The legal dangers of getting involved with DAOs
Buying DAO tokens? That’s no longer risk-free: Courts might consider you a partner in the business and judge you liable for millions in hacked funds. Another legal trap may be found simply working for a DAO — and implementing community decisions that turn out to be illegal in some far-flung jurisdiction. With many DAO communities […]
Buying DAO tokens? That’s no longer risk-free: Courts might consider you a partner in the business and judge you liable for millions in hacked funds. Another legal trap may be found simply working for a DAO — and implementing community decisions that turn out to be illegal in some far-flung jurisdiction.
With many DAO communities waking up to the reality that they need some sort of legal structure or “legal personality” in order to act in the real world, solutions from mimicking corporate structures to anonymously run foundations are being floated by lawyers around the world.
Nothing in this article should be construed as legal advice — and not just because the law isn’t clear about any of it.
Code is law?
In 2021, Magazine interviewed Griff Green, whose heroic actions to thwart The DAO hack on the morning of June 17, 2016, helped save a good proportion of the 14% of Ether in existence at the time. By identifying how the exploit worked, his team of hackers worked to “steal” faster than the malicious actor, thus limiting the amount taken by the individual who discovered the error in The DAO’s code. But who did this ETH belong to?
Did it belong to the 11,000 investors who had contributed Ether toward the project in the previous month? If so, what claim did they have, considering that these “investors” had handed their money to an organization without leaders or jurisdiction, governed entirely by smart contracts that operated according to the votes of investors?
Or did it belong to the “malicious hacker” who simply interacted with the publicly available smart contract in a way that allowed them to withdraw Ether? Many would argue this is perfectly legal as per the “code is law” mantra.
Since The DAO had no legal personality, by what law could it hope to pursue the hacker, even if they were identified? The same goes for the “investors” — how could they claim that the stolen Ether was theirs, given they made no legal agreements and signed no contracts when making their investments?
Perhaps the Ether that Green’s team got a hold of was now rightfully theirs? Green acknowledges that he took “a huge risk” with the preemptive stealing of 10% of the Ether in circulation and recalls how as word spread, a multitude of legal threats poured in demanding how the recovered funds should be distributed despite the fact that “we were just normal people; we didn’t have a company.” Eventually, Green’s team returned the funds through a decentralized application.
These questions are just now beginning to be tested, with one of the first (developing) cases to emerge being that of Ooki DAO, accused of breaking the “Commodity Exchange Act (CEA) by allowing users to engage in retail commodity derivative trading transactions” without registering the platform or conducting KYC procedures. In January 2023, the judge found Ooki to be an “unincorporated association comprised of Token Holders,” which could be sued in the same way as a person or corporation — and that it could be served by posting a notice onto the DAO’s online community forum.
Another recent example of pitting code against law can be found in the case of Avraham Eisenberg, who in December 2022 was arrested on the request of U.S. authorities in Puerto Rico for having run a “highly profitable trading strategy” that effectively exploited the smart contract of Mango Markets, a decentralized finance DAO — draining it of $110 million.
He claimed the whole exploit was perfectly legal under the “code is law” mantra, but the FBI disagreed. The case is yet to be tested in court.
Partnerships, foundations or corporate wrappers?
When it comes to DAOs, The DAO can be understood as the original example upon which the concept is based. As such, The DAO is often considered an ideal example of what a decentralized autonomous organization is supposed to be: cryptographically decentralized with no real-world anchor, its operations automated by way of smart contracts, and organized by way of blockchain governance.
In practice, however, “courts may interpret DAO structures as General Partnerships, which have unlimited joint and several liability for all participants,” observes Jason Corbett, managing partner of blockchain-specialized boutique law firm Silk Legal.
Jonathan Turnham, a partner at Cayman Islands law firm Travers Thorp Alberga, spends 95% of his time working on crypto law and agrees that it’s complicated. He explains that, in theory, a truly decentralized DAO that functions as a decentralized exchange or metaverse project can be “a code-based business, a bunch of 1s and 0s” and does not technically have a need for a real-world corporate structure or physical business.
But in his experience of advising dozens of DAOs, this model of total decentralization tends to run into trouble quickly — perhaps even in the first 10 minutes of operation.
“A codebase business still needs a front end,” Turnham explains, listing real-world needs like domain names, web hosting, banking services — or hiring lawyers — all of which are very difficult to acquire and pay for as a non-registered ghost-like entity. Any DAO that needs to enter into contracts involving real estate, intellectual property or even buying the U.S. Constitution cannot simply be code-based, as they will need some type of legal personality.
