The DAO was hacked again — but this time by the “good guys”

The legendary The DAO has once again become the center of a security incident: researchers uncovered a new vulnerability in the contract and carried out a “preventive hack” to beat potential attackers to the funds. It is the second critical bug tied to the project in its history — but this time, the exploit was executed by White Hat hackers.

The research team found that the flaw allowed an attacker to reproduce an exploit similar to the infamous 2016 hack, which resulted in millions of dollars in losses. Experts immediately flagged the risk and initiated a “defensive withdrawal” of assets, using the same recursive-call mechanism that once led to the Ethereum network split.

According to participants in the operation, the mission was to move the assets into a secure vault before uncontrolled actors could exploit the bug. The team worked quickly and in tight coordination, concerned that news of the vulnerability might leak publicly. The funds were ultimately transferred to a trusted White Hat-controlled address.

Researchers stressed that the attack was inevitable — the contract remained vulnerable, and the project’s historical importance made it an especially attractive target. They called the event a rare example of an exploit being used as a tool for protection rather than theft.

Following the successful “rescue,” the team began working on procedures to return the assets to their rightful owners. They noted that the process may take time, as it requires a secure and verifiable distribution mechanism.

The incident has revived concerns about legacy smart contracts deployed during the early stages of the Ethereum ecosystem. Experts warn that many of these contracts predate modern security standards and continue to pose risks if they still hold assets or interact with current infrastructure.

While the situation inevitably draws comparisons to 2016 — when a contract flaw led to the largest hack in Ethereum’s history — this incident is viewed as a sign of the ecosystem’s maturity. The White Hat group demonstrated that coordinated defensive action can prevent damage and safeguard user funds even under high-pressure conditions.

In the aftermath, specialists urged developers and custodians of old smart contracts to reassess their security posture and, if necessary, migrate assets or upgrade the code to prevent similar incidents in the future.