A US federal court case will test the boundaries of protection from liability for developers behind decentralized autonomous organizations (DAO). Will this effect the regulation of DAOs in Australia?
The Case - Sarcuni et al. v. bZx DAO et al.
On or about May 2, 2022, a class action was filed in the US District Court for the Southern District of California against the bZx protocol DAO. Corporate structures are often used as a vehicle for developers to shield themselves from personal liability. The DAO, put simply, is a further level of absolving founders by implementing smart contracts into the protocol so that it becomes a self governing organization with no central leadership. In this case, the DAO was created by two individual co-founders. Namely, two limited liability corporations (LLCs (in Australia this would be a standard company) that also invested in the DAO and participated in its governance.
As mentioned, DAOs theoretically purport to be organizations without any central leadership structure like conventional companies. The coded terms in the smart contracts determine the governance direction, and rather than a vertically integrated hierarchy, DAO stakeholders with tokenized voting rights are typically considered “equals” in which one token equals one vote. (Decentralized autonomous organizations (DAOs) | ethereum.org)
The plaintiffs in this case make an untested and unprecedented legal argument alleging the DAO’s co-founders (being the 2 LLCs) and governance participants (these would effectively be the token holders staked in the protocol) are jointly and severally liable for damages for the actions of the DAO on the basis that members of the DAO had formed a de facto general partnership and thus the token-holders are each general partners without any limitation of liability. If this argument is successful, it has broad implications for the DAO structure that will likely influence regulation and common law precedent in most jurisdictions where DAOs have not yet been tested, including Australia. The plaintiff's claim, inter alia, one of the DAO’s developers fell for a phishing scam resulting in the inadvertent disclosure of a private key to a third party. The third party hacker then stole $55 million USD (approximately $78,000,000 AUD) from the protocol.
The plaintiffs claim the DAO disclosed or made out to token holders that the protocol was “non-custodial,” and that users controlled their own keys and wallets. Conversely, the loss of the private key meant the hacker was able to access and siphon out all of the funds on two of the three blockchains on which the platform operated because the private key retained governance authority. The plaintiff's corollary argument is that the DAO therefore functioned as custodian of the funds, and thus “had a legal duty as custodian to exercise reasonable care to protect the funds.” Importantly, the founders had turned over governance rights to the protocol to token-holders on the third blockchain known as Ethereum, and the hacker was therefore unable to use the private key to drain the funds from the Ethereum-based protocol.
DAOs - The partnership argument
There are a number of legal structures in the United States that operate to protect members from personal liability for the debts and actions of the corporation, including limited liability partnerships. In Australia, companies and complex trust structures are often used to shield and provide limited liability to their shareholders. Only in a few narrow instances is the corporate veil pierced. Conversely, general partnerships do not offer limited liability protection and therefore do not typically protect their owners from legal liability and debts. Owners in a general partnership are considered jointly and severally liable for the activities of the partnership. In Australia, and specifically Queensland, (though other states have similar provisions) the legal principle of joint and several liability is encapsulated in section 15 of the Partnership Act (View - Queensland Legislation - Queensland Government).
A general partnership requires no registration, it is a substance over form relationship, triggered when two or more persons engage in a business for the purpose of joint profit. In the US case, the plaintiff's allege the members of the DAO satisfy this definition of a partnership and therefore inadvertently formed a general partnership. It follows then, that each of the 2 founding LLCs (who also happen to be stakeholders) "are jointly and severally liable to the plaintiffs and must make good on the full amount of its debts". There are a significant number of cases in Australia where members inadvertently were deemed partners, (notwithstanding efforts to resist such a legal classification) and so it will be interesting to see whether there are parallels in the outcome of the US case with the development of Australia's common law and DAO classification.
In this US case, the ramifications of a general partnership argument include the potential outcome of any token-holders, including those not responsible for the hack, being deemed general partners. This could lead to absurd legal consequences if successful. Moreover, how would token-holders in another jurisdiction or country be treated if they fall within the definition of a general partnership, not to mention the logistical difficulties. Further, and specifically, the Plaintiff's argue that because the DAO, standing alone, does not require state registration in California (for example like a corporation would) the determination of liability for a general partnership is appropriate under operative law because those that hold the DAO protocol’s governance tokens “have a potential claim on its profits, and they share responsibility for its liabilities,” the same way partners would in a general partnership. The case presents two further issues that remain unclear:
The claim is ambiguous as to whether it is asserting that all of the DAO's token-holders are general partners or only some are. However, it prima facie appears to allude to the fact that all token holders are general partners. For example, the claim stipulates , “given their structures and the way they operate, the bZx and Ooki DAOs are general partnerships among token-holders.” As previously mentioned, treating all of the token-holders as general partners would lead to absurd outcomes. For example, the plaintiffs were users of the bZx protocol, if they were receiving tokens and staking, they would also be members of the DAO and, consequently, "jointly and severally liable as general partners". It is absurd because, in effect, they would be suing themselves. While the complaint notes that “none of the Plaintiffs or proposed class held meaningful stakes of BZRX token” (probably to distinguish some token-holders so they are not considered general partners given their limited ownership of the tokens), it would be equally absurd an outcome if so called “meaningful” token-holders were not able to sue the 2 LLCs on the basis that they own too large a stake, particularly because meaningful token holders also had funds stolen.
The claim alleges negligence on the part of the bZx DAO — which it appears to define it as those who hold the BZRX token. However, the hack occurred precisely because the governance keys were not handed to the token-holders and instead retained by the founding team. It remains unclear what the DAO members could have done to prevent the hack and further, given the decentralized nature of the DAO, whether a duty of care arises and extends to the founders in these circumstances.
There are also significant jurisdictional issues. The claim asserts that the court “has specific personal jurisdiction over all Defendants because they purposefully entered into a general partnership controlled from California”. This implies that should DAO token-holders be deemed general partners, merely participating and joining a DAO could expose members to legal liability wherever the DAO operates. Further, there is uncertainty surrounding the legal consequences for DAO members in jurisdictions where general partnership laws differ to that of countries like the US and Australia.
Whilst not mentioned in the claim, the claim raises interesting protocol design questions. Is it fair to regulate DAOs equally for proof of work (POW) and proof of stake (POS) protocols? Particularly because the risk is substantially reduced if stake holders do not actually give up or transfer their tokens outside of their digital wallets, and merely delegate them. We have not yet seen a test case for this particular query.
Conclusion
This case presents a number of interesting and novel legal questions. The consequences of a potential decision being far reaching and one that could fundamentally alter the landscape of cryptocurrencies generally. It raises significant legal issues relating to DAO governance, the structures to be used for cryptocurrencies, and the extent to which developers can be held liable, despite the existence of the DAO. The Minted Brief will endeavor to provide updates as the case progresses.
This article is written for educational purposes only as well as to give you general information and a general understanding of the law. It does not provide legal advice. Any content should not be used as a substitute for competent legal advice from a lawyer in your jurisdiction.
Comments