A California federal court ruled in favor of plaintiffs who claimed that the bZx protocol and governance token-holding members of its DAO were negligent and liable for losses caused by a hack that depleted its treasury. In July 2022, the putative class action against bZx and its founders, software developers Leveragebox LLC and Hashed Labs LLC, was first filed.
While the court dismissed some of the claims, such as claims that founders Tom Bean and Kyle Kistner are personally liable for breach of fiduciary duty, allowing the negligence claims to proceed created a landmark ruling in the relatively murky topic of governance token holders’ liability in DAOs.
The decision implies that DAO members may be held liable for negligence, potentially undermining the already questioned decentralized nature of DAOs while providing a defense for founders whose creations have been accused of wrongdoing. The case stems from a $55 million hack of DeFi lender bZx in 2021, which occurred as a result of a developer downloading a malware-infected email attachment. The attacker not only emptied the BZRX token wallet, but also other digital assets such as ether. This comes on top of other hacks the protocol experienced in 2020, including one for $8 million and two others for $630,000 and $350,000.
In response to the hack, the bZx DAO passed a governance motion to compensate token holders 1:1 for their lost BZRX tokens, as well as a debt repayment plan to reimburse holders for other stolen crypto. The repayment plan’s time horizon was unacceptable to holders, prompting the class action lawsuit.
The bZx DAO was later rebranded as Ooki DAO, which many, including courts, have referred to as its successor. In late 2022, the DAO’s co-founders paid the Commodity Futures Trading Commission (CFTC) $250,000 to settle a case involving off-exchange tokenized margin trading and lending services.
The court was asked whether all people who own BZRX tokens are part of a general partnership. The case revolves around how the concepts of fiduciary duty (the obligation to act in the best interests of another), duty of care (the obligation to act without negligence), and joint and several liability (a responsibility shared by multiple parties) apply to the concept of a DAO and governance token holders. While existing case law provides plenty of guidance on how these concepts apply to traditional partnership structures such as general and limited partnerships, DAOs are a bit of an uncharted territory due to their unique structure.
According to California law, General Partnerships exist when there is a “association of two or more persons to carry on as co-owners of a business for profit,” with the caveat that partnerships can be unintentional, as case law supports. The court determined that the bZx Protocol meets the definition of a General Partnership because token holders can propose and vote on governance proposals such as hiring and distributing treasury assets to token holders in the same way that a corporation authorizes dividends. In its 2021 complaint against Ooki DAO, the CFTC took a similar approach.
