DAO Safety 101: Legal risks
In this post, we look at some of risks of free association with a DAO.
To many people, when they imagine a DAO, they imagine a crowded Discord server or Telegram chat—and a group of people working together on a common goal.
Those goals are often small, like running a social club or raising awareness for a popular cause. But the goals can be as big as building a billion dollar protocol.
When a DAO is a social club, a group of people sharing knowledge and having fun together, there’s little room for anything to go wrong.
DAOs that build products are different. Their smart contracts can hold the funds of a hundred thousand users. And contributors to these DAOs may be getting paid thousands of dollars per month to maintain the security of the project.
Despite the audits, security measures and best practices, bad actors will look for exploits and over the years we have seen several big hacks and scams that have resulted in millions of dollars being stolen from these DAOs.
Badger, Beanstalk, and bZx lost a collective $357 million to hacks and exploits within 2021 and 2022.1
When something goes wrong, who is left with the blame?
When nobody is to blame, everybody is to blame
Assigning responsibility in a DAO is very difficult. Many decisions are made by community voting, and organizational hierarchies are very flat if not entirely non-existent.
Most importantly, many DAOs operate without any real legal entity. There is no company, foundation, or association that wraps the DAO.
This lack of structure can make people feel as though they are not accountable to the actions of their DAO or the mistakes of the people they work with. But in the eyes of most lawmakers, their Discord server and protocol is not even recognized as a real organization…
DAOs without legal entities will be classified not as a real independent organization but, in most cases, as a general partnership between its members.
DAOs as general partnerships
General partnerships are a basic form of partnership under Common Law where partners share equally in both responsibility and liability, jointly and severally.2
While not all countries observe the Common Law definition of general partnerships, most developed nations have something similar.3
An important characteristic of these general partnerships is that they have no legal personality—they are not viewed as independent from the people running them.
Which makes the people within the partnership personally responsible for mistakes made by the overall partnership and all other partners.
If the DAO violates some law, makes mistakes, or gets sued, it is the members that can be held individually and personally responsible. This is especially concerning with the amount of projects who have adopted liberal interpretations of securities laws.
The bZx incident
bZx is a DAO and DeFi platform that had $55 million dollars worth of crypto stolen after a phishing scam exposed the private keys of a critical developer. That wallet was then used to access the deployed contracts of bZx and drain the funds.
Several users feel that the theft was made possible by lacking security measures that the operators of the DAO were already aware of. As a result, 14 users who collectively lost over $1.5 million are suing the bZx founders, investors, affiliated companies and more.4
Since bZx operates with no legal entity, each and every partner of this DAO can be held responsible to repay the stolen funds.
Jason Harrow, Partner of Gerstein Harrow LLP, stated that:
“Those who form DAOs apparently believe that they can use the word ‘decentralized’ to evade corporate and individual responsibility. The opposite is true: without the protection of a corporation or limited liability company, everyone involved in a DAO’s governance is liable for the protocol’s negligence and illegality.”5
The bZx incident serves as a harsh demonstration of what happens to an organization that is simply a group of partners. Responsibilities of the partners are not diluted by having a democratic voting process or community governance.
DAOs should always be implementation details within a broader foundation, company, or association, especially if the DAO will be doing anything with risks, either commercial or otherwise.
Sadly, bZx will not be the only DAO that faces trouble, as Olympus DAO seems to have a legal battle brewing that will test the power of anonymity as a layer of protection for DAO founders.6
Turning a DAO into a real organization
There are a wide variety of legal entities that can help a group of people best accomplish a certain mission.
For people who want an organization to remain decentralized, Cayman or Panama foundations are good options.7
If an organization has certain members in leadership positions, having them do business out of an LLC or corporation can be an effective and inexpensive way to bring legitimacy and safety to a project.
It’s not necessary for the entire DAO to be a company, but it will be vital for some members of the DAO to have tools like these legal entities at their disposal.
Working in a “naked” DAO
When you are working for, or contributing to, a naked DAO—one without a real legal entity—there’s a serious risk you’ll be considered one of the general partners.
This is far from ideal, as you want to earn your income from building in the DAO, without the risks of being swept up in legal disputes for issues you have no part in.
Protecting yourself from scenarios like these involves setting up a company that you can use to represent you in your relationship with the rest of the general partners.
Your company then acts as a limited liability shield between you and the rest of the people in the DAO.
In the case of something going wrong within the DAO, your company can be found liable for things (as can any involved parties) but your company can create a barrier between the DAO partners and the rest of your personal assets.
In the case of bZx, this might mean that your individual company is forced to pay up, but that the rest of your personal assets (your home, savings, stocks, etc.) are left alone.
After you’ve set up a company, it’s important that the company holds all the assets that you earn from this DAO.
This will help you maintain the fact that you yourself are not a partner in the DAO, and that everything you do is through your independent company.
Using OtoCo to guard yourself in a DAO
OtoCo can be used to both create a limited liability company for yourself, and have that company hold legal ownership over assets in a non-custodial wallet like Metamask.
First, create either a Delaware LLC or Wyoming LLC.
Then, fill out this crypto pledge agreement with the information of the wallet that will hold assets you earn from the DAO.
Finally, sign that document in the files section of the OtoCo dashboard to create a link between your crypto wallet and your company!
Make sure that any payments you receive from the DAO go directly into your LLC’s crypto wallet.
DAOs are an exciting new way to organize groups of people, but with anything new, it’s important to understand the risks involved. Many serious legal issues can be mitigated or prevented simply by improving one’s awareness of the Web3 legal space and spending some time to learn the basics of legal entities and their role.
> If you need help using OtoCo to protect yourself in Web3, join our Discord server and get support from our community of builders!
Stay safe out there, and happy BUIDLing!