According to a recent Bloomberg Law article [subscription required], in the past year there has been a sharp decline in active civil suits against cryptocurrency exchanges, digital wallet, mobile phone providers and others involving claims related to crypto hacking incidents or cybertheft, due, in part, to increased security protocols and

Last month, the Commodity Futures Trading Commission (CFTC) announced settled charges against three decentralized finance (DeFi) protocols for various registration and related violations under the Commodity Exchange Act (CEA) during the relevant period of investigation.  As a result, each entity paid a civil monetary penalty and agreed to cease violations of the CEA.  According to a statement by Commissioner Kristin N. Johnson, these latest settlements are the first time the CFTC charged a DeFi operator (e.g., Opyn, Inc. and Deridex, Inc.) with failing to register as a swap execution facility (SEF) or designated contract market (DCM). Moreover, these latest enforcements against DeFi entities arrive soon after the CFTC’s successful enforcement and default judgment against Ooki DAO, which the CFTC alleged was operating a decentralized blockchain-based software protocol that functioned in a manner similar to a trading platform and was violating the CEA (prior coverage of the Ooki DAO enforcement can be found here).

Way back (if we’re counting tech years) in 2014, artist Kevin McCoy (“McCoy”) created a digital record of his pulsating, octagon-shaped digital artwork Quantum on the Namecoin blockchain on May 2, 2014, thereby minting “the first NFT.” A lot has happened in the digital asset and NFT space since that

In what appears to be an issue of first impression, a California district court ruled that various defendants allegedly holding governance tokens to the bZx DAO (or “Decentralized Autonomous Organization”), a protocol for tokenized margin trading and lending, could be deemed to be members of a “general partnership” under California law under the facts outlined in Plaintiffs’ complaint, and thus potentially joint and severally liable for negligence related to a phishing attack that resulted in the loss of users’ cryptocurrency. (Sarcuni v. bZx DAO, No. 22-618 (S.D. Cal. Mar. 27, 2023)). The ruling is significant given that this is purportedly the first court to substantively consider the legal status of a DAO under state law (albeit in a ruling on a motion to dismiss); interestingly, in a prior settlement the defendant bZeroX, LLC and its founders reached with the Commodity Futures Trading Commission (CFTC) in 2022 over claims that bZeroX and its founders unlawfully offered leveraged and margined retail commodity transactions in digital assets, the order expressly considered the bZx DAO (and its successor Ooki DAO, which is co-defendant in the instant action) as an “unincorporated association” under federal law. (In re bZeroX, LLC, CFTC No. 22-31 (Sept. 22, 2022)).

A DAO is a decentralized autonomous organization where token holders can vote on governance decisions of the DAO. DAOs don’t typically operate within a formal corporate structure, opting instead to distribute governance rights among persons who hold a specific governance token. The entire raison d’être of a DAO is to take advantage of web3 technologies and operate without a traditional corporate formation to make decisions without a central authority or usual top-down management structure. While DAOs are emerging as a viable structure in DeFi space, this ruling shows that their non-traditional makeup may not necessarily be a shield from real world liability.  Plaintiffs’ theory that the DAO members are part of a general partnership means that anyone holding governance tokens at the relevant time would be jointly and severally liable for the torts of the DAO.  To be sure, even though existing structures do not fit the novel web3 organizational primitive that is a DAO, nothing prevented the bZx DAO (or its successor Ooki DAO), from creating a so-called “legal wrapper” or real-world corporate entity to shield individual members from liability and limit potential creditors to monetary recovery from the DAO’s treasury only.

The organizers of an initial coin offering (ICO) recently won dismissal of an investor’s fraud claims by establishing that their public risk disclosures negated the investor’s claims of reliance on alleged misstatements.  The project, a video service provider’s ICO, was governed by a purchase agreement called a “Simple Agreement for Future Tokens” (“SAFT”).   The plaintiff investor later lost his entire investment as the token collapsed, allegedly due to the provider’s decision to scrap its initial plans for a decentralized platform and move to a permissioned blockchain (and also the provider’s choice to seek additional capital via a “Regulation A” public offering).  The New York court found that even if certain representations made by the issuer regarding the prospect of a decentralized network were actionable, the Plaintiff had not plausibly alleged  “reasonable reliance” on such representations in signing the SAFT. (Rostami v. Open Props, Inc., No. 22-03326 (S.D.N.Y. Jan. 9, 2023)).

This past month, a California district court granted a motion to compel arbitration of various claims by customers of cryptocurrency exchange platform, Coinbase Global, Inc. (“Coinbase”), finding that Coinbase’s User Agreement, which contains a broad arbitration provision, including a delegation clause that delegates questions of arbitrability to the arbitrator.  (Donovan v. Coinbase Global, Inc., No. 22-02826 (N.D. Cal. Jan. 6, 2023)). Unlike some electronic contracting disputes, which turn on whether the user had adequate notice of the terms and manifested consent to such terms (a ruling which often involves an examination of a site or app’s screen display and whether the user is reasonably presented with notice that completing a transaction will bind the user to terms of service), the account holders in this case did not dispute that they had agreed to the User Agreement, rather they argued that the arbitration provision and delegation clauses were unconscionable and unenforceable.

Customer lists held by providers and the personal information users enter to obtain digital wallets or set up crypto exchange accounts are enviable targets for hackers.  Such data can be used to launch targeted phishing schemes and related scams to trick holders into divulging their private keys or else unknowingly transferring anonymized crypto assets to hackers.  One recent case involves a suit brought by customers who purchased a hardware wallet to secure cryptocurrency assets and are seeking redress for harms they allegedly suffered following data breaches that exposed their personal information.

A recent Ninth Circuit decision analyzed whether a federal court had personal jurisdiction over a foreign crypto asset wallet provider, an issue that can be important when litigating in this area, given the boundary-less nature of the world of crypto assets and related services. (Baton v. Ledger SAS, No. 21-17036 (9th Cir. Dec. 1, 2022) (unpublished)). 

On November 30, 2022, amidst the tumult roiling the cryptocurrency industry following the latest collapse of a major crypto exchange and its reverberations throughout the crypto economy, European Central Bank (ECB) Director General Ulrich Bindseil and Adviser Jürgen Schaaf published a post on the ECB Blog, “Bitcoin’s last stand,” declaiming that Bitcoin “has never been used to any significant extent for legal real-world transactions” and that its market valuation is “based purely on speculation” and, on top of that, “the Bitcoin system is an unprecedented polluter.”  The scathing rebuke of Bitcoin, the largest crypto asset by market cap, was hurled at what the ECB officials see as Bitcoin’s technological shortcomings that make it “questionable as a means of payment” and “rarely used for legal transactions,” given that real Bitcoin transactions are “cumbersome, slow and expensive.” With the current price of Bitcoin having fallen since it peak of $69K in November 2021, the ECB officials described its current price (below $20K) as “an artificially induced last gasp before the road to irrelevance.” The remarks echo statements made by Fabio Panetta, Member of the Executive Board of the ECB, back in April 2022 where he decried the entire “crypto gamble,” seeing crypto-assets as “bringing about instability and insecurity – the exact opposite of what they promised.” (See also recent statements by a Bank of England deputy governor noting that cryptocurrency was a “gamble” that needs to be regulated similar to the traditional financial sector, echoing his own remarks from November 2022 that urged “bringing the activities of the crypto world within the relevant regulatory frameworks”).