CFTC Settles Claims Against Founders of a Decentralized Protocol and Sues Its Successor DAO and Its Members, Pressing a Novel Theory of Liability

Skadden Publication / The Distributed Ledger: Blockchain, Digital Assets and Smart Contracts

Alexander C. Drylewski Stuart D. Levi Daniel Michael Ian C. Lerman

On September 22, 2022, the Commodity Futures Trading Commission (CFTC or Commission) (1) issued an order settling charges against protocol creator bZeroX, LLC and its founders, and (2) filed a federal civil enforcement action against the Ooki DAO, the unincorporated decentralized autonomous organization (DAO) that was the successor to bZeroX and was governed through the votes of BZRX Token holders.

According to the complaint, the Ooki DAO operates — and bZeroX operated — the bZx Protocol, a decentralized blockchain-based protocol that allegedly offered, entered into, accepted and executed digital asset transactions that constituted “retail commodity transactions” in violation of the Commodity Exchange Act (CEA) and Commission regulations.

The CFTC settled order and enforcement action come at a time when many in the Web3 space have been advocating for the CFTC to have broader regulatory authority over digital assets, and serves as a reminder that CFTC authority should not be equated with “no regulation” or “light regulation.”

The case is also noteworthy for a sharp dissent from Commissioner Summer K. Mersinger, particularly as it relates to the CFTC’s approach to the Ooki DAO.

The CFTC Settled Order

As a predicate to CEA liability, the CFTC’s order first finds that virtual currencies traded on the bZx Protocol, including ETH and DAI, are “commodities” under the CEA. According to the CFTC, commodities that are offered to or entered into by retail customers on a leveraged or margined basis, where such commodities are not “actually delivered” within 28 days, are considered “retail commodity transactions” which are regulated more like derivatives than physical commodity transactions.

The order finds that bZeroX and its founders designed, deployed and marketed the bZx Protocol, which allowed users to contribute margin and open leveraged positions whose value was determined by the price difference between two digital currencies. According to the CFTC, such activities must be performed by a registered designated contract maker or a registered future commissions merchant. Since bZeroX and the Ooki DAO never registered with the CFTC, the order finds that they violated Sections 4(a) and 4d(a)(1) of the CEA.

As a result, the order requires bZeroX and its co-founders to pay a $250,000 civil monetary penalty and to cease and desist from further violations of the CEA and associated regulations. The order further finds that the Ooki DAO failed to adopt a customer identification program, in violation of the Bank Secrecy Act and the Commission regulations promulgated thereunder.

The CFTC order is particularly noteworthy in that it finds that, in addition to being liable as bZeroX controlling persons, the founders are also personally liable as individual members of the Ooki DAO. The order finds that the Ooki DAO is an unincorporated association pursuant to federal law because it is (1) a voluntary group of persons, (2) without a charter, (3) formed by mutual consent, (4) for the purpose of promoting a common objective. Under federal law, members of an unincorporated association can be held personally liable for the actions of an association.

The CFTC relied on a series of a state partnership law cases to find that individual members of an unincorporated association organized for profit are personally liable for the debts of that association. Thus, the CFTC order finds that “[o]nce an Ooki Token holder votes his or her Ooki Tokens to affect the outcome of an Ooki DAO governance vote,” that person can be found personally liable for their voluntarily participation in the Ooki DAO — an interpretation of novel issues that arguably could apply to many if not all DAOs, especially since the CFTC does not distinguish between the type of DAO votes that could trigger such liability.

The CFTC Complaint

While the CFTC order settles claims against bZeroX and its founders, its complaint brings the same claims against the Ooki DAO for continuing to violate the law in the same manner as bZeroX. Specifically, the CFTC alleges that bZeroX transferred control of the bZx Protocol to the bZx DAO, which later renamed itself the Ooki DAO in an attempt to render the organization “enforcement-proof.”

As in the settled order, the CFTC complaint alleges that the Ooki DAO and its members are liable based on the existence of the unincorporated association, and seeks an order (1) finding that the Ooki DAO, by and through its members (i.e., those Ooki Token holders who have participated in governance votes) violated Sections 4(a) and 4d(a)(1) of the CEA, (2) permanently restraining the Ooki DAO and its members from further violations of the CEA, and (3) ordering disgorgement, rescission, restitution and civil monetary penalties, among other relief.

The claims asserted against the Ooki DAO and token holders who have participated in governance votes reflect a novel approach to holding individual members of the alleged unincorporated association liable for regulatory violations.

Commissioner Mersinger’s Dissent

CFTC Commissioner Summer K. Mersinger issued a forceful dissent from the settled order, focusing on the CFTC’s enforcement against the Ooki DAO members. The legal treatment of DAOs whose members vote through governance tokens has been the subject of considerable debate among those in the Web3 space. Commissioner Mersinger’s dissent highlights one perspective on how DAO members should be treated.

