community on Reddit:
Orgs:
- https://Ethereum.org (The underlying technology)
- https://DAOhub.org (The DAO that was exploited and compromised)
- https://slock.it (Great video on the homepage to help clarify where the value is... or was)
Official Blogs (in order):
- https://blog.slock.it/a-fork-in-the-road-c3c267b9ff31
- https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability
- https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security
- https://blog.slock.it/a-dao-counter-attack-613548408dd7