To print this article, all you need is to be registered or login on Mondaq.com.
The decentralized autonomous organization (DAO) is a relatively
novel structure gaining popularity in the blockchain community.
DAOs are community-led entities with no central leadership built on
a blockchain using smart contracts, and with no restriction on the
geographic location of its members, potentially resulting in an
DAOs are seen as transparent and their lack of central
leadership is attractive to many. What DAO members often do not
realize, however, is that they may be unknowingly exposing
themselves to personal liability, simply by virtue of their
membership in a DAO. Unlike shareholders or members of more
traditional legal entities, DAO members do not enjoy protections
against personal liability for the DAO’s actions unless there
is a state law that offers such protection.
The decentralized autonomous organization is a relatively
novel structure gaining popularity in the blockchain
In this article, the authors examine recent case examples that
illustrate the risks of DAO membership and the urgent need for
federal and state rulemaking that is public and transparent, in
contrast to regulation by enforcement.
bZerox DAO | Ooki DAO
Earlier this month, the Commodity Futures Trading Commission
(CFTC) issued a settlement order imposing a $250,000 civil
penalty1 on the bZerox (bZx) DAO, which unlawfully
offered to its members leveraged and margined retail commodity
transactions in digital assets in violation of the Commodity
Exchange Act (CEA) and CFTC regulations. These margined retail
commodity transactions were required to take place on a designated
contract market, but did not.
CFTC also commenced a federal civil enforcement action in
California based on the violations of the same laws against Ooki
DAO (Ooki), a successor in interest of bZx, which has the same
members and operates the same software protocol.
Importantly, CFTC’s settlement order also held personally
liable Tom Bean and Kyle Kistner, co-founders of bZx who
transferred control of bZx’s software protocol to Ooki. While
the DAO’s conduct was found to be illegal, the finding of
personal liability of the owners based solely on their status as
voting token holders of the Ooki DAO should cause concern among DAO
DAO members do not enjoy protections against personal
liability for the DAO’s actions unless there is a state law
that offers such protection.
CFTC’s approach to deciding who is responsible for the
violations was the subject of internal debate within the CFTC.
CFTC’s Commissioner, Summer K. Mersinger, issued a dissenting
statement,2 calling the decision to impose liability on
bZx’s cofounders “arbitrary” and “based on an
unsupported legal theory amounting to regulation by enforcement
while federal and state policy is developing.”
As she noted, there are three bases on which the CFTC can rely
to support charging a person with violations of the CEA and CFTC
rules committed by another person or entity: (1) principal-agent
liability, (2) aiding-and-abetting liability, and (3) control
Yet, CFTC based their decision on California precedents from
contract and tort law that hold that individual members of a
forprofit unincorporated association are personally liable for the
debts of the association. Commissioner Mersinger stressed that the
CFTC seemingly acted outside the scope of its authority in acting
in a manner not intended by Congress.
She noted that the CFTC engaged in regulation by enforcement
that will have far-reaching policy implications. Specifically, the
Commission’s settlement order and complaint arbitrarily define
the Ooki DAO unincorporated association as comprising those who
vote on proposals with their Ooki tokens.
This definition creates an unequitable division between token
holders based on the happenstance of voting or not voting
with their token. Under the CFTC definition, a token holder
that voted on any issue becomes a member subject to personal
liability and a token holder who failed to vote for any reason is
not considered a member and is exempt from liability. This
definition discourages voting participation in the DAO
Commissioner Mersinger explained that the CFTC had better paths
available in initiating a public notice-and-comment rulemaking on
the issues of how DAO members should be defined and who CFTC may
hold personally liable for a DAO’s violations. This process
would have allowed public input from interested parties and would
highlight possible consequences of the Commission’s approach to
Furthermore, Commissioner Mersinger expressed an opinion that
the CFTC could have achieved the same result by using the
aidingand-abetting standard when finding Bean and Kistner
personally liable rather than relying on novel legal theories that
are likely to have far-reaching implications on DAOs.
Sarcuni v. bZx
bZx’s civil troubles began earlier this year when, in
Sarcuni v. bZerox et al., members of bZx filed a class action
against the DAO, its founders and investors following a successful
“phishing” attack that resulted in a theft of $55 million
in funds from the platform. The plaintiffs alleged the theft was
possible due to the lack of security features on the platform.
