On May 2, 2022, the United States District Court for the Southern District of California filed a class action lawsuit against the decentralized autonomous organization (DAO) that used the bZx protocol, two of the DAO's co-founders, two limited liability companies (LLCs) that invested in the DAO and participated in its governance, and several other related entities. Unlike traditional companies and other limited liability entities, in theory, DAOs do not have a centralized leadership structure. DAOs do not rely on top-down management, but rather on terms encoded in smart contracts that are deployed on blockchain ledgers. In addition, DAOs do not have a strict hierarchy of power. If you have a token, you have a vote, and one token equals one vote. DAO participants with voting rights are generally considered "equal."
In this case, the plaintiffs advanced an unprecedented argument that the DAO’s co-founders and governance participants were jointly and severally liable for the DAO’s actions, based on the theory that the DAO’s members formed a de facto general partnership and that token holders were therefore general partners with unlimited joint and several liability. This new development is noteworthy because it could have broad implications for DAO structures.
Sarcuni et al. sue bZx DAO and related personnel
According to the complaint (which purports to be from the DAO’s own statement), a DAO developer fell for a phishing scam that resulted in a private key being leaked to an unauthorized third party. The private key had administrative rights to the DAO’s DeFi margin lending and trading protocol, which runs on three blockchains, with the other two controlled by the private key. The hacker was able to use the private key to update the protocol and steal approximately $55 million from it. The complaint alleges that initially, the DAO claimed that its platform was “non-custodial,” with users controlling their own private keys and wallets. But with the loss of the private key, which retained administrative rights, the hacker was able to access all funds on two of the blockchains the platform ran on. As the complaint argues, the DAO acts as a custodian of funds and therefore “should assume its legal responsibility as a custodian to take reasonable and prudent steps to protect the security of funds.” It should be noted that on the third Ethereum blockchain, the founders gave governance of the protocol to the coin holders, so the hacker could not use the private key to extract funds from the Ethereum-based protocol.
The plaintiffs also claim that the DAO "admitted its responsibility for the losses" but has since provided only a "poor and rudimentary" solution.
DAO Liability and Jurisdiction Issues
The DAO as a general partnership
The various legal structures in the United States lack the provisions to pierce the corporate veil, thus protecting shareholders from personal liability for the debts and actions of the company. These entities are the product of the laws of various states, and the most commonly used types of entities are corporations, limited liability companies, limited partnerships (LPs), and limited liability partnerships (LLPs), all of which generally allow their shareholders, members, or partners to have limited liability. In contrast, general partnerships do not provide the protection of limited liability and, therefore, do not generally protect their owners from legal actions and debts that the partnership may face. The owners of a general partnership, i.e., the general partners, are jointly and severally liable for the activities of the business.
General partnerships do not need to be registered and are in fact formed when “two or more persons engage in business together for the common good.” Sarcuni et al. v. bZx DAO showed that the members of the DAO met that definition and that they had inadvertently formed a general partnership, so “each partner is jointly and severally liable to the plaintiff for all its debts.” Critics have long expressed concerns that some DAOs might be considered general partnerships, and therefore governance token holders might be considered general partners, and have tried to prevent the general partnership system from being applied to DAOs in this way. But Sarcuni is the first case in the U.S. (and perhaps the world) to make such a claim.
More specifically, the complaint argues that because The DAO existed independently and did not need to be registered as any particular limited liability entity (such as a corporation or limited liability company), it is proper under existing law to hold The DAO liable as a general partnership because holders of The DAO’s governance tokens, like partners in a general partnership, “have a potential demand on its profits and are jointly and severally liable for them.”
Problems with the ambiguity of DAO definitions
In addition to arguing that the DAO should be treated as a general partnership and that the members of the DAO should be treated as general partners, there are two other odd parts to Sarcuni’s argument that make the case even more interesting.
First, the complaint itself is not clear as to whether all BZRX (the DAO’s native token) holders are general partners or just some of them. It seems to imply that all holders are general partners. For example, the complaint states that “bZx and Ooki DAO, by virtue of their structure and operations, are general partnerships of holders.” However, treating all holders as general partners in this case leads to very strange results. Since the plaintiffs in the case are users of the bZx protocol, they likely received BZRX tokens as liquidity providers, which makes them members of the DAO themselves; therefore, they should also be counted as general partners and bear joint and several liability. In effect, they are suing themselves. The complaint does emphasize that “neither the plaintiffs nor the class hold any meaningful BZRX tokens or shares,” which means that the plaintiffs may be trying to categorize holders and believe that some holders should not be considered general partners due to their limited ownership and activities. Relatedly, there is another somewhat perverse outcome in this scenario: “meaningful” holders of tokens cannot be defendants in a lawsuit simply because they hold tokens, especially since those whose funds were stolen in the hack were almost always holders of tokens.
Second, the complaint seems to equate bZx DAO with all those who hold BZRX tokens (which shows the lack of a clear definition of bZx DAO in the complaint) and argues that it was due to the negligence of bZx DAO and other defendants that the funds were not protected. However, it was precisely because the governance keys were not handed over to the token holders, but were retained by the founding team, that the hacker was able to take advantage of it. For the members of the DAO, it is not clear what else can be done to prevent the hacker attack, except to collectively demand that governance control be handed over to the DAO (those who hold BZRX tokens). This view is also highlighted by the fact that when the protocol was deployed on Ethereum, the governance keys were handed over to the DAO, and the hacker could not steal funds from the blockchain. This definitional ambiguity seems to make Sarcuni a particularly challenging case because it advocates that the DAO and its members as general partners should be given some kind of responsibility.
The Jurisdiction Question for DAOs
In addition to liability issues, the plaintiffs also raise significant jurisdictional issues. Notably, it emphasizes that the court "has specific personal jurisdiction over all defendants because they purposefully joined a general partnership controlled by the state of California." In short, the plaintiffs' argument implies that if DAO members are considered general partners, then they can be sued simply for joining the DAO regardless of where it operates. On the other hand, if the plaintiffs' argument is accepted, the DAO can be sued in any jurisdiction where its members are located because "an unincorporated entity like a general partnership has the citizenship of each of its members."
in conclusion
The complaint seeks a jury trial to determine “whether the defendants were negligent; whether they constituted a general partnership; and whether the general partnership, as the superior, was liable for the hack resulting from the negligence of the developers.” This complaint raises a host of interesting and novel legal questions, and on the surface, it would appear to be a challenging case to successfully demonstrate that the DAO members had formed a general partnership.
Please stay tuned for further updates as this case progresses.