Skip to main content

The decentralized autonomous organization (DAO) is a relatively novel structure gaining popularity in the blockchain community. DAOs are community-led entities with no central leadership built on a blockchain using smart contracts, and with no restriction on the geographic location of its members, potentially resulting in an international organization.

DAOs are seen as transparent and their lack of central leadership is attractive to many.

What DAO members often do not realize, however, is that they may be unknowingly exposing themselves to personal liability, simply by virtue of their membership in a DAO.

Unlike shareholders or members of more traditional legal entities, DAO members do not enjoy protections against personal liability for the DAO’s actions unless there is a state law that offers such protection.

In this article, the authors examine recent case examples that illustrate the risks of DAO membership and the urgent need for federal and state rulemaking that is public and transparent, in contrast to regulation by enforcement.

Earlier this month, the Commodity Futures Trading Commission (CFTC) issued a settlement order imposing a $250,000 civil penalty on the bZerox (bZx) DAO, which unlawfully offered to its members leveraged and margined retail commodity transactions in digital assets in violation of the Commodity Exchange Act (CEA) and CFTC regulations. These margined retail commodity transactions were required to take place on a designated contract market, but did not.

CFTC also commenced a federal civil enforcement action in California based on the violations of the same laws against Ooki DAO (Ooki), a successor in interest of bZx, which has the same members and operates the same software protocol.

Importantly, CFTC’s settlement order also held personally liable Tom Bean and Kyle Kistner, co-founders of bZx who transferred control of bZx’s software protocol to Ooki. While the DAO’s conduct was found to be illegal, the finding of personal liability of the owners based solely on their status as voting token holders of the Ooki DAO should cause concern among DAO members.

CFTC’s approach to deciding who is responsible for the violations was the subject of internal debate within the CFTC. CFTC’s Commissioner, Summer K. Mersinger, issued a dissenting statement, calling the decision to impose liability on bZx’s co-founders “arbitrary” and “based on an unsupported legal theory amounting to regulation by enforcement while federal and state policy is developing.”

As she noted, there are three bases on which the CFTC can rely to support charging a person with violations of the CEA and CFTC rules committed by another person or entity: (1) principal-agent liability, (2) aiding-and-abetting liability, and (3) control person liability.

Yet, CFTC based their decision on California precedents from contract and tort law that hold that individual members of a for-profit unincorporated association are personally liable for the debts of the association. Commissioner Mersinger stressed that the CFTC seemingly acted outside the scope of its authority in acting in a manner not intended by Congress.

She noted that the CFTC engaged in regulation by enforcement that will have far-reaching policy implications. Specifically, the Commission’s settlement order and complaint arbitrarily define the Ooki DAO unincorporated association as comprising those who vote on proposals with their Ooki tokens.

This definition creates an unequitable division between token holders based on the happenstance of voting or not voting with their token. Under the CFTC definition, a token holder that voted on any issue becomes a member subject to personal liability and a token holder who failed to vote for any reason is not considered a member and is exempt from liability. This definition discourages voting participation in the DAO governance.

Commissioner Mersinger explained that the CFTC had better paths available in initiating a public notice-and-comment rulemaking on the issues of how DAO members should be defined and who CFTC may hold personally liable for a DAO’s violations. This process would have allowed public input from interested parties and would highlight possible consequences of the Commission’s approach to DAOs.

Furthermore, Commissioner Mersinger expressed an opinion that the CFTC could have achieved the same result by using the aiding-and-abetting standard when finding Bean and Kistner personally liable rather than relying on novel legal theories that are likely to have far-reaching implications on DAOs.

Sarcuni v. bZx

bZx’s civil troubles began earlier this year when, in Sarcuni v. bZerox et al., members of bZx filed a class action against the DAO, its founders and investors following a successful “phishing” attack that resulted in a theft of $55 million in funds from the platform. The plaintiffs alleged the theft was possible due to the lack of security features on the platform.

Defendant-founders filed motions to dismiss, claiming that it is improper to hold them liable as the stolen funds belonged to the DAO. The motions argued that since bZx was owned and managed by the DAO itself, only the DAO can be liable. While the plaintiffs were members of the DAO, they claimed that they were not “meaningful” members and lacked sufficient control for any liability to be imposed.