“You’ve got this awkward inability to bridge into the real world you know, right down to you just needing a damn credit card or bank account to be able to pay a non-crypto service provider.”
“Currently, DAOs have no legal status in most jurisdictions,” says Irina Heaver, partner of Keystone Law, which specializes in the blockchain industry, and general partner of VC investment firm Ikigai Ventures. She’s talking in the context of metaverse projects that are being launched on decentralized protocols. Legally speaking, traditional companies seem to remain the main game in town.
There are of course exceptions. The U.S. state of Wyoming has recognized American CryptoFed DAO as a legal entity, and Vermont has seemingly done so as well with dOrg LLC.
Oliver Goodenough, special counsel to the DAO’s law firm Gravel & Shea, commented, “We believe that dOrg is now the first legal entity that directly references blockchain code as its source of governance. Its material operations and ownership interests are managed entirely on-chain.” A Senate committee report even recommended the Australian government should soon recognize DAOs in a legal capacity, though it is yet to act on the advice.
Does legalizing DAOs kill what makes them special?
But Sarah E. Paul, partner at Eversheds Sutherlands, is critical of the way in which the “legalization” of DAOs has rolled out, pointing out that certain provisions of Wyoming’s DAO law are “antithetical” to the basic idea that a DAO is supposed to operate entirely via smart contracts.
“DAOs would have to define in the articles of organization how the members will manage the DAO, including the extent to which governance would occur algorithmically — they’re supposed to define how dispute resolution will occur, and that can’t be totally managed by smart contracts,” she says.
In this sense, one may wonder whether DAOs are really a unique legal contraption at all, or whether they are to corporations roughly what registered civil partnerships are to marriage — essentially the same thing with a modern lick of paint.
Heaver, in turn, argues that “the concept of a traditional company is morally outdated.” If the C-word is too dirty for a DAO team to associate with, a “foundation” may be another alternative.
Turnham sometimes guides teams to set up a foundation in the Cayman Islands, which can then act as the “arms and legs” of the DAO as a service provider with legal personality. While he acknowledges that the “true Web3 crowd” may consider such a solution as not meeting the threshold of a DAO due to its having a centralized legal entity, Turnham explains that the solution is not too far off the ideal because such a foundation can be effectively “orphaned,” with no need for shareholders.
Going back to corporations, there are also something he calls “wrapped DAOs,” which are incorporated in a jurisdiction — such as his — that allow for an anonymous or semi-anonymous board of directors to control the project in a way largely impossible within many other legal systems.
Nevertheless, the risks faced by foundation directors or even mere employees are significant because they cannot justify their actions simply by telling a judge that “the community wanted me to do this” if they were doing something obviously illegal (for a U.S. entity, at least) such as financial dealing with North Korea.
Turnham expands that this can be seen to support the view that DAOs should function much like corporations, with boards of directors that function essentially to give a sober second thought to community suggestions and “avoid the super violent, super abusive or frankly super illegal activities that some DAO votes may try and push through.”
Such a corporate setup is at odds with genuine blockchain governance because “governance tokenholders do not have executive authority to make day-to-day decisions,” Turnham clarifies, describing them as more akin to “adviser tokens” for the DAO, which functions more like a community “suggestion box” for its administrators to consider. This model, he believes, is one that judges can easily understand.
When a DAO is not wrapped into a corporate shell, Turnham confirms that an entire project could be viewed as a general partnership. In effect, a judge could find that all tokenholders are in a “common enterprise for profit as general partners,” which comes with full liability for every other tokenholder’s actions concerning the project.
“That’s a pretty violent outcome because guess what, you can now have 1,000 governance tokenholders that are now involved in a potential breach of securities laws — securities regulators can theoretically go after every single one of them for being involved.”
This undoubtedly sounds like a nightmare, and it is precisely “why 400 years of corporate law were developed in the first place — as a fence to protect investors.” Painting in such broad historical strokes, the idea of using DAOs to circumvent the need for such legal entities comes across as a rather awkward venture at best — and a doomed one at worst.
Perhaps the answer lies in moderation. If a pure and “traditional” DAO proves unwieldy in most real-world applications, can the concept be watered down to meet reality? For Turnham, “decentralization is a spectrum,” and there is plenty of room between the black and white of cypherpunk ideals and traditional corporate structure.
