As a blockchain-based platform, Ethereum is primarily used to execute smart contracts. It uses a digital currency and a specific programming language to enforce agreements between parties. Despite its peer-to-peer verification processes, a recent intrusion into The Decentralised Autonomous Organisation (DAO) by hackers reveals the high risks associated with this still relatively untested and unregulated platform. This article explores what the role of Decentralised Autonomous Organisations, the breach of the DAO and its legal implications.

What is a DAO?

The purpose of a DAO is to encode the rules of an organisation in a program, cutting out governing bodies and forming a structure, which as the name suggests, has decentralised control. The DAO in question (not the Ethereum platform but the particular organisation that was hacked) went live on 30 April 2016 and had successfully operated for two months without major issues. Surpassing the expectations of its founders, the fund, the highest value crowd funding exercise ever, was bankrolled by 11,000 members who raised a total of $150m between them. The DAO’s originated in Bitcoin and have since gone on to be established exclusively in Ethereum.

Broadly a DAO’s functions with smart contracts running the organisation, after which there is the first round of funding where people can acquire tokens entailing them to certain rights, in a process known as an initial coin offering.

These tokens are not equity shares, more resembling voting rights than ownership ones. This is understandable when viewed in the context that a DAO is typically not “owned” in the legal sense, rather simply a piece of Ethereum software.

Following this process, a DAO becomes operational and people have the opportunities to submit proposals to a DAO as to how money should be spent. The token holders then have the discretion to approve or reject these proposals.

The Breach of The DAO

While programmers were performing fixes on several vulnerabilities, a hacker exploited an operational fault that allowed them to siphon the tokens from the DAO to a separate “child DAO” designed to prevent the tokens retrieval by the parent DAO.

An unfortunate consequence of this child DAO following the same format as the parent was that the 28 day non-access funding period still applied. Within days, ether (unit of ethereum) to the value to $3.6m had been appropriated, with the currencies market price dropping 25%.

Legal Implications

Designed to work as individual agreements free from the influence of multiple external parties, smart contracts were never completely suited to a DAO, despite the ideals of its founders.

Due to its rapid growth and unregulated nature, the DAO’s very existence presented a myriad of legal red flags, with equally numerable financial regulations potentially breached inter-jurisdictionally by its existence. Both the creators and tokenholders likely had liabilities that neither party was fully aware of in what was near entirely uncharted legal territory

Key Takeaways

The incident brings to light the darker, deregulated side of blockchain not often seen behind its much-hyped prospects. That is not to say blockchain does not have enormous potential as a new technology, but neither should investors overlook the unique and often underexposed risks it entails. If you have a question, get in touch with our IT lawyers.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Anthony Lieu

Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy