DAOs and the law: Enforcement


Decentralised Autonomous Organisations (DAOs) are an emerging method for organising community based activities using blockchain technology. In the fourth of a series of articles exploring legal issues related to DAOs in Hong Kong, Pádraig Walsh and Shirley Kong from the Digital Services and Fintech practice of Tanner De Witt explore enforcement issues that arise in respect of enforcing against DAOs .

Pseudonymity and anonymity

The pseudonymity and anonymity of participants in DAOs arises in a number of dimensions:

Unknown counterparties: It may be possible for anyone to become a DAO participant, and there may be no steps taken to verify identity before participation. This has obvious concerns in respect of anti-money laundering (AML).

Control: It may be difficult to identify who controls or influences a DAO, and how decentralised a DAO actually is. Conduct which has the appearance of being dispersed may, in fact, be a single actor or a small number of actors acting through multiple aliases.

Governance: It may be difficult to identify persons who are responsible persons, or who can be attributed responsibility, in respect of regulated activities. Even if a DAO is engaged in activities relating to securities, it can still be challenging to identify who is conducting those activities, and who is responsible.

Attributing responsibility

The activities or conduct of DAOs or persons may be advocated in the language of decentralisation, and some activities may be governed by smart contracts. Also, the unusual patterns of information flow may make it challenging to establish basic facts. Nonetheless, regulators must engage in a fact-finding exercise, given that the substance of the arrangements will dictate the regulatory analysis and possible enforcement actions.

The regulator will assess factors such as:

(a) the roles of natural persons in the DAO’s activities and arrangements;

(b) the ability of natural persons to control or influence arrangements;

(c) the ability of persons who are not active in the DAO’s operations to nonetheless exercise control or influence (for example, investors);

(d) the economics of the DAO arrangements, and how incentives operate to benefit persons involved in the DAO arrangements; and

(e) how the regulator can exercise jurisdiction over those persons.

The analysis may result in considering or attributing regulatory responsibility to persons such as:

(a) founders and developers of a DAO project;

(b) issuers of governance or voting tokens; and

(c) participants in a DAO project who engage in various activities including:

(i) voting governance tokens;

(ii) hold administrative rights to smart contracts;

(iii) assume responsibility or maintaining or updating a project;

(iv) hold advantageous access to information;

(v) actively facilitate increased participation in DAO services;

(vi) hold control or influence over custody of assets or funds;

(vii) hold the ability and responsibility to reverse transactions; or

(viii) receiving significant rewards or profits from DOA operations.

The regulatory responsibility of persons will be assessed under applicable laws in a similar manner to any other scenario. For instance, a person that has received DAO tokens in an air drop and has not participated in voting activities, can expect to be treated differently to a founder that has reserved significant control and influence over and profits from DAO activities.

Identifying defendants

Ultimately, enforcement will be complicated by the pseudonymous or anonymous nature of DAO participation. DAO members do not typically sign up with real names and personal information. This position may change if legal wrappers are adopted on a widespread basis. The laws in respect of most DAO legal wrappers require certain persons to register with their genuine name and credentials.

Ooki DAO case example: The Commodity Futures Trading Commission (CFTC) filed a federal civil enforcement action in the US District Court, charging Ooki DAO, with violating multiple laws and illegally operating an unregistered business to allow retail participants to engage in margin trading. The Court allowed the suit because the defendant DAO fell within the meaning of an “unincorporated association” under California state law and therefore could be treated as a legal entity. An unincorporated association means a group of two or more persons joined by mutual consent for common lawful purpose, whether organised for profit or not, where such persons function under a common name under circumstances where fairness requires the group be recognized as a legal entity. The CFTC’s settlement order and complaint defines the Ooki DAO unincorporated association as comprising those who vote on proposals with their Ooki tokens.

bZx DAO case example: In the bZx DAO case, platform users brought a claim in negligence for losses stemming from hacking. The Court held that the negligence claim could be asserted not only against the defendant DAO itself, but also against persons holding their tokens. The token holders were alleged to be members of a general partnership. The main reason for this was the token holders exercised governance rights in the DAO, and could share in the DAO’s profits. As members of a general partnership, the individual token holders would face vicarious joint and several liability exposure for the alleged torts of the DAO, including damages for “purely economic losses” as a “special relationship” between the plaintiffs and the defendants (DAO members) was found.

