Canadian $15.8M DeFi Theft Case Could Upend ‘Code is Law’ Convention
Indexed Finance’s Co-founder Dillon Kellar and a contributor, Laurence Day, claim the convention doesn’t apply in this case and are suing the alleged hacker to find out
- “I consider [code is law] a fringe and unworkable view of how DeFi actually needs to work if it’s going to be more widely adopted,” Day said
- A series of tweets by a nondescript Twitter profile ZetaZeroes, which allegedly claims to be Medjedovic, has hinted that what occurred was crypto trading
A class-action lawsuit unfolding in Canada could upend the view that conventional law does not apply to unregulated decentralized finance (DeFi) protocols. The claim against Canadian teenager Andean Medjedovic, who allegedly stole $15.8 million from a DeFi protocol, Indexed Finance, argues that the so-called ‘code is law’ convention in DeFi doesn’t provide immunity from conventional laws.
“Code is law,” often jokingly referred to as codeslaw, is a popular idea among DeFi communities that without real-life regulation, the DeFi (or crypto) ecosystem is regulated by code’s permissibility.
Indexed Finance is a DAO that describes itself as a “decentralized protocol for passive portfolio management on Ethereum.”
A series of tweets by a nondescript Twitter profile ZetaZeroes, which allegedly claims to be Medjedovic, has hinted that what occurred was crypto trading, simply put. Indexed Finance’s Co-founder Dillon Kellar and a contributor, Laurence Day, claim the convention doesn’t apply in this case and are suing the alleged hacker to find out. A notice of action was filed on Dec. 17 with the Ontario Superior Court of Justice relating to a proposed class action lawsuit against Medjedovic.
“I consider [code is law] a fringe and unworkable view of how DeFi actually needs to work if it’s going to be more widely adopted,” Day said in a message to Blockworks. “We operate in a space where perpetrators are…rarely found, which probably helps perpetuate the idea,” he wrote.
Day said if code was law, it would set DeFi on a “pretty dystopian path where exploiters were lauded.”
The idea of “just don’t get hacked” is a “cop-out that can realistically never be guaranteed” for any protocol, even in light of audits and open-source scrutiny, Day noted.
“A lot of the ‘code is law’ appreciators seem to think that DeFi stands entirely outside of the framework of law, as opposed to simply being a manner of disintermediating financial institutions,” Day said. “Just because all of this happens through a blockchain doesn’t mean that suddenly hundreds of years of legal process magically stop applying,” he added.
A number of lawyers are saying Medjedovic’s “code is law” argument probably will not be upheld under legal scrutiny, CoinDesk reported.
The 19-year-old, who was 18 at the time of the attack, allegedly executed a series of trades, through $159 million of borrowed assets by using a flash loan. The filing claims he then distorted the protocol’s algorithm to buy assets at “artificially deflated prices” for a fraction of their true value.
Around the time of the incident, ZetaZeroes tweeted that the protocol was “out-traded” and “there is nothing you can do about that.”
But, the digital assets stored in Medjedovic’s crypto wallet are the “rightful property of the tokenholders,” the filing stated.
“Thieves shouldn’t be encouraged or comforted by the fact that ‘code is law,’ or believe that they have a free pass to take assets that aren’t theirs simply because those assets exist on a distributed ledger,” Day said.
Medjedovic did not respond to Blockworks’ request for comment.