Ten years ago, an attacker drained roughly 3.6 million ETH from The DAO. The Block frames the event as a catalyst, saying the theft helped spur the creation of the modern crypto security industry.
That number matters because it’s not a theoretical “smart contract risk” talking point. The DAO hack was a live breach of value. The immediate loss was large enough to force the community to confront what happens when code holds money and governance can’t reverse a bad outcome.
From exploit to institutions
The Block’s timeline anchor is simple: the attacker took about 3.6 million ETH, and the aftermath pushed builders, auditors, and security teams to take adversarial thinking seriously. In other words, the industry learned to plan for failure, not just correctness.
A security industry doesn’t appear because people get nervous. It forms when recurring losses and high-stakes failures make old processes look naive. The DAO hack acted as that pressure point, according to The Block.
Why the figure still shows up
“3.6 million ETH” has become shorthand for how severe a contract-level exploit can be. While today’s ecosystem uses more layers of defense, the core problem hasn’t vanished. Smart contract code still executes as written. If the logic fails, an attacker can often route around human intent.
The Block’s framing also implies something else. The security industry is not just about catching bugs. It also covers how to respond when the bug becomes an incident.
What we can infer, and what we can’t
From the source text alone, we only get one confirmed datapoint. The Block says the attacker drained roughly 3.6 million ETH from The DAO.
We do not have, in the provided excerpt, the details of the exploit mechanism, the exact date, or how the incident evolved into specific security practices. So the safest conclusion is limited to what The Block states directly: the hack was formative for today’s crypto security mindset.
The 10-year residue
The lesson from 10 years ago is now baked into routine security work. Teams assume adversaries will look for edge cases. Reviewers push for threat modeling, not just code style. Incident response gets treated as a process, not a scramble.
That shift is the “so what” for builders and users in 2026. The DAO hack is old history, but its impact shows up in how security teams operate now. The adversarial model is mainstream because the consequences were real.
If you want to understand why modern security exists in crypto at all, start with The Block’s point of origin. An attacker drained about 3.6 million ETH from The DAO. Then the industry built itself a security function in response.