An ELI5 version of theDAO exploit
Here's my crack at an "Explain Like I'm 5 Years Old" explanation for theDAO exploit. Questions, comments, and suggestions for improvement are welcome!
Ethereum is a cryptocurrency, similar to Bitcoin, but with additional features. One of those additional features is a programming language with which you can write self-executing contracts (also called smart contracts). This means that instead of a human reading and interpreting the terms of the contract, a computer program does so instead.
TheDao is basically a decentralized venture capital fund. The terms of the contract governing the fund were written as a self-executing contract as described above. People gave $150 million dollars worth of Ethereum to the fund, with the expectation that the money would be invested in new projects selected by the donors to the fund. This was the largest crowdfund to date, and represented 10% of all Ethereum in existence.
However, some as yet unknown party (let's call them BugFinder) figured out that the terms of the contract were written in such a way that they could transfer an unlimited amount of money from the fund to their sole control. So far, they've been able to transfer $53 million dollars worth of Ethereum to themselves via this mechanism.
Clearly, this is against the intent of the people donating money to TheDao. However, it appears that the transfer is technically allowed according to the terms of the contract. So what to do next?
One possible response would be to reverse the transactions. Reversing the transactions would have the advantage that those who lost money to BugFinder would get their money back.
However, reversing the transactions would also undermine confidence in the irreversibility of the Ethereum currency, which could hurt its adoption in the long-term. (Most cryptocurrencies, including Ethereum, aspire to have properties similar to cash. Once you've given cash to someone, they can't be easily forced to give it back to you. This property is known as "irreversibility")
This is a simplification of the issue, but it gives you a sense of the nature of the dispute. If you'd like to learn more, here's a thorough FAQ.