Image: Unsplash

Fashion has been among the early-industry-adopters of various aspects of Web3 – from the introduction of non-fungible tokens (“NFTs”) to the move by a growing number of brands to introduce crypto as a form of payment in their stores and e-commerce sites – in recent years. All the while, decentralized autonomous organizations (“DAOs”) are proving to be a budding point of interest, with certain industry players toying with the potential benefits that member-owned digital communities without centralized leadership present for entities that are looking to join together and invest in fashion-focused endeavors. Red DAO, which pooled nearly $2 million to acquire Dolce & Gabbana’s “The Doge Crown” NFT in October in furtherance of its larger aim of investing in digital fashion items, is one that comes to mind. 

While participation in a DAO is understood to deliver unique advantages, namely, from a governance perspective, this type of organization is not without risks, including when it comes to liability of its members in the event that something goes wrong. The potential for broad liability across a DAO’s governance token-holding members is being tested in a new lawsuit that has been waged against bZx, the creator of a decentralized finance protocol that was hacked in November 2021, leading to the misappropriation of about $55 million worth of crypto and the subsequent filing of a negligence suit.

Arising out of “the use of novel cryptocurrencies,” Christian Sarcuni and the other named plaintiffs assert in their complaint against bZx DAO, its two co-founders Tom Bean and Kyle Kistner, and two limited liability companies that invested in the DAO and contributed to governance decisions, among others, that the case, itself, is “legally straightforward,” and that the defendants are on the hook for negligence as a result of bZx’s alleged failure to put safeguards in place to protect funds invested in the decentralized finance protocol. 

In the complaint, which was filed with the U.S. District Court for the Southern District of California on May 2, Sarcuni and the other named plaintiffs, all of whom deposited cryptocurrency with the bZx protocol, claim that despite bZx’s creators telling users that “they need not ‘ever worry about … getting hacked or [anyone] stealing [their] funds,” the protocol “lacked reasonable safeguards and was hacked” late last year. As a result of bZx’s alleged failure to “implemented security measures that its operators knew were reasonably necessary,” hackers were able to drain the plaintiffs’ accounts of (the equivalent of) millions of dollars in crypto when one of the bZx developers “fell for a so-called email ‘phishing’ scam that permitted access to key passphrases.” 

“Since the protocol has failed to pay back what was taken as a result of [its] negligence,” Sarcuni and co. claim that all of the defendants are “jointly and severally responsible” for making the plaintiffs whole again. This is “because the bZx protocol purports to be a so-called DAO that lacks any legal formalities or recognition.” (While initially controlled by Bean, Kistner, bZeroX LLC and Leveragebox LLC, since August 2021, the bZx DAO has been “controlled by those who hold the BZRX token,” and thus, “bZx tokenholders [are] the main drivers of governance and decision making of the bZx platform.”)

While DAOs may be a novel craze in the crypto space, their organization structure is not actually new at all, the plaintiffs argue: Given its structure and the way it operates, the bZx DAO is a general partnership among its token holders. Specifically, the plaintiffs argue that the DAO mirrors a general partnership as it is “an association of two or more persons (the tokenholders and investors), to carry on as co-owners (of the bZx DAO, with shared control of the bZx treasury funds, among other assets), of a business for profit (the bZx protocol and related products built on it, with the profits being the right to fund held in the treasury).” 

Because the DAO lacks any legal formation or recognition, Sarcuni and co. claim that just as with general partnerships, “each of the members of the DAO is jointly and severally liable to the plaintiffs and must make good on the full amount of its debts.” 

Against this background, Sarcuni and the other plaintiffs set out a single claim of negligence, alleging that the bZx protocol and its partners owed them a duty to maintain the security of the funds deposited using the bZx protocol, “including but not limited to putting in place procedures such that a phishing attack on a single developer would not result in a multi-million-dollar theft,” which they breached by failing to maintain the security of funds deposited using the bZx protocol and supervise developers of the protocol. Moreover, the defendants’ actions “were the proximate and but-for cause of an injury – namely, the loss of funds deposited with the bZx protocol,” the plaintiffs argue, seeking a certification of their proposed class, as well as a damages award to fully compensate them and the proposed class for all lost funds. 

Reflecting on the case, which they call a “first-of-its-kind putative class action lawsuit that tests the legal argument that a DAO is a general partnership exposing its members to joint and several liability,” Skadden’s Stuart Levi and Anita Oh state that it highlights the risks of operating a DAO without any formal legal structure. “Without such a structure, DAO members may, in certain cases, be jointly and severally liable, which liability could possibly extend even to those members who may not have been involved in decisions allegedly resulting in losses or other issues.” 

Jurisdictional questions in this case could also prove to be an interesting takeaway, according to a note from Eversheds Sutherland LLP, whose attorneys note that “the legal status of DAOs is unclear and jurisdiction-specific.” Whether a DAO is a general partnership is “a determination that would be made under existing corporate law and would depend on how the DAO is structured and operates,” they state, asserting that “while states have varied in their approach to DAOs, developments in the U.S. suggest a trend towards according DAOs status similar to that of a traditional LLC.” They note that “if a DAO could register as a LLC” – which is permitted in states like Wyoming – or “obtain alternative legal status, DAO members’ personal liability could be limited.”

The case is Sarcuni et al v. bZx DAO et al., 3:22-cv-00618 (S.D. Cal.).