Hacked DAO Faces Lawsuit as Users Try To Recoup Stolen Funds

Law firm claims all parties involved in a DAO’s governance are liable for the protocol’s alleged “negligence and illegality”


Source: Shutterstock


key takeaways

  • An estimated $55 million of crypto was stolen after a bZx developer had his wallet’s private keys taken in a November phishing attack
  • The 14 plaintiffs’ combined losses from the hack total $1.6 million

The victims of a hack of DeFi platform bZx are vying for the return of their funds in a rare attempt to hold a DAO liable in court.

The lawsuit, filed in the Southern District of California Monday, names 14 plaintiffs who claim to have lost funds ranging from $800 to $450,000. Together, the complaint indicates, the plaintiffs lost roughly $1.6 million from the November hack, during which an estimated $55 million of crypto was stolen. 

Plaintiffs allege the theft was possible only because the protocol had not yet implemented security measures that its operators knew were reasonably necessary to protect funds.

A spokesperson for bZx did not immediately return a request for comment. 

Law firm Gerstein Harrow LLP, whose attorneys have developed a crypto consumer protection practice, represents the plaintiffs. Its first case, which alleges that a DeFi (decentralized finance) operator called PoolTogether is operating an illegal lottery in New York, also deals with the issue of who can be held liable for the violations of DAOs.

DAOs (decentralized autonomous organizations) are member-owned communities without centralized leadership. The term DAO went mainstream last year when a group of crypto natives — dubbed ConstitutionDAO — raised $49 million in an unsuccessful bid to buy a copy of the US Constitution. Hedge fund billionaire Ken Griffin won the auction. 

“Those who form DAOs apparently believe that they can use the word ‘decentralized’ to evade corporate and individual responsibility,” Gerstein Harrow LLP Partner Jason Harrow said in a statement. “The opposite is true: without the protection of a corporation or limited liability company, everyone involved in a DAO’s governance is liable for the protocol’s negligence and illegality.”

Defendants include bZx protocol co-founders Kyle Kistner and Tom Bean, bZx investors Hashed International and AGE Crypto, and bZeroX, which created the protocol and controlled it until August 2021, according to the complaint. It also names bZx DAO, Ookie DAO and LeverageBox, a company that operated the Fulcrum trading platform, as defendants.  

The complaint argues that because the bZx protocol purports to be a DAO that lacks any legal formalities or recognition, it can be considered a “general partnership.”

“That means each of the partners is jointly and severally liable to the plaintiffs and must make good on the full amount of its debts,” the document states.

Compensation plan ‘inadequate,’ plaintiffs argue

A bZx developer had his personal wallet’s private keys taken in the phishing attack, which granted the hacker access to the private keys to the Binance Smart Chain and Polygon deployment of bZx protocol, according to a November blog post.

The DeFi protocol said at the time the attack was likely executed by Lazarus Group, which is known to be a state-sponsored hacking organization with links to North Korea. The hacker converted a large amount of stolen assets into ether and transmitted the funds through Tornado Cash, according to bZx.

In addition to stating on its website in December that it was preparing to launch the bZx deployments on Binance Smart Chain and Polygon with enhanced security measures, the bZx DAO shared details of its compensation plan for victims.

​​The bZx DAO committed to fully compensating those who lost BZRX in the attack with that asset, amounting to about $20 million of BZRX. It agreed to pay back victims who lost money via other tokens over time by buying back debt tokens each month using 30% of protocol revenue and fees.

But the complaint calls the plan “woefully inadequate,” adding “at the current buyback rate, full repayment will take thousands of years.”

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Top Icon.png


Osmosis thrived in H2 2023 on the back of increased DeFi activity deriving from recently launched Cosmos-related projects and better market conditions. With new value accrual mechanisms for the native token, Osmosis is well-positioned to continue its strong performance in 2024.



Though the opposing flow trend is likely to slow over time, industry watchers note, bitcoin fund assets could one day eclipse the $90 billion gold ETF space


Celestia had the first mover advantage. EigenDA has staked ether. What sets Avail apart?


Bitcoin moved 1% higher Monday morning in New York, Matrixport analysts say $62,000 could happen next month


It’s hard to believe right now that crypto — even with all of its flexibility and massive capabilities — could ever be like cash on the internet


Michael Saylor announced Monday morning that MicroStrategy bought 3k more bitcoin after the X account was compromised over the weekend


Plus, Pudgy Penguins grows its brand and a group of Autoglyphs sell for $14.5 million