Paul agrees, noting that “all the DAOs I’ve looked at have had some level of centralization — as a practical matter, they have found it hard to function without that.”
Securities law and governance tokens
In addition to the risk of being found to be partnerships whose tokenholders are responsible for all manner of corporate actions, there is concern that the governance tokens issued by DAOs will be found to be securities in themselves.
If so, their issuance to the public falls under highly regulated securities legislation, especially in the U.S., where the sale of unregistered securities to unaccredited investors can be seen as a crime with severe fines and jail terms. Regulations vary around the world, so what may be of no legal concern in one jurisdiction may very much be a problem when tokens are received by someone in another country.
Whether or not a token can be classified as a security in the United States is determined by the Howey Test, which defines that securities consist of (1) an investment of money (2) into a common enterprise with (3) a reasonable expectation of profit that is (4) derived from the efforts of others.
Things don’t look great at first glance — people invest cryptocurrency to receive what appear to resemble voting shares in a business, usually with the hope of selling them for a higher amount.
Arguments can of course be raised against any of the Howey Test points. For one, it could be argued that cryptocurrencies, such as ETH with which tokens are purchased, is not “money,” or that the tokens are distributed by other mechanisms, for example via airdrops to NFT holders, as in the case of APE tokens worth tens of thousands of dollars each to owners of Bored Ape Yacht Club NFTs. It can also be well argued that certain DAOs do not operate with the intent of generating profit, instead functioning as something more akin to a social club, gaming community or charity organization.
“There is virtually no case law in this area— you are drafting into a vacuum.”
In Turnham’s view, DAOs largely cannot be defined as securities because as decentralized organizations, they cannot necessarily be said to be managed by others — though it is not clear if that would hold up in the courts. The Howey Test is not used by the Cayman and British Virgin Islands legal system, which he says is a favorable jurisdiction for DAOs to operate.
When it comes time to distribute profits or excess capital, DAOs “can spend surplus proceeds on buying tokens off the secondary market, thus creating a deflationary effect which is going to indirectly have some benefit and value to other tokenholders.” In another example, a DAO’s foundation “can certainly agree to make a contractual payment to tokenholders on a pro-rata basis” — almost like a dividend, but technically not quite the same. This is important because otherwise, DAO tokens may begin to resemble bearer shares, stocks whose ownership is determined by physical possession of stock certificates rather than registered ownership, a form of security that is outlawed in the Cayman Islands.
Turnham admits that there are few users of DAO tokens in the jurisdictions he works in, meaning that, in practice, those holding an interest in and participating in DAO governance are doing so from potentially more restrictive jurisdictions abroad. Before selling tokens, “the correct legal advice,” he says, is to advise teams to do the impossible:
“In a perfect world, I would say to DAO founders to go to every single jurisdiction and get a legal opinion from a lawyer from all those places to say whether your token is or isn’t a security and whether you can or cannot sell it to people there.”
Getting 200 legal opinions on securities law is hardly affordable, so, in practice, diligent teams will seek legal clarity on “higher risk jurisdictions,” which Turnham figures include the U.S., U.K., Canada and Australia among others — with special attention to any country that is expected to host a large number of tokenholders.
A legitimate future?
Despite the headaches DAOs are already producing for the legal profession, the lawyers interviewed for this article share a common thread of optimism regarding the new concept — not just as a legal vehicle but as a movement for the modernization of the corporate world.
The key seems to be the way that DAOs encourage community, feedback and participation via online tools, such as Discord, something quite unlike normal public corporations, where “once a year, you have an annual general meeting and the agenda gets rammed down investor’s throats” without any real debate, says Turnham, likening it to a “healthy and fundamental” change in the way corporations have operated for generations.
“You couldn’t have had a DAO 100 years ago,” notes Paul, mentioning her observation that the movement has a positive energy that connects people around the world. In five years, she foresees DAOs in an increasingly cemented piece of organizational architecture:
“I think DAOs will keep growing — they’ll battle with regulation over the next few years, but I think they will come out of it.”
What it’s actually like to use Bitcoin in El Salvador
Can Bitcoin survive a Carrington Event knocking out the grid?
‘Make sure Ethereum wins’ — Steve Newcomb reveals zkSync’s prime directive
Inside South Korea’s wild plan to dominate the metaverse
The legal dangers of getting involved with DAOs