We'll try to briefly cover: how and why The DAO was created, how The DAO was exploited, how the soft fork failed miserably, and why everyone was relieved it did so, and how the hard fork lead to a split community and the creation of Ethereum Classic.
The Decentralized Autonomous Organization (known as The DAO) was meant to operate like a venture capital fund for the crypto and decentralized space. The lack of a centralized authority reduced costs and in theory provides more control and access to the investors.
At the beginning of May 2016, a few members of the Ethereum community announced the inception of The DAO, which was also known as Genesis DAO. It was built as a smart contract on the Ethereum blockchain. The coding framework was developed open source by the Slock.it team but it was deployed under "The DAO" name by members of the Ethereum community. The DAO had a creation period during which anyone was allowed to send Ether to a special wallet address in exchange for DAO tokens on a 1-100 scale. The creation period was an unforeseen success as it managed to gather 12.7 Ether (worth around $150M at the time), making it the biggest crowdfund ever. At some point, when Ether was trading at $20, the total Ether from The DAO was worth over $250 million.
The DAO was a complex Smart Contract with many features and it should have allowed companies to make proposals for funding. Once a proposal was white-listed by one of the curators, the DAO token holders (aka DAO investors) would then need to vote on the proposal. If the proposal got a 20% quorum the requested funds would be released into the white-listed contractor's wallet address. The team of curators that could white-list addresses was put in place in order to avoid spam proposals and to have some human overview over the automated process. Most of the curators were notable members of the Ethereum community.
In order to allow investors to leave the organization, in case a proposal that they saw as damaging or of poor quality was accepted, The DAO was created with an "exit door" known as the "split function". This function allowed users to revert the process and to get back the Ether they sent to the DAO. If somebody decided to split from The DAO, they would create their own "Child DAOs" and approve their proposal to send Ether to an address after a period of 28 days. You could also split with multiple DAO token holders and start accepting proposals to the new "Child DAO".
The DAO launch went smoothly and proposals were created and voted on, security issues were raised during the coming weeks, there was a big community call for a moratorium, but it was not implemented and most of the security issues we not addressed fast enough.
On the 18th of June, members of the Ethereum community noticed that funds were being drained from The DAO and the overall ETH balance of the smart contract was going down. A total of 3.6m Ether (worth around $70M at the time) was drained by the hacker in the first few hours. The attack happened due to an exploit found in the splitting function. The attacker/s withdrew Ether from The DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main issues that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for The DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website - If a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining The DAO for unknown reasons, even though he could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit.
In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and it was really close to being introduced. A few hours before it was supposed to be released a few members of the community found a bug with the implementation that opened a denial-of-service attack vector.
This soft fork was designed to blacklist all the transactions made from The DAO and the fact that such a soft-fork is not possible to implement means that the Ethereum blockchain is immune to transaction censorship.
A more conclusive solution was then put up for vote, the Hard-fork. This hard-fork had the sole function of returning all the Ether taken from the DAO to a refund smart contract. The new contract would have only one function: withdraw. The DAO token holders can request to be sent 1 ETH for every 100 DAO. The investors that had paid more than 1 ETH for 100 DAO could request the difference from the original address. This proposal created a lot of controversy among the Ethereum community, which was split into 2 groups:
Hard-fork supporters and non-supporters.
The anti hard-fork group has the following arguments:
Users that supported the hard fork argued that:
In order to reach a quick consensus, the hard fork proposal was voted on and approved by Ether holders, who had to send a transaction to a voting platform. The super majority of people (89%) voted for the Hard-Fork and it took place during the 1920000th block (20th July 2016).
This was when Ethereum Classic was born.