Proper service

Once a litigant or regulator decides to claim or enforce against a DAO, it will need to serve a writ or similar legal process on the defendants to notify them of the action against them. It will be difficult to identify the defendants. DAO participants use pseudo names. Service must typically be done by certain prescribed methods, such as personal service, or delivery at the last known address.

Ooki DAO case example: In the Ooki DAO case, the CFTC requested for service through the “Help Chat Box” and an online discussion forum on Ooki DAO’s website. The reason provided by the CFTC was that they could not identify a person at Ooki DAO to accept service of its complaint, and so argued that this was the only viable method. The Court ultimately allowed service via the chat box and the online discussion board. After the CFTC posted the complaint in the Help Chat Box and online discussion forum, the Court agreed that Ooki DAO had “received both actual notice and the best notice practicable under the circumstances”. In the end, no one appeared in the Court on behalf of Ooki DAO, and the Court entered a default judgment for a sum and order the take down of the website and related operations.

Overlapping jurisdiction

Issues may arise between overlapping jurisdictions of regulators both in Hong Kong and internationally. For instance, stable coins will soon come under the regulatory remit of the Hong Kong Monetary Authority (HKMA). However, some stable coins may also fulfil the characteristics of securities, and be under the concurrent regulatory jurisdiction of the SFC. There will be a need for co-ordination of activities to avoid duplication of effort and resources.

This issue is more problematic elsewhere, particularly in the US. The Commodities and Futures Trading Commission (CFTC) has regulatory authority over digital assets classified as commodities. Federal securities laws provides the SEC with regulatory authority over digital assets which are classified as securities. Lessons can be drawn from examples there.

Mango DAO case example: In January 2023, there were three different lawsuits filed against Avraham Eisenberg, a crypto trader, for fraudulently manipulating the price of Mango DAO’s MNGO token to unlawfully obtain over $110 million in digital assets. The DOJ was the first to file an action against Eisenberg, relying on its broad wire fraud authority (but not federal securities laws) as the basis for its charges for commodities fraud and commodities manipulation. Next, the CFTC brought charges against Eisenberg for trading on a decentralized digital asset platform. This was the CFTC’s first ever enforcement action. The SEC then brought charges based on the view that MNGO, “a so-called governance token,” is a security. This case demonstrates the competing realms of enforcement and regulatory scope of different authorities in the US.


The particular features of DAOs make enforcement of claims against DAOs especially challenging. On the one hand, the pool of potentially liable persons could be quite significant. On the other, identifying, serving and enforcing against those persons will be made significantly more difficult by the pseudonymous and anonymous nature by which persons participate in DAOs. The challenges of enforcement will be a key consideration in the commercial assessment of bringing civil claims such as breach of contract or negligence.

Notwithstanding the challenges, regulatory action and enforcement is likely to be very active for the foreseeable future. Most regulators are established either as independent statutory bodies with public functions, or as government bodies. Securities regulators, for instance, have a clear function and mission to protect the investing public and to maintain the integrity of the markets they regulate. To the extent that DAOs engage in activities that breach of law of regulation, DAOs can expect that enforcement will occur and regulators will persist and persevere in the performance of their public duties.

Pádraig Walsh and Shirley Kong

If you want to know more about the content of this article, please contact:

Pádraig Walsh

Partner | Email

Disclaimer: This publication is general in nature and is not intended to constitute legal advice. You should seek professional advice before taking any action in relation to the matters dealt with in this publication. This article was last updated on 03 May 2024.