A class action lawsuit filed by users of a decentralized finance (“DeFi”) protocol managed by a decentralized autonomous organization, or “DAO,” may shed light on the potential legal liabilities of a DAO and its participants. The complaint in Sarcuni v. bZx DAO, No. 22-cv-0618 (S.D. Cal. May 2, 2022), highlights several issues related to DAO liability of which DAO participants should be aware. There is a common misperception that an unincorporated DAO is not subject to liability because there is no entity for regulators to pursue. The fact is that such DAOs may be deemed general partnerships and the participants may each bear some liability for activities of the DAO. In some cases, a DAO includes a wrapper entity, in part, to shield participants from such liability. This issue highlights a tension between the aspirations of Web3 entities to be decentralized and community-governed on the one hand, and the challenges of accomplishing those aspirations given the current state of corporate law on the other hand.
Users of the bZx DeFi protocol filed a class action lawsuit against bZx DAO, its alleged successor Ooki DAO, co-founders of the bZx protocol, investors, and protocol and platform operators after a security breach allegedly resulted in greater than a $40 million loss of funds for token holders. Plaintiffs allege that the creators of the bZx protocol told users they need not “ever worry about . . . getting hacked or [anyone] stealing their funds.” However, the protocol “had not yet implemented security measures that its operators knew were reasonably necessary to protect the protocol.” As a result, a successful “phishing” attack on a bZx developer allowed hackers to gain access to key passphrases that then permitted them to drain Plaintiffs’ accounts. Plaintiffs allege that the bZx DAO operates as a general partnership and, as such, its participants are jointly and severally liable to the users of the protocol for their loss of funds resulting from the hack.
While a compensation proposal was put to a vote and adopted by participants of the DAO, Plaintiffs claim the proposal, which entails the issuance of replacement tokens in a manner that does not benefit Plaintiffs and a repayment plan that would take “thousands” of years, is inadequate.
The DAO Entity Legal Status and Allocation of Liabilities
DAOs are intended to be community-driven organizations without centralized leadership, governed instead by token holders based on rules stored within smart contracts on the blockchain. Token holders can propose and vote on governance proposals in accordance with these rules in a fair, democratic, and transparent manner. In some cases, a DAO may have a governing council with certain oversight control. Because they typically are intended to operate without a leadership team and are typically unincorporated, a key legal question has been how and where liability accrues in the operation of a DAO.
The answer to these questions turns, in part, upon the legal status of DAOs. Sarcuni v. bZx DAO addresses this thorny issue, with Plaintiffs asserting that the relevant DAOs operate as general partnerships among founders, investors, and token holders, and that as such, defendants, as co-partners with Plaintiffs, are “jointly and severally responsible for making good to the Plaintiffs.”
Generally speaking, the association of two or more persons to carry on as co-owners of an unincorporated business for profit forms a legal partnership, whether or not the persons intend to form a partnership. In a general partnership, partners are often deemed jointly and severally liable for the partnership’s obligations, and partners owe one another certain duties established by agreement, statute, or case law. By contrast, when an entity is a corporation or limited liability company, for example, the shareholders or participants typically are shielded from personal liability (with limited exceptions). Plaintiffs in Sarcuni v. bZx DAO assert that because the bZx DAO is a general partnership and defendants negligently breached duties owed to Plaintiffs by failing to supervise DAO developers and secure their funds as promised, they can be held jointly and severally liable as co-partners to Plaintiffs for their loss.
In its 2017 report titled Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO (the “DAO Report”), the SEC considered whether a DAO operated as a general partnership. The SEC concluded that the DAO under consideration there bore “little resemblance to . . . a genuine general partnership” where the pseudonymity and dispersion of DAO token holders made it difficult for them to join together to effect change or exercise meaningful control, and thousands of individuals and/or entities traded DAO tokens in the secondary market.
The proper legal classification of DAOs will likely be the subject of future litigation and legislation. On June 7, 2022, Senators Gillibrand and Lummis introduced The Responsible Financial Innovation Act, a highly anticipated crypto bill. Section 204 of the bill specifies that, for purposes of the Internal Revenue Code, the default classification of a DAO is a business entity which is not a disregarded entity. It further defines a DAO as an organization that utilizes smart contracts to facilitate collective action, is governed primarily on a distributed basis, and is “properly incorporated or organized under the laws of a State or foreign jurisdiction as a [DAO], cooperative, foundation or any similar entity.”
Those founding or joining a DAO should consult with attorneys who are familiar with DAOs and who follow the related legal developments in order to fully consider the legal implications of their involvement with the entity, including potential exposure to personal liability.
Misinformation Related Liabilities
Although not asserted in Sarcuni v. bZx DAO, the alleged facts in the case highlight an important issue for crypto projects – statements made to consumers, for example in advertising and marketing, may give rise to claims related to false or deceptive advertising or misinformation. Such claims may include false advertising under the Lanham Act, violations of Section 5 of the Federal Trade Commission Act prohibiting “unfair or deceptive acts or practices in or affecting commerce,” and analogous state laws. In the bZx case, Plaintiffs allege bZxrepresented that the Fulcrum DeFi platform, built on the bZx protocol, was “non-custodial” and therefore users would maintain control of their own private keys and assets, when in reality a single password provided access to “all of the client funds on two of the three blockchains on which Fulcrum operated.” bZx made other statements regarding its “World Class Security” and claimed that users should “[n]ever worry about . . . getting hacked or stealing your funds.” Yet, this was precisely what happened.
Participants of a DAO should seek legal review of statements they are making in their marketing and white papers regarding any related protocol, platform, application or other offering to minimize the risk of being subject to claims arising from alleged misinformation.
Sarcuni v. bZx DAO highlights the important question of how DAOs are to be legally classified and how liabilities accrued by the DAO, including by the alleged negligence of its developers, are to be allocated as a result. The fact pattern also highlights potential exposure to claims for false advertising and unfair or deceptive practices arising from statements later alleged to have been untrue. While their precise legal classification is a fact-intensive inquiry that remains up for debate, DAOs and their participants should be aware that uncertainty does not serve as a shield from liability for breaches of duties, contracts, or state and federal law. Other important considerations for DAOs that are not a legal entity include: their ability to validly enter into a contract, whether they have standing to sue if they suffer legal harm, who do you serve if you want to sue a DAO, the rights and obligations of DAO participants, whether a DAO owns trademarks or other intellectual property, and many more. In determining whether to develop or participate in a DAO, individuals and entities should apprise themselves of these developing legal issues regarding these entities and seek experienced counsel.