U.S. government agencies continue to take action against cryptocurrency mixing services that enable cybercriminals to obfuscate the trail of stolen proceeds on public blockchains stemming from illicit cyber activity. On November 29, 2023, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) sanctioned another virtual currency mixing

Last month, the Commodity Futures Trading Commission (CFTC) announced settled charges against three decentralized finance (DeFi) protocols for various registration and related violations under the Commodity Exchange Act (CEA) during the relevant period of investigation.  As a result, each entity paid a civil monetary penalty and agreed to cease violations of the CEA.  According to a statement by Commissioner Kristin N. Johnson, these latest settlements are the first time the CFTC charged a DeFi operator (e.g., Opyn, Inc. and Deridex, Inc.) with failing to register as a swap execution facility (SEF) or designated contract market (DCM). Moreover, these latest enforcements against DeFi entities arrive soon after the CFTC’s successful enforcement and default judgment against Ooki DAO, which the CFTC alleged was operating a decentralized blockchain-based software protocol that functioned in a manner similar to a trading platform and was violating the CEA (prior coverage of the Ooki DAO enforcement can be found here).

Unlike traditional corporate entities with a typical hierarchical structure, a decentralized autonomous organization (“DAO”) – a management structure that uses blockchain technology – functions as a leaderless entity. Without a formal corporate structure, DAOs instead operate by distributing governance rights among persons who hold a specific governance token. Consequently, federal and state courts have been grappling with how to consider a DAO under existing laws that were traditionally interpreted against long-standing corporate entities.

As discussed in a prior post, DAOs allow individuals to organize and coordinate at arms-length, and rely on code (a “protocol”) to govern and execute functions traditionally determined by governing documents, like operating agreements and articles of formation, and undertaken by executives. A DAO’s protocol is committed to a public ledger on a blockchain, which guarantees accessibility and transparency. Each member is granted governance rights – the ability to propose and approve initiatives, called proposals – through a governance token. In light of their unique makeup, DAOs lack centralized leadership and a typical top-down management structure.

Accordingly, parties have debated whether a DAO should be recognized as a general partnership under state corporation laws (i.e., N.Y. P’ship Law §10: “an association of two or more persons to carry on as co-owners a business for profit….”) or, in the case of the Commodity Futures Trading Commission’s (“CFTC”) Ooki DAO enforcement, whether a DAO could be deemed an “unincorporated association” under the Commodity Exchange Act (“CEA”). Following the filing of the CFTC’s enforcement action, it is not surprising that the structure of the Ooki DAO, and the CFTC’s enforcement action against the DAO itself, has garnered a lot of media attention and industry reaction, and has raised novel legal issues.

Several questions have arisen in recent years regarding the potential liability of DAO members:

  • While DAOs are emerging as a viable structure in the DeFi space, does their non-traditional makeup necessarily shield them from real world liability?
  • Does a DAO’s structure render its activities “enforcement proof” or, at the very least, difficult to effect traditional service of process upon?
  • Can a DAO be an “unincorporated association” under federal or state law?
  • Who should be liable for the decisions made by a DAO?
  • Because token holders participate in the DAO’s governance, can they be deemed personally liable for its actions (akin to the general partners in a general partnership), even if each governance token holder is essentially unknown to the other DAO members, who likely reside in multiple jurisdictions?

The SEC suffered a significant loss last week in its ongoing legal battle with Ripple over the XRP digital token. While the District Court held that Ripple’s initial sales of XRP to institutional investors constituted the sale of unregistered securities, it was a Pyrrhic victory as the court held

Binance is the latest major crypto industry player to be sued by a U.S. regulator.  On March 27, 2023, the CFTC announced that it had filed a civil enforcement action against Binance Holdings Limited (and related legal entities) (collectively, “Binance”), its CEO, Changpeng Zhao (“Zhao”), and its former chief compliance officer, Samuel Lim (“Lim”), for violating the Commodity Exchange Act and CFTC regulations. (CFTC v. Zhao, No. 23-01887 (N.D. Ill. Filed Mar. 27, 2023)).  The CFTC, among other things, alleges that Binance allowed U.S. customers to make use of their centralized digital asset trading platform without Binance first properly registering with the CFTC and also allegedly failed to implement an effective anti-money laundering (“AML”) program as required under applicable law. The complaint states that Binance has “never been registered with the CFTC in any capacity.” The CFTC is seeking disgorgement, civil monetary penalties, permanent trading and registration bans, and a permanent injunction against further violations of the Commodity Exchange Act and CFTC regulations.

A recent guilty plea in U.S. v. Wahi in the U.S. District Court for the Southern District of New York, a crypto insider trading case, sets up an interesting situation where the defendants — who have already pled guilty to wire fraud — are challenging the SEC’s parallel civil charges

On September 22, 2022, the CFTC announced an order simultaneously filing and settling charges against bZeroX, LLC (“bZeroX”) and its creators for illegally offering leveraged and margined retail commodity transactions in digital assets, operating as an unregistered futures commission merchant and failing to conduct KYC on its customers. According to the CFTC, a month prior to this settlement announcement, bZeroX transferred control of the bZx Protocol to the bZx DAO, a decentralized autonomous organization (“DAO”), which later renamed itself as the Ooki DAO.  On the same day as the bZeroX settlement was announced, the CFTC filed an enforcement action against the Ooki DAO (successor to bZeroX) for violating those same regulations.  The CFTC stated that bZeroX and its creators engaged in this unlawful activity in connection with their decentralized blockchain-based software protocol that functioned in a manner similar to a trading platform.  The transactions executed on bZeroX, and subsequently on the Ooki DAO, were required to take place on a registered designated contract market.  Additionally, the complaint asserted that bZeroX and Ooki DAO were operating as unregistered futures commission merchants by soliciting and accepting orders from customers, accepting money or property as margin and extending credit.

The structure of Ooki DAO, and the CFTC’s enforcement action against the DAO itself, has garnered a lot of media attention (and industry reaction) and raised novel legal issues.