After noting that she supported the CFTC’s findings against bZeroX and its founders, and that she would support a finding against the Ooki DAO in its status as an unincorporated association, Commissioner Mersinger challenged the CFTC’s approach to defining the DAO as those members who voted on governance proposals, making the following arguments:

  • The CFTC’s complaint alleges liability on the part of Ooki DAO voting members based on a handful of state law cases on the liability of members of an unincorporated association, none of which apply here because they concern contract and tort disputes between private parties and not government enforcement actions. In Commissioner Mersinger’s view, Congress did not intend for the CFTC to rely on state law constructs in determining how to apply the CEA.
  • By treating DAO voting members differently from non-voting members, the CFTC’s approach “arbitrarily” picks “winners and losers” and undermines the public interest by disincentivizing good Web3 governance. Commissioner Mersinger provided a hypothetical situation where a DAO vote on an inconsequential issue comes up, and token holder A thus becomes liable for all of the actions of the DAO simply because she happened to vote on the proposal, while token holder B is not liable simply for failing to vote. According to Commissioner Mersinger, this will disincentivize voting and thus could have a deleterious effect, especially if the governance vote is for a proposal to be legally compliant.
  • She contended that the CFTC’s decision is “blatant ‘regulation by enforcement’”— echoing a critique often leveled against the Securities and Exchange Commission (SEC) — since the CFTC is enforcing the application of the CEA to members of a DAO without any previously articulated standard or definitions, and without seeking public comment.
  • The CFTC could have imposed liability on the DAO through a theory of “aiding and abetting liability” under the CEA. That “would solve all of these problems,” Commissioner Mersinger wrote.

It is important to note that, while Commissioner Mersinger dissents from the CFTC’s approach to DAO members, she largely agrees with the CFTC’s allegations in the complaint and apparently would have supported a different approach to finding liability against the DAO.

The CFTC’s Motion for Alternative Service

The case continues to present significant and novel issues, as the CFTC also claims to have served process on the Ooki DAO and its members by submitting the complaint and other documentation through the Ooki DAO Help Chat Box and providing notice through the Ooki DAO online forum. The CFTC moved for court approval for this means of alternate online service, which was granted.

On October 3, 2022, LeXpunK, a community of lawyers and software developers dedicated to providing open-source legal resources and support for the decentralized finance community, filed a motion for leave to file an amicus curiae brief. In its motion, LeXpunK argued that it would be substantively unfair to potentially hold individuals liable as members of the unincorporated association without personally serving those individuals. It further argued that permitting alternative service in this situation would have a “chilling effect” on technological innovation and would represent a “drastic departure” from constitutional notice protections.

In addition, the amicus brief questioned how the CFTC was able to locate the two founders but cannot locate and serve other members of the Ooki DAO, and it stressed that the Ooki DAO website has an “uncertain relationship” to Ooki members in general. For those alleged members who are located outside the U.S., LeXpunK asserted that the alternate service would violate U.S. treaty obligations. The amicus brief also incorporated certain procedural arguments, including that the CFTC’s motion is not appropriate for expedited resolution.

Similarly, on October 4, 2022, the DeFi Education Fund filed a motion to appear as amicus curiae, taking issue with the CFTC’s conclusion that the Ooki DAO is an “unincorporated association” and asserting that the CFTC’s proposed methods of service on Ooki DAO are improper because the CFTC has not demonstrated that the Ooki DAO is a proper defendant. The DeFi Education Fund further argues that the CFTC’s proposed methods of service otherwise do not meet the standards set forth in the Federal Rules of Civil Procedure.

The court issued its order approving the CFTC’s motion and deeming the alternate service effective on October 3, 2022. Although the order was entered on the docket after the LeXpunK brief was filed, the order does not mention the amicus motion and thus it remains unclear whether the submission was considered before the order issued. It also pre-dated, and thus did not take into account, the DeFi Education Fund’s motion.

Concluding Thoughts

The CFTC’s recent actions highlight several critical issues for those who participate in Web3 and decentralized protocols.

First, the CFTC’s order and complaint underscore that the Commission stands ready to pursue enforcement actions for perceived CEA violations, including activity by those who design, deploy and market decentralized protocols that are seen as giving rise to violations.

Second, the CFTC’s order and complaint highlight the critical importance of defining the legal form of a DAO at the outset, because failing to do so could result in a legal form being constructively imposed on it after the fact that is inconsistent with the DAO’s goals and operations. Indeed, a putative class action lawsuit was also recently filed which alleges that the bZx DAO, its co-founders and its members are jointly and severally liable for negligence by failing to adequately secure the bZx Protocol, resulting in the theft of $55 million in cryptocurrency. (See our May 24, 2022, client alert, “Putative Class Action Lawsuit Alleges DAO Members Are Jointly and Severally Liable for a Cryptocurrency Hack.”)

Third, the matter raises thorny issues regarding service of process, including the fairness and constitutionality of the CFTC’s approach to attempting to serve members of the Ooki DAO, as highlighted in the LeXpunK amicus brief.

Finally, the CFTC’s actions and Commissioner Mersinger’s dissent bring into sharp focus the ongoing debate regarding how to appropriately regulate novel technologies and structures in the decentralized protocol space.

The SEC has been criticized for engaging in what many have called “regulation by enforcement” without providing clear formal guidance, and the CFTC’s actions in this matter have already prompted similar reactions, including by one of its own commissioners.

This debate continues against the backdrop of recent efforts to craft new legislation that would seek to more clearly delineate the regulatory status of various digital assets and digital asset participants, as well as the role of agencies like the CFTC and SEC to oversee them. Proponents of these efforts will undoubtedly point to the CFTC’s actions regarding bZeroX and the Ooki DAO as further evidence of the need for greater legislative clarity.

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.