Is the Sun Setting on Perceived DAO “Immunity”?: Ooki DAO Is A Person Under the Commodity Exchange Act

Is the Sun Setting on Perceived DAO “Immunity”?: Ooki DAO Is A Person Under the Commodity Exchange Act

On June 8, 2023, US District Judge William H. Orrick, in a default judgment, ordered Ooki DAO (“Ooki”) to pay a civil monetary penalty of $643,542 for operating an illegal trading platform and unlawfully acting as a futures commission merchant. In addition, Ooki was banned from trading and was required – along with any third party providing web-hosting or domain-name registration services – to shut down its website and remove its content from the Internet.

The most significant legal implication of this decision is Judge Orrick’s finding that Ooki was, in fact, a person under the Commodity Exchange Act and was therefore liable for any violations of that law.[1] The question that arises is to what extent this was an unavoidable consequence of the more ostentatious conduct of Ooki’s founders, or a sign of what is to come for DAOs more generally.

The Commodity Futures Trading Commission (“CFTC”) initially began an action against Ooki in September 2022. This occurred at the same time as the CFTC’s settlement with the founders of the decentralized trading platform bZeroX (Ooki’s predecessor LLC), who had transferred the blockchain-based software protocol to Ooki.[2]

The founders of bZeroX had transferred the protocol to Ooki in an attempt to avoid regulation and enforcement – a bold strategy publically trumpeted by its founders. As one founder bluntly stated:

It’s really exciting. We’re going to be really preparing for the new regulatory environment by ensuring bZx is future-proof. So many people across the industry right now are getting legal notices and lawmakers are trying to decide whether they want DeFi companies to register as virtual asset service providers or not – and really what we’re going to do is take all the steps possible to make sure that when regulators ask us to comply, that we have nothing we can really do because we’ve given it all to the community.[3]

The strategy – a transparent attempt to insulate the LLC from regulatory enforcement – was not lost on the regulators. In its lawsuit, the CFTC accused Ooki of “illegally offering leveraged and margined retail commodity transactions in digital assets; engaging in activities only registered futures commission merchants […] can perform; and failing to adopt a customer identification program as part of a Bank Secrecy Act compliance program”.[4] In short, the CFTC did not let bZeroX’s transformation into a DAO blunt their enforcement case.

Notably, Ooki did not respond to the CFTC’s suit; that is, Ooki did not a launch a defence against the CFTC’s claims and presented no arguments in court.[5] Some say this is an expected “collective action problem”, due to the risks facing any user who identifies themselves,[6] but others point to the fact that DAO governance votes are designed for this very purpose – to mobilize the collective to a common course of action (assuming any user is inclined to seek a governance vote to do so).

One might query whether a staunch defence of the DAO, and arguments against a finding that the mere holding of a token (and the possibility of voting with it) could draw users into an enforcement action, may have succeeded if argued, particularly under different circumstances.

DAOs – by their very nature and name – are in their purest form fully decentralized autonomous organizations with their operations decided by a community of members. While principals and developers manage code and determine which issues go to a vote, the community as a whole votes on major decisions that impact the DAO and its course of action. For instance, these authors have written about the important variables at play when, in cases such as Mango Markets, principals propose votes to settle claims against attackers who exploit smart contracts for their profit and to the detriment of the rest of the community. In that case, the DAO voted on and confirmed terms of a settlement with the attacker, Avraham Eisenberg. But even after this vote, Mango Labs, LLC launched a civil action against Eisenberg to recover his negotiated ‘bounty’ (which was in addition to various other criminal and regulatory proceedings brought against him for commodities fraud and market manipulation).

DAOs are a democracy in its messiest form. This messy nature creates a false sense of security for those managing DAOs. The big question has become: to what extent do DAOs insulate their principals, developers and even token holders from liability? The emerging trend towards forming corporate structures around DAOs has arguably come about in part as an acknowledgment that it will likely be insufficient to rely on the nature of DAOs to protect its members. The CFTC’s successful prosecution against Ooki, and Judge Orrick’s finding that Ooki was a ‘person’ under the Commodity Exchange Act, serves as the clearest statement that regulators are not dissuaded from prosecuting because of an unincorporated DAO’s status.

