A number of folks got together to create a business that would take advantage of a crypocurrency protocol known as bZx that was supposed to be super-duper secure, or, as they put it, no depositor of cryptocurrency should “ever worry about … getting hacked or [anyone] stealing [their] funds.” Of course, that’s exactly what happened: Using a simple e-mail phishing scam, hackers were able to get into one of the bZx developer’s accounts and obtain passphrases which allowed the hackers to steal about $55 million worth of cryptocurrency. This by itself is not remarkable, as hardly a week goes by that I don’t read some article or another about millions in losses due to the hacking of cryptocurrency accounts. But let’s continue, as this eventually becomes very interesting.
The bZx folks did not make good the losses, and so some of the depositors started a class action lawsuit in the U.S. District Court for the South District of California. But who to sue? The bZk protocol isn’t a real person or even a recognized legal entity, but instead is what is known as a de-centralized autonomous organization, known as a “DAO” and which one might describe as sort of a financial anarchy where ultimately nobody claims ultimate responsibility — kind of a legal mist if one wants to think of it that way.
Fortunately for these depositors, the law doesn’t think in terms of either financial anarchy or legal mists, but instead operates to sort things out into discrete pigeonholes. Everything in the legal world goes into one pigeonhole or another; if something doesn’t seem to fit into any particular pigeonhole, particular because it is something new, then the law operates to cram it into a default pigeonhole anyhow, which might be characterized as something like a miscellaneous pigeonhole with a sign above it that says, “Everything else goes here.”
When it comes to business organizations, that default pigeonhole is the general partnership. If something is a business organization, but it is not a corporation, limited liability company, limited partnership, statutory trust (or one of several types of exotic entities), then what the law sees is a general partnership. Or, going back to our sign, everything else goes into the general partnership pigeonhole.
For folks involved with them, general partnerships are bad news for the reason that everybody involved with the entity is deemed to be a general partner, and general partners are generally liable for the debts and liabilities of the partnership. Contrast this with corporations, where the entity itself has liability but the shareholders do not. Contrast this with limited liability companies where the entity itself has liability but the members to not. Even contrast it with a limited partnership where the limited partners have no liability, but the entity itself and only the general partners have liability. With a general partnership everybody is legally responsible for the debts and liabilities of the entities.
Thus, what the depositors alleged is that the bZx de-centralized autonomous organization is, for legal purposes, just a general partnership. That means that everybody who was involved with the bZx DAO is potentially on the hook for liability. When the depositors sued, they just sued pretty much everybody who was involved with the bZx protocol in relation to the hacking loss — including mere investors who would otherwise have been protected from liability if the bZg group had been organized as a corporation, limited partnership, or an LLC.
The general liability of the general partners in a general partnership means that each and every one of them have full responsibility for liability. If the court finds that they constituted a general partnership (which is determined by a very lax standard), and finds that a particular defendant is a general partner, then that defendant will be on the hook for the full amount of the liability without respect to that defendant’s own actions or inactions in regard to the hacking incident. To say that this is a brutal result would be accurate, but that’s how general partnership law operates.
What has happened with DAO’s is the same thing that has happened over and over with the law for centuries: The law progresses very slowly, almost comically slowly, in relation to technology which progresses very quickly. Thus, technology frequently outruns the law in its development, and the courts then must take whatever technology has done and cram it into one of the exiting legal pigeonholes until the law (in the form of new statutes) is passed by the legislatures. Here, that results in the claim that a very new and sophisticated form of organization in the way of DAOs should be treated as one of the most ancient forms of legal organizations in the form of a general partnership.
Is that fair? Doesn’t matter, as least as far as the law is concerned. The only thing the law cares about is how something is treated under the law as it exists today, and things which seem to require the development of new law are, again, left to the legislatures. As an aside, it strikes me that these DAOs should be organized as Series LLCs, but we will leave that for another day. What is certain is that DAOs are a palpable legal danger to themselves and everybody associated with them, and folks who have something to lose should stay away from them entirely for now. Some bright lawyer is going to have to shoehorn DAOs into an existing legal structure or else the result that seems likely in this case (everybody is liable as general partner) will play itself out with every DAO that is subject, or at least their participants are subject, to American law.
Hat tip to Johnny Lyle who finally talked me into writing on this.