Defendant-founders filed motions to dismiss, claiming that it is
improper to hold them liable as the stolen funds belonged to the
DAO. The motions argued that since bZx was owned and managed by the
DAO itself, only the DAO can be liable. While the plaintiffs were
members of the DAO, they claimed that they were not
“meaningful” members and lacked sufficient control for
any liability to be imposed.
The court’s decision in Sarcuni is expected to
establish the standards for founder and manager liability for the
actions or omissions of a DAO. Unlike many other DAOs, the bZx DAO
is a limited liability company under the laws of Delaware.
In addition, there is a holding company, bZx Holding Corp.,
incorporated in the State of Wyoming. The court will need to take
into consideration the LLC status and whether Delaware’s laws
afford the founders protection.
Regulation of DAOs
bZx’s misadventures and their ramifications highlight the
fact that the status of DAO members is uncertain, regulation and
enforcement are not uniform, and there is dire need for clarity as
to the status and risk of personal liability for DAO members.
Most DAOs lack the legal safeguards afforded to limited
liability companies. Members could find themselves facing personal
liability merely because they used their token for a simple vote,
possibly unrelated to any DAO actions that may later result in
A few states, such as Vermont, Wyoming and Tennessee, have
enacted legislation providing some protections to DAOs and
their members. While these laws have not yet been tested by
the judicial branch, and while they have been criticized as being
out of touch with the realities of DAOs, at least it’s a
Wyoming enacted legislation in 2022 to protect DAO members from
personal liability by allowing DAOs to obtain legal status as
limited liability companies. The statute defines DAO voting and
quorum requirements and allows DAOs to define their own quorum
(prior statutory requirement of 50% of the membership quorum was
difficult to achieve with DAOs having fluid membership and possibly
thousands of owners). No member has a fiduciary duty under the
The biggest criticism of existing DAO legislation is that
they place additional burdens on DAOs without conferring real
benefits in exchange.
Vermont also passed its own blockchain-based statute. The
Vermont legislation does not specifically address DAOs but
authorizes creation of a new type of business entity — the
Blockchain-Based LLC (BBLLC). A BBLLC is allowed to customize its
governance structure. The operating agreement must define the
rights and obligations of each participant group within the
Tennessee is another state that has afforded DAOs protection
within its laws. Under Tennessee’s bill, unless stated
otherwise in the articles or operating agreement, the management of
the DAO can be member-managed, or contract managed.
There is no requirement that the DAO have a centralized
governance or managers. Furthermore, the law does not even require
that the person forming the DAO be a member. The DAO specifically
states that members do not owe a fiduciary duty to the DAO.
The biggest criticism of existing DAO legislation is that they
place additional burdens on DAOs without conferring real benefits
in exchange. This stems from a lack of understanding of how DAOs
function. The CFTC order also highlights the need to define exactly
who is a member or control person in a DAO.
Analysis and conclusion
bZx DAO was established in 2019 before two of these laws were in
effect. They incorporated in Delaware, traditionally the most
corporate-friendly state. CFTC’s Complaint alleges that
bZx’s rebrand to Ooki was undertaken solely to escape
regulatory enforcement, but the new organizational form exposed the
members of the unincorporated association to personal
Most DAOs are unincorporated associations and many have not
registered in Wyoming, Tennessee or Vermont, and thus their members
are similarly at risk of personal liability for the actions of the
DAOs usually comprise thousands of members. Each member has the
opportunity to vote on the governance of the DAO. While the CFTC
has acknowledged that DAOs can be used for good governance, the
CFTC order is a warning to DAOs and their members that good actors
can be punished without fault for the actions of bad actors within
DAOs have the potential to change how entities govern themselves
— how companies operate — and allow members to have a
voice is decisions that impact their companies. Companies will
employ blockchain technology to enhance themselves and their
relationships with their customers.
The CFTC is the federal agency responsible for the oversight of
digital assets including cryptocurrencies such as Ethereum, Solana,
Polygon and many more. Most DAOs use these tokens for
members to gain access to the community and participate in its
governance. Members of DAOs not incorporated in the appropriate
jurisdiction, or without a governance structure protecting members,
are leaving themselves open to personal liability.
Considering the CFTC decision, DAOs will do well to revisit
their governance structure and consider how best to insulate
members from unintended personal liability. Furthermore, DAO
members should review their insurance coverage as they may find
they lack coverage under their personal and business policies for
Previously Published by Westlaw Today
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.