Buying DAO tokens? It’s no longer risk-free: a court could consider you a partner in the enterprise and hold you responsible for millions in stolen funds. Another legal pitfall could be simply working for the DAO — and implementing community decisions that turned out to be illegal in some far-flung jurisdiction.

As many DAO communities realize that they need some kind of legal structure or “legal personality” to act in the real world, lawyers around the world are proposing solutions ranging from mimicking corporate structures to anonymous operating foundations.

Nothing in this article should be construed as legal advice – and not just because the law is silent on any of it.

Code is law?

In 2021, Magazine interviewed Griff Green, whose heroic actions in stopping The DAO hack on the morning of June 17, 2016 helped save a large portion of the then-14% of Ether. By determining how the exploit worked, his team of hackers worked to “steal” faster than the malicious actors, thereby limiting the amount that could be stolen by an individual who discovered the bug in The DAO’s code. But who does this ETH belong to?

Does it belong to the 11,000 investors who contributed ether to the project last month? If so, what claim do these “investors” have, considering they handed their money to an organization with no leadership or jurisdiction, governed entirely by smart contracts that operate based on investor votes?

Or does it belong to a “malicious hacker” who simply interacted with a publicly available smart contract in a way that allowed them to extract ether? Many would argue that this is perfectly legal under the “code is law” mantra.

Since The DAO had no legal personality, under what laws could it hope to pursue the hackers even if they were caught? The same goes for the “investors” — they didn’t enter into any legal agreement or any contract when they invested, so how could they claim the stolen ether was theirs?

Perhaps the ether Green’s team had acquired was now rightfully theirs? Green admitted that he took “huge risks” by preemptively stealing 10% of the ether in circulation, and recalled that as word spread, “we were just regular people; we didn’t have a company.” Ultimately, Green’s team returned the funds through a decentralized application.

These issues are only now beginning to be tested, with one of the first (and developing) cases to emerge being Ooki DAO, which was accused of violating the Commodity Exchange Act (CEA) by allowing users to engage in retail commodity derivatives trading without registering the platform or performing KYC procedures. In January 2023, a judge found that Ooki was an “unincorporated association of token holders” that could be sued like an individual or company — and could be served by posting a notice on the DAO’s online community forum.

Another recent example of a violation of the law can be found in the case of Avraham Eisenberg, who was arrested in Puerto Rico in December 2022 at the request of US authorities for running a “highly profitable trading strategy” that effectively exploited the smart contract decentralized finance DAO Mango Markets — draining $110 million.

He claimed that the entire attack was perfectly legal under the slogan "Code is Law," but the FBI disagreed. The case is still pending in court.

Partnership, foundation or corporate packaging?

When talking about DAOs, The DAO can be understood as the original example that the concept is based on. As such, The DAO is often considered an ideal example of what a decentralized autonomous organization should be: cryptographically decentralized, without real-world anchors, with its operations automated through smart contracts and organized through blockchain governance.

In practice, however, “courts would likely interpret a DAO structure as a general partnership, with unlimited joint and several liability for all participants,” notes Jason Corbett, managing partner at Silk Legal, a blockchain-specialized boutique law firm.

Jonathan Turnham, a partner at Cayman Islands law firm Travers Thorp Alberga who spends 95% of his time researching crypto law, agrees that it’s complicated. He explained that in theory, a truly decentralized DAO, such as a decentralized exchange or metaverse project, could be “a code-based business, a bunch of ones and zeros,” and technically wouldn’t require a real-world corporate structure or physical business.

If a DAO envisions any kind of contract it might need to enter into, then it is not code-based, and by some definitions, it is not a DAO at all. Source: Pexels

But in his experience advising dozens of DAOs, this fully decentralized model tends to run into trouble quickly — perhaps even within the first 10 minutes of operation.

“A codebase business still needs a front end,” Turnham explained, listing real-world needs like domain names, web hosting, banking services — or hiring a lawyer — all of which are difficult to obtain and pay for as an unregistered ghost-like entity. Any DAO that needs to enter into contracts involving real estate, intellectual property, or even the purchase of the U.S. Constitution can’t simply be based in code, because they require some type of legal personality.