The court’s decision in Sarcuni is expected to establish the standards for founder and manager liability for the actions or omissions of a DAO. Unlike many other DAOs, the bZx DAO is a limited liability company under the laws of Delaware.

In addition, there is a holding company, bZx Holding Corp., incorporated in the State of Wyoming. The court will need to take into consideration the LLC status and whether Delaware’s laws afford the founders protection.

Regulation of DAOs

bZx’s misadventures and their ramifications highlight the fact that the status of DAO members is uncertain, regulation and enforcement are not uniform, and there is dire need for clarity as to the status and risk of personal liability for DAO members.

Most DAOs lack the legal safeguards afforded to limited liability companies. Members could find themselves facing personal liability merely because they used their token for a simple vote, possibly unrelated to any DAO actions that may later result in liability.

A few states, such as Vermont, Wyoming and Tennessee, have enacted legislation providing some protections to DAOs and their members. While these laws have not yet been tested by the judicial branch, and while they have been criticized as being out of touch with the realities of DAOs, at least it’s a start.

Wyoming enacted legislation in 2022 to protect DAO members from personal liability by allowing DAOs to obtain legal status as limited liability companies. The statute defines DAO voting and quorum requirements and allows DAOs to define their own quorum (prior statutory requirement of 50% of the membership quorum was difficult to achieve with DAOs having fluid membership and possibly thousands of owners). No member has a fiduciary duty under the statute.

Vermont also passed its own blockchain-based statute. The Vermont legislation does not specifically address DAOs but authorizes creation of a new type of business entity — the Blockchain-Based LLC (BBLLC). A BBLLC is allowed to customize its governance structure. The operating agreement must define the rights and obligations of each participant group within the BBLLC.

Tennessee is another state that has afforded DAOs protection within its laws. Under Tennessee’s bill, unless stated otherwise in the articles or operating agreement, the management of the DAO can be member-managed, or contract managed.

There is no requirement that the DAO have a centralized governance or managers. Furthermore, the law does not even require that the person forming the DAO be a member. The DAO specifically states that members do not owe a fiduciary duty to the DAO.

The biggest criticism of existing DAO legislation is that they place additional burdens on DAOs without conferring real benefits in exchange. This stems from a lack of understanding of how DAOs function. The CFTC order also highlights the need to define exactly who is a member or control person in a DAO.

Analysis and conclusion

bZx DAO was established in 2019 before two of these laws were in effect. They incorporated in Delaware, traditionally the most corporate-friendly state. CFTC’s Complaint alleges that bZx’s rebrand to Ooki was undertaken solely to escape regulatory enforcement, but the new organizational form exposed the members of the unincorporated association to personal liability.

Most DAOs are unincorporated associations and many have not registered in Wyoming, Tennessee or Vermont, and thus their members are similarly at risk of personal liability for the actions of the DAO.

DAOs usually comprise thousands of members. Each member has the opportunity to vote on the governance of the DAO. While the CFTC has acknowledged that DAOs can be used for good governance, the CFTC order is a warning to DAOs and their members that good actors can be punished without fault for the actions of bad actors within the DAO.

DAOs have the potential to change how entities govern themselves — how companies operate — and allow members to have a voice is decisions that impact their companies. Companies will employ blockchain technology to enhance themselves and their relationships with their customers.

The CFTC is the federal agency responsible for the oversight of digital assets including cryptocurrencies such as Ethereum, Solana, Polygon and many more. Most DAOs use these tokens for members to gain access to the community and participate in its governance. Members of DAOs not incorporated in the appropriate jurisdiction, or without a governance structure protecting members, are leaving themselves open to personal liability.

Considering the CFTC decision, DAOs will do well to revisit their governance structure and consider how best to insulate members from unintended personal liability. Furthermore, DAO members should review their insurance coverage as they may find they lack coverage under their personal and business policies for DAO liability exposure.


Cahill, John and Farmer, Jana. DAOs: A game changer in need of new rules. 7 Oct, 2022,