The perceived DAO “immunity” era, if it ever existed, certainly appears to be coming under challenge, at least in the United States. The CFTC made a strong statement in the Ooki case, noting that:

The founders created the Ooki DAO with an evasive purpose, and with the explicit goal of operating an illegal trading platform without legal accountability […] This decision should serve as a wake-up call to anyone who believes they can circumvent the law by adopting a DAO structure, intending to insulate themselves from law enforcement and ultimately putting the public at risk.[7]

The DAO industry must now take stock of the CFTC’s successful prosecution against Ooki and decide to what extent this decision might be an outlier, due to Ooki’s founders’ clear attempt to evade regulators, or whether it is part of a growing trend in the courts to pierce the nature of DAOs to attribute accountability. The implications are serious for DAOs as they assess whether to take on formal corporate structures.

First, using a DAO structure is no longer a guaranteed pathway (if it ever was) for avoiding regulatory scrutiny, let alone other forms of liability for its principals, developers or token holders. Although the CFTC’s indictments were limited to Ooki’s founders (because their identities were public), the lawsuit was served through the DAO’s forum, requiring members to sponsor their defences as individuals and not as a DAO. By piercing the DAO’s cloak and putting obligations on its members, the CFTC raised the spectre of greater liability and accountability for token holders, to the extent they can be identified in each case.

Second, the finding that a DAO is a person under the Commodity Exchange Act begs the question of how and when a DAO might be treated as a legal entity and obtain certain entitlements and obligations under the law. For example, we have seen DAOs take on a corporate structure to accomplish certain tasks, as was the case with Mango Labs, LLC. This Wyoming entity is being used as a vehicle to sue Eisenberg in the Southern District of New York to recover the ‘bounty’ from his attack on the Mango Markets DeFi protocol (seeking a finding that the ‘settlement’ with Eisenberg is unenforceable at law, and consequently his bounty should be returned to the DAO).

The DAO industry will undoubtedly watch carefully as further attacks and frauds test the boundaries of a DAO, and whether its structure affords their members any “special” protections or immunity. It may be that anonymity is its own best protection for token holders, albeit one not available to the principals.

[1] Release Number 8715-23, “Statement of CFTC Division of Enforcement Director Ian McGinley on the Ooki DAO Litigation Victory”, June 9, 2023, Commodity Futures Trading Commission, online.
[2] Release Number 8590-22, “CFTC Imposes $250,000 Penalty Against bZeroX, LLC and Its Founders and Charges Successor Ooki DAO for Offering Illegal, Off-Exchange Digital-Asset Trading, Registration Violations, and Failing to Comply with Bank Secrecy Act”, September 22, 2022, Commodity Futures Trading Commission, online; Brian Quarmby, “CFTC slammed for ‘blatant regulation by enforcement’ over Ooki DAO case”, September 23, 2022, Cointelegraph, online.
[3] See para 3 in Commodity Futures Trading Commission v. Ooki DAO, Civil Action No. 3:22-cv-5416, online.
[4] Release Number 8590-22, CFTC Imposes $250,000 Penalty Against bZeroX, LLC and Its Founders and Charges Successor Ooki DAO for Offering Illegal, Off-Exchange Digital-Asset Trading, Registration Violations, and Failing to Comply with Bank Secrecy Act”, September 22, 2022, Commodity Futures Trading Commission, online.
[5] Brian Quarmby, “Ooki DAO to shut down after ‘precedent setting’ court battle with CFTC”, June 10, 2023, Cointelegraph, online.
[6] Linda Butler and Kristopher B. Kastens, “Ooki DAO Default Judgment: Regulators Still Face Many Technical and Legal Challenges in Regulating Smart Contracts”, June 21, 2023, online.
[7] Release Number 8715-23, “Statement of CFTC Division of Enforcement Director Ian McGinley on the Ooki DAO Litigation Victory”, June 9, 2023, Commodity Futures Trading Commission, online.

By Benjamin Bathgate and Madeline Klimek

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2023