You can’t connect to the real world as you know it, it’s awkward, and all you need is a damn credit card or bank account to pay a non-crypto service provider.”

“At present, DAOs have no legal status in most jurisdictions,” said Irina Heaver, a partner at Keystone Law, a blockchain-focused firm, and general partner at venture capital firm Ikigai Ventures. She was speaking in the context of the Metaverse projects launched on decentralized protocols. Legally speaking, traditional companies appear to still be the main players in the market.

There are exceptions, of course. The US state of Wyoming has recognized the US CryptoFed DAO as a legal entity, and Vermont appears to have done the same with dOrg LLC.

Oliver Goodenough, special counsel at DAO law firm Gravel & Shea, commented: “We believe dOrg is now the first legal entity to directly reference blockchain code as the source of its governance. Its material operations and ownership interests are managed entirely on-chain.” A Senate committee report even recommended that the Australian government should recognize the legal status of the DAO as soon as possible, although it has yet to act on the recommendation.

Would legalizing DAOs kill their specialness?

But Sarah E. Paul, partner at Eversheds Sutherlands, was critical of the way the “legalization” of DAOs was rolled out, noting that certain provisions of the Wyoming DAO law are “antithetical” to the fundamental idea that DAOs should be considered to operate entirely through smart contracts.

“DAOs must define in their constitution how the members will govern the DAO, including the extent to which governance will occur algorithmically — they should define how dispute resolution will occur, which cannot be entirely handled by smart contracts,” she said.

In this sense, one might wonder whether DAOs are truly a unique legal device, or whether they are roughly to companies what a registered civil partnership is to a marriage – essentially the same thing as modern-day varnishing.

Heaver, in turn, argues that “the concept of a traditional corporation is morally outdated.” If the C-word is too dirty for DAO teams to be associated with, “foundation” might be another option.

Turnham sometimes directs teams to set up a foundation in the Cayman Islands, which would then serve as a service provider with a legal personality, acting as the “arms and legs” of a DAO. While he acknowledges that “the real Web3 crowd” might argue that such a solution doesn’t meet the threshold of a DAO because it has a centralized legal entity, Turnham explains that this solution isn’t too far from ideal, as such a foundation can effectively be “orphaned” and doesn’t need shareholders.

Going back to the company, there are also what he calls “wrapped DAOs,” which are incorporated into a jurisdiction — like his — that allow anonymous or semi-anonymous boards to control projects in a way that’s largely impossible in many other legal regimes.

However, the risk to foundation directors or even just employees is enormous if they are doing something clearly illegal (for a US entity, at least) like financial dealings with North Korea. Turnham further explained that this could be seen as supporting the idea that DAOs should be run like corporations, with the role of the board essentially being to provide sober reconsideration of community suggestions and “avoid the kind of super violent, super abusive, or frankly super illegal activity that some DAO vote might try and push through.”

If the DAO you work for votes to become a criminal enterprise, exit and send your tokens to a burn address. Source: Pexels

Such a corporate setup is inconsistent with true blockchain governance because “governance token holders do not have the power to enforce day-to-day decisions,” Turnham clarified, describing them as more akin to “advisory tokens” of a DAO that function more like a community “opinion box” for its administrators to consider. This model, he argued, is one that a judge would easily understand.

When the DAO is not encapsulated into a corporate shell, Turnham confirmed that the entire project could be considered a general partnership. In effect, a judge could find that all token holders are in a “common enterprise for profit as general partners” that is fully liable for the actions of all other token holders in connection with the project.

That’s a pretty violent outcome because guess what, you now have 1,000 governance token holders who are now participating in potential securities law violations — and securities regulators could theoretically go after every single one of them.”

This certainly sounds like a nightmare scenario, which is precisely why 400 years of corporate law was created in the first place — as a bulwark to protect investors. Painted with such broad historical brushstrokes, the idea of ​​using DAOs to circumvent the need for such legal entities is a rather awkward venture at best — and one doomed to fail at worst.

Perhaps the answer lies in moderation. If a purely “traditional” DAO proves unwieldy in most real-world applications, could the concept be watered down to meet reality? For Turnham, “decentralization is a spectrum,” with plenty of room between the black and white of the cypherpunk ideal and traditional corporate structures.

