Hacked DAO Faces Lawsuit as Users Try To Recoup Stolen Funds

Law firm claims all parties involved in a DAO’s governance are liable for the protocol’s alleged “negligence and illegality”

article-image

Source: Shutterstock

share

key takeaways

  • An estimated $55 million of crypto was stolen after a bZx developer had his wallet’s private keys taken in a November phishing attack
  • The 14 plaintiffs’ combined losses from the hack total $1.6 million

The victims of a hack of DeFi platform bZx are vying for the return of their funds in a rare attempt to hold a DAO liable in court.

The lawsuit, filed in the Southern District of California Monday, names 14 plaintiffs who claim to have lost funds ranging from $800 to $450,000. Together, the complaint indicates, the plaintiffs lost roughly $1.6 million from the November hack, during which an estimated $55 million of crypto was stolen. 

Plaintiffs allege the theft was possible only because the protocol had not yet implemented security measures that its operators knew were reasonably necessary to protect funds.

A spokesperson for bZx did not immediately return a request for comment. 

Law firm Gerstein Harrow LLP, whose attorneys have developed a crypto consumer protection practice, represents the plaintiffs. Its first case, which alleges that a DeFi (decentralized finance) operator called PoolTogether is operating an illegal lottery in New York, also deals with the issue of who can be held liable for the violations of DAOs.

DAOs (decentralized autonomous organizations) are member-owned communities without centralized leadership. The term DAO went mainstream last year when a group of crypto natives — dubbed ConstitutionDAO — raised $49 million in an unsuccessful bid to buy a copy of the US Constitution. Hedge fund billionaire Ken Griffin won the auction. 

“Those who form DAOs apparently believe that they can use the word ‘decentralized’ to evade corporate and individual responsibility,” Gerstein Harrow LLP Partner Jason Harrow said in a statement. “The opposite is true: without the protection of a corporation or limited liability company, everyone involved in a DAO’s governance is liable for the protocol’s negligence and illegality.”

Defendants include bZx protocol co-founders Kyle Kistner and Tom Bean, bZx investors Hashed International and AGE Crypto, and bZeroX, which created the protocol and controlled it until August 2021, according to the complaint. It also names bZx DAO, Ookie DAO and LeverageBox, a company that operated the Fulcrum trading platform, as defendants.  

The complaint argues that because the bZx protocol purports to be a DAO that lacks any legal formalities or recognition, it can be considered a “general partnership.”

“That means each of the partners is jointly and severally liable to the plaintiffs and must make good on the full amount of its debts,” the document states.

Compensation plan ‘inadequate,’ plaintiffs argue

A bZx developer had his personal wallet’s private keys taken in the phishing attack, which granted the hacker access to the private keys to the Binance Smart Chain and Polygon deployment of bZx protocol, according to a November blog post.

The DeFi protocol said at the time the attack was likely executed by Lazarus Group, which is known to be a state-sponsored hacking organization with links to North Korea. The hacker converted a large amount of stolen assets into ether and transmitted the funds through Tornado Cash, according to bZx.

In addition to stating on its website in December that it was preparing to launch the bZx deployments on Binance Smart Chain and Polygon with enhanced security measures, the bZx DAO shared details of its compensation plan for victims.

​​The bZx DAO committed to fully compensating those who lost BZRX in the attack with that asset, amounting to about $20 million of BZRX. It agreed to pay back victims who lost money via other tokens over time by buying back debt tokens each month using 30% of protocol revenue and fees.

But the complaint calls the plan “woefully inadequate,” adding “at the current buyback rate, full repayment will take thousands of years.”


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

HYATT REGENCY SALT LAKE CITY

TUES, OCT. 8, 2024

Guided by the expertise of Blockworks Research Analysts team, this one day event will feature senior leaders, entrepreneurs, and developers from across the crypto industry. Attendees will have the opportunity to participate in an immersive experience to explore the latest trends, […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

hivemapper.jpeg

Research

We believe crypto market participants overlook Hivemapper’s fundamental potential due to a poor understanding of both the niche map data market and Hivemapper’s positioning relative to incumbents. Hivemapper’s token model catalyzes both a cost and product advantage via unmatched map freshness and near real-time accuracy, which is its wedge into a market characterized by stale data and high data collection costs. Its current and potential future product suite may represent one of the strongest possibilities for PMF in crypto today.

article-image

Exploit shows centralization can sometimes be an asset

article-image

The Fidelity Ethereum Fund, like other proposed ETH ETFs, seeks to stake a portion of its assets, according to the firm’s Wednesday registration statement

article-image

The DAO first voted on enabling SAFE transfers over a year ago

article-image

The final Bitcoin halving, where the mining reward becomes smaller than one satoshi, is expected to occur in 2140

article-image

The Department of Justice and Commodity Futures Trading Commission announced back-to-back lawsuits against KuCoin Tuesday

article-image

Judge Failla found that Coinbase didn’t operate as an unregistered broker in offering its wallet service