• A U.S. court in California has ruled in favor of plaintiffs who alleged that the bZx protocol, and governance token-holding members of its decentralized autonomous organization (DAO), were negligent and liable for losses resulting from a hack that drained its treasury.
  • The putative class action against bZx, its founders, software developers Leveragebox LLC and Hashed Labs LLC was initiated in July 2022.
  • Drained wallets:  The case stems from the $55 million hack of decentralized finance (DeFi) lender bZx in 2021, which resulted because a developer downloaded an email attachment containing malware. Not only did the attacker drain the wallet of the BZRX token, but other digital assets like ether. This is on top of other hacks the protocol suffered in 2020, one of which was for $8 million, while two others that occurred were for $630,000 and $350,000.

See:  Sushi DAO Head Chef Served With SEC Subpoena

• While the court dismissed some of the claims, such as claims that founders Tom Bean and Kyle Kistner are personally liable for breaching fiduciary duty, the fact that it allowed the negligence claims to proceed has created a landmark ruling in the relatively murky topic of the liability of governance token holders in DAOs.
  • The decision implies that DAO members might be held liable for negligence, potentially undermining the already challenged decentralized nature of DAOs, while providing a defense for founders who have seen their creations accused of wrongdoing.
• Does a DAO have duty of care and fiduciary liability?  Before the court was the question of whether all persons holding BZRX tokens are part of a general partnership.
  • The court found that the bZx protocol meets the definition of a general partnership because of how the token holders can both suggest and vote on governance proposals, including hiring and dispersing treasury assets to token holders in the same way that a corporation authorizes dividends.
    • The involvement that token holders have in the business via participation in governance protocols also means they have a duty of care, the court found, including that the protocol was properly maintained and had sufficient security measures.

See:  Ooki vs CFTC: Emerging Questions on Legal and Tax Status of DAOs

• Are DAO founders personally liable?  The court found that complaints against developers Leveragebox LLC and Hashed Labs LLC failed to provide the necessary elements to establish claims of negligence, breach of fiduciary duty, and joint and several liability.
  • "Because Plaintiffs have failed to allege that the Moving Defendants had actual authority to control the bZx DAO, the Court finds that Plaintiffs have failed to allege joint and several liability,” the docket reads.

Continue to the full article --> here