Paul agreed, noting that “all the DAOs I’ve looked at have some degree of centralization — in fact, it’s hard for them to work without it.”

Securities Laws and Governance Tokens

In addition to the risk of being found a partnership whose token holders were liable for all corporate actions, there was also concern that the governance tokens issued by the DAO would themselves be found to be securities.

If so, their issuance to the public falls under heavily regulated securities legislation, especially in the United States, where selling unregistered securities to non-accredited investors can be considered a crime, punishable by heavy fines and prison sentences. Regulations vary around the world, so what may not be a legal issue in one jurisdiction may become a big problem when someone in another country receives the tokens.

DAOs are basically designed to give legal professionals a headache. Source: Pexels

In the United States, whether a token can be classified as a security is determined by the Howey test, which defines a security as consisting of (1) an investment of money, (2) an investment in a common enterprise, (3) a reasonable expectation of (4) profits to be derived from the efforts of others.

At first glance, things don’t look good — people are investing in cryptocurrencies to get shares that look similar to voting rights in a company, often with the hope of selling them at a higher price.

Arguments can certainly be made about any of the Howey test points. For one, it could be argued that cryptocurrencies (such as the ETH used to purchase tokens) are not “money” or that the tokens are distributed through some other mechanism, such as through airdrops to NFT holders, as with the APE tokens that are worth tens of thousands of dollars each to owners of the Bored Ape Yacht Club NFT. It could also be well argued that some DAOs operate not for the purpose of generating profit, but rather as functions more akin to social clubs, gaming communities, or charitable organizations.

There is almost no case law in this area—you are drafting in a vacuum.”

In Turnham’s view, DAOs cannot be defined as securities in large part because, as decentralized organizations, they cannot necessarily be said to be managed by someone else — although it is unclear whether this would hold up in court. The Howey test is not used by the legal systems of the Cayman Islands and the British Virgin Islands, which he said are jurisdictions that are conducive to the operation of DAOs.

When it comes time to distribute profits or excess capital, the DAO “could use the surplus proceeds to purchase tokens from the secondary market, thereby creating a deflationary effect that would indirectly generate some benefit and value for other token holders.” In another example, the DAO’s foundation “could certainly agree to make contractual payments to token holders on a pro rata basis”—almost like a dividend, but not technically identical. This is important because otherwise, DAO tokens could begin to resemble bearer shares, where ownership depends on actual possession of a share certificate rather than registered title, a form of securities that is prohibited in the Cayman Islands.

Turnham acknowledged that there were few users of DAO tokens in the jurisdiction where he worked, meaning that, in practice, those interested in and participating in DAO governance were from foreign, potentially more restrictive jurisdictions. He said that before selling tokens, the “correct legal advice” was to advise the team to do the impossible:

In a perfect world, I would tell DAO founders to go to every jurisdiction and get legal opinions from lawyers in all of those places to determine whether your token is a security and whether you can sell it to people there.”

Getting 200 legal opinions on securities law is hardly affordable, so in practice, diligent teams will seek legal clarity in “high-risk jurisdictions,” which Turnham identifies as the likes of the U.S., U.K., Canada, and Australia — paying particular attention to any country expected to house large numbers of token holders.

Although DAOs have caused headaches for the legal community, the lawyers interviewed for this article share a common optimism about the new concept—not only as a legal tool, but also as a movement to modernize the corporate world.

The key seems to be the way DAOs encourage community, feedback and engagement through online tools like Discord, which is a stark departure from regular public companies where “once a year you have an annual general meeting where the agenda is rammed down the throats of investors” without any real debate, Turnham said, likening it to a “healthy and fundamental” change from the way companies have operated for generations.

“You couldn’t have had DAOs 100 years ago,” Paul noted, referring to her observation that the movement had a positive energy that connected people around the world. Five years later, she foresees DAOs becoming an increasingly solidified part of organizational structures:

I think DAOs will continue to grow — they’ll struggle with regulation for years to come, but I think they’ll get out of it.”

C3 Tip: The views, thoughts and opinions expressed here are the author's own and do not constitute investment advice or recommendations. Every investment and transaction involves risk.