The liability of DAOs and their founders has been put to the test in court

A US court in California has ruled in favor of plaintiffs who alleged that the bZx protocol, and governance token-holding members of its DAO, were negligent and liable for losses resulting from a hack that drained the treasury.

The putative class action lawsuit against bZx, its founders, software developers Leveragebox LLC and Hashed Labs LLC was first initiated in July 2022.

While the court rejected some of the claims, such as claims that founders Tom Bean and Kyle Kistner are personally liable for breach of fiduciary duty, the fact that it allowed the negligence claims to proceed has created a landmark ruling in the relatively murky topic of governance token holder liability in DAOs.

The ruling means that DAO members can be held liable for negligence, potentially undermining the already challenged decentralized nature of DAOs, while providing a defense for founders who have seen their creations accused of wrongdoing.

The case stems from the $55 million hack of DeFi lender bZx in 2021, which resulted because a developer downloaded an email attachment containing malware. Not only did the attacker drain the BZRX token wallet, but other digital assets such as Ether. This is on top of other hacks the protocol was exposed to in 2020, one of which was for $8 million, while two others that occurred were for $630,000 and $350,000.

In response to the hack, the bZx DAO adopted a governance move to compensate token holders 1:1 for their lost BZRX tokens and a debt repayment plan that would reimburse owners for their other stolen crypto. The time horizon of this repayment plan was unacceptable to the holders, hence the class action.

bZx DAO was later renamed Ooki DAO, which many – including courts – have called the successor. In late 2022, The DAO’s co-founders paid $250,000 to settle a case with the Commodity Futures Trading Commission (CFTC) regarding tokenized margin trading and over-the-counter lending services.

Before the court was the question of whether all persons holding BZRX tokens are part of a general partnership.

The heart of the case is how the concepts of fiduciary duty (the duty to act in the best interest), the duty of care (the duty to act without negligence) and joint and several liability (a liability that is shared). by multiple parties), the concept of a DAO and governance token holders applies. While existing case law has created much guidance on how these concepts apply to TradFi partnership structures such as general and limited partnerships, DAOs are something of an uncharted land given their unique structure.

The plaintiffs, citing California law, argued that general partnerships exist when there is an “association of two or more persons to continue as co-owners of a business for profit,” including the proviso that partnerships may be accidental, which is upheld under case law.

The court found that the bZx protocol meets the definition of a general partnership because of how the token holders can both propose and vote on governance proposals, including hiring, and distribute treasury assets to token holders in the same way that a company authorizes dividends.

The CFTC took a similar approach in its 2021 complaint against Ooki DAO. As of January, the CFTC is asking a judge for a default judgment in the Ooki DAO case, since it has not responded.

“Given this context, the Court disagrees that recognizing bZx DAO as a general partnership would be a ‘radical expansion and alteration of long-standing principles of partnership law,'” the ruling said.

And with this comes the responsibility that arises from a general partnership. The involvement that token holders have in the business through participation in governance protocols also implies that they have a duty of care, the court held, including that the protocol was properly maintained and had sufficient security measures.

The next question for the courts was whether the founders themselves are responsible for the DAO, and whether they could be held liable for their inaction and negligence.

This is where the concept of joint and several liability comes into play. Joint and several liability refers to the legal concept where multiple parties can be held liable for the same negligent act, and each party can be held liable for the full amount of damages, regardless of their individual contribution.

If this concept were to be applied to the DAO’s founders, it means that each defendant would theoretically be held liable for the damages suffered by the plaintiffs due to the $55 million hack.

But the court found that complaints against developers Leveragebox LLC and Hashed Labs LLC did not provide the necessary elements to establish claims for negligence, breach of fiduciary duty and joint and several liability.

“Because plaintiffs have failed to allege that the moving defendants had actual authority to control bZx DAO, the court finds that plaintiffs have failed to plead joint and several liability,” the filing states.

Separately, a claim against founder Tom Bean was dismissed because the court found that the plaintiffs had not brought sufficient evidence to show that a California court had jurisdiction over him.

However, the court said it would be receptive to an amended pleading presenting a new jurisdictional argument.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *