Federal and state courts have recently seen an influx of lawsuits against actors and entities operating in the crypto space. Until recently, however, who could be a defendant charged with alleged misdeeds – including the sale of unregistered securities – has not been at issue. A few years after the rise of “Decentralized Finance,” a set of recent cases promises to change this, focusing on how blockchain-based enterprises alter traditional legal conceptions of the organizations and individuals liable for actions undertaken by broad and distributed groups.
Decentralized Autonomous Organizations
Followers of the crypto space are familiar with the concept of decentralized autonomous organizations, or “DAOs.” A DAO is a software-based organization whose actions are executed through smart contracts on a blockchain. Individuals and entities that own governance stakes in the DAO’s operation – usually, a particular crypto token – use distributed voting, automated rules, and code to implement DAO operations. Proponents of DAOs often stress the decentralized, flat nature of the organizations’ structure: decisions about particular actions that a DAO takes are generally determined by organization-wide votes, where holders of the corresponding token can vote on the proposed course of action. If the vote passes, the DAO implements that mandate autonomously, according to rules and directives encoded into one or more smart contracts. According to its proponents, this system of decentralized voting and autonomous management eliminates the hierarchies associated with traditional organizations, democratizing the DAO’s operation.
The SEC’s 2017 Report on The DAO
Years before DAOs began to be sued in the courts, in July 2017, the Securities & Exchange Commission (“SEC”) released a report of investigation into “The DAO,” one of the earliest large-scale DAOs, built on the Ethereum blockchain, offering indications of how the SEC viewed DAOs. See 117 SEC Docket 745 (July 25, 2017). In the case of The DAO, users could acquire DAO tokens by sending ETH tokens to The DAO, which would create and remit a proportional amount of DAO tokens to the user. The SEC’s report focused on the SEC’s view of how federal securities laws applied to these transactions, and, in particular, whether DAO tokens qualified as “investment contracts” and therefore securities under the test laid out in S.E.C. v. W.J. Howey Co., 328 U.S. 293 (1946). After arguing that DAO tokens qualified as securities, the SEC went on to find that The DAO itself – which the SEC characterized as an unincorporated organization – was a securities issuer subject to federal securities registration requirements. But the SEC ultimately did not bring any action against The DAO or (as of yet) any other decentralized autonomous organization. As such, and as noted below, private lawsuits stand poised to test the role of DAOs in connection with federal securities laws and other legal claims in the courts.
Sarcuni v. bZx DAO
One of the first widely-publicized explicit attempts to sue a DAO came in 2022 in Sarcuni v. bZx DAO, No. 3:22-cv-00618 (S.D. Cal.). The allegations in Sarcuni arose out of a phishing scam; the plaintiffs are a group of individuals who deposited crypto tokens into a trading platform – the bZx protocol – that allowed users to lend tokens and earn interest on those loans. Sarcuni involves a single count of negligence, centered around alleged deficiencies in the bZx protocol’s security precautions, which hackers exploited to steal millions of dollars from the protocol and its depositors.
Despite the straightforward nature of their claim, the Sarcuni plaintiffs faced an unusual dilemma in bringing suit: several months before the events at issue, the entities controlling the bZx protocol transitioned that control to the bZx DAO, which was in turn controlled by holders of the BZRX token. To address that dilemma, the Sarcuni plaintiffs are alleging that the bZx DAO functions and should be treated as a general partnership – with BZRX token holders standing in as general partners and liable under traditional partnership principles.
The specific token holders the Sarcuni plaintiffs named in their complaint were Kyle Kistner and Tom Bean – individuals who spearheaded the initial design and deployment of the protocol – as well as two LLCs that the complaint alleges are self-stated “investors” in the protocol that were involved in bZx’s decision-making process. These defendants have moved to dismiss on a variety of grounds – some traditional, others less so. Notably, the two “investor” LLCs have argued that the Sarcuni Plaintiffs, having based their theory of liability primarily (if not entirely) on the LLCs’ membership in the bZx DAO, cannot then allege that DAO members can be on both sides of the “v” at the same time – that is, the LLCs cannot have owed a duty to DAO member plaintiffs that are ultimately similarly-situated to the LLCs themselves since all hold governance tokens. Defendants’ motions to dismiss are currently pending.
CFTC v. Ooki DAO
The Ooki DAO, a successor to the bZx DAO, also found itself in the sights of the Commodities Futures Trading Commission (“CFTC”). In September 2022, the CFTC reached a settlement with Kistner, Bean, and bZeroX, LLC (the entity originally responsible for the operation of the DAO, also sued in Sarcuni). See In the Matter of Bzerox, LLC, et al., CFTC No. 22-31, 2022 WL 4597664, at *10-11 (Sept. 22, 2022). But, not yet satisfied, the CFTC also filed suit in federal court against the entire Ooki DAO itself. See CFTC v. Ooki DAO, No. 3:22-cv-05416 (N.D. Cal., Sept. 22, 2022). In a case that has been assigned to Judge William Orrick III, neither of the DAO’s co-founders nor bZeroX, LLC are named as defendants, as they have already settled. Tasked with serving the DAO itself, the CFTC attempted to serve the organization by submitting service papers through the Ooki DAO’s Help Chat Box and posting notice of that service on the DAO’s online forum, then moving for and receiving court approval for its “alternative service.”
After Judge Orrick granted that motion, however, four non-parties – LeXpunK, the DeFi Education Fund, Paradigm Operations LP, and a16z sought leave to file amicus briefs seeking reconsideration. After a hearing on the motions, Judge Orrick ordered the CFTC to serve just one identifiable Ooki DAO token holder, specifically at least one of the Ooki DAO’s co-founders (even though they were not named defendants). However, on December 20, 2022, Judge Orrick issued a detailed order rejecting the non-parties’ arguments that it should not be possible to serve the Ooki DAO at all. Noting that he was facing a “case of first impression,” Judge Orrick determined that the Ooki DAO, having received both actual notice and the best notice practicable under the circumstances, had been properly served. While Judge Orrick’s holding addresses the question of service, his reasoning gives some insights into the Court’s application of traditional legal doctrines to DAOs.
Notably, Judge Orrick concluded that the CFTC had adequately alleged that the Ooki DAO was an unincorporated association that is capable of being sued under California law. Ticking off the elements necessary to find that the Ooki DAO was an unincorporated association, Judge Orrick determined that the CFTC had alleged or shown that (i) Ooki DAO was a group of two or more persons; (ii) who had joined Ooki DAO by mutual consent; and (iii) and that the Ooki DAO had a common lawful purpose. Judge Orrick then noted that, in the Court’s determination, the Ooki DAO had structured itself in such a way that it could likely only be contacted online. Emphasizing that finding, Judge Orrick concluded that service via the Ooki DAO’s Help Chat Box and online forum satisfied both the requirements of California law and constitutional due process. The CFTC subsequently moved for an entry of default against the Ooki DAO, which was entered in late January.
Notwithstanding that proceedings in the CFTC lawsuit have quieted since that entry, Judge Orrick’s December 20 opinion raises important considerations for those operating in the DeFi space to consider. Principal among those is that if DAOs can be served as unincorporated associations (or partnerships) then it appears possible that any token holder of a particular DAO’s token could sue (or be sued by) any other holder of that token. To this end, Judge Orrick noted that the CFTC’s decision to “sue the organization rather than the Token Holders individually [was] a litigation strategy the CFTC [was] permitted to make.”
To be sure, notwithstanding Judge Orrick’s decision on the question of effective service, issues regarding the ultimate liability of DAO entities, as well as those related to the liability of token holders who participate in DAO governance, raise thorny questions – including those related to which token holders can or should be held liable for what DAO actions. Indeed, as CFTC Commissioner Summer K. Mersinger noted in a statement dissenting from the CFTC’s September 22, 2022 enforcement action against Bean, Kistner, and bZeroX, LLC, a theory of liability which would hold all voting DAO token holders liable for a DAO’s actions raises a variety of line-drawing problems that may lead to inequitable results (e.g., holding token holders who have exercised their voting rights liable while those that have yet to exercise not liable – regardless of whether the votes in question had anything to do with the conduct underlying any liability on the part of the DAO). See Dissenting Statement of Commissioner Summer K. Mersinger Regarding Enforcement Actions Against: 1) bZeroX, LLC, Tom Bean, and Kyle Kistner; and 2) Ooki DAO, (Sept. 22, 2022).
Houghton v. Leshner (and Compound DAO)
While the motions in CFTC v. Ooki DAO were pending, another strikingly similar case landed on Judge Orrick’s desk: Houghton v. Leshner, No. 3:22-cv-7781 (N.D. Cal.), a class action lawsuit seeking to hold individual and entity defendants liable as general partners in the Compound DAO, a decentralized autonomous organization responsible for, inter alia, selling COMP tokens. Unlike the CFTC, the Houghton Plaintiffs also named the two co-founders of Compound Labs – the predecessor entity to the Compound DAO – and, notably, five other entities that hold COMP tokens as defendants. The Houghton Plaintiffs seek to hold these defendants liable under Section 12(a)(1) of the Securities Act under the theory that the Compound DAO sold unregistered securities. The Court has extended the time for the Houghton defendants to respond to or move to dismiss the complaint until after appointment of a lead plaintiff and lead counsel pursuant to the Private Securities Litigation Reform Act of 1995 (“PSLRA”), 15 U.S.C. § 78u-4, et seq, which appointments occurred on March 13.
To be sure, Judge Orrick likely will not be the only judge or authority who may have to weigh in on this issue. The Sarcuni Defendants’ motions to dismiss remain pending in the Southern District of California. Shortly after Judge Orrick’s December 20 Order, the Sarcuni Plaintiffs filed a notice of supplemental authority, directing Judge Burns to the CFTC v. Ooki DAO Court’s decision. The plaintiff in another case pending in the Eastern District of New York, Kent v. PoolTogether, No. 1:21-cv-6025 (E.D.N.Y.), concerning allegations that certain individuals and entities controlling a DAO were running an illegal lottery, filed a similar notice. And, taking a different tack than the non-parties in CFTC v. Ooki DAO, venture capital firm Haun Ventures recently submitted a petition for rulemaking urging the CFTC to clarify the obligations and liabilities of DAO members. Regardless, in the coming months we are likely to see more opinions with potentially ground-breaking implications for the cryptocurrency community.