Contracts that include illegal activities, such as theft, are unenforceable. If the hacked funds get released the whole of the DAO would be legally invalid.

In other words what stopped an investor from day 1 from suing the creators of the DAO in court to get their investment back? Well the fact that there was a contract in place and that contract/DAO had not been breached, meaning the investor would lose such a lawsuit. The argument from the article is suggesting even with the hack the same is true, because its part of the contract; therefore, the contract/DAO hasn't been breached. That is where the legal argument fails.

Try contracting for any other illegal activity and see how that works out enforcing it in court. "Your Honor, I have a contract right here that says I paid for the drugs but they weren't delivered." Just imagine, "Your Honor, the contract/DAO says any member can create a child DAO and steal the funds from the other investors/party to the contract...Judge they contracted to be stolen from." I am predicting right now if any of those funds get released as a result of this hack, there will be criminal charges, but it will just as likely be against the creators of the DAO as the hacker. They are not shielded from liability, civilly or criminally, because the victims agreed to be victimized in a contract.

As a lawyer I have called the DAO snake oil[1] from the beginning, but mostly because it sold itself as something new legally...which it is not (of course I was downvoted). I suggested if you like the concept of a DAO, great, but start your own that is true decentralization as it really isn't much more than an Investment Club LLC. And more controversial I challenged the charade of the smart contract, again not as a concept, because they do have value legally and otherwise, but as what the DAO sold smart contracts as...a self enforcing contract, that is bullshit any real world example anyone can give me I'll come up with a real world way to breach it. 20 days ago I suggested the first DAO proposal should create: a) a group of lawyers/coders to review all proposed and funded contracts for approval; and b) an insurance company to insure both approved proposed and funded DAO contracts in the instance of bugs/errors.[2] If these hacked funds don't get released and that is not the first step members of the DAO take after cleaning up the actual DAO framework, everyone deserves the next hack.

[1] https://news.ycombinator.com/item?id=11707497

[2] https://news.ycombinator.com/item?id=11789829

(where the Recur Door is defined as the mechanism that guy used for this hack. Also,here instead of fine print it would be replaced by a line "you fully understand this algorithm + source code" clause)

Would it be treated the same way we would treat a honest Ponzi scheme contract ? "You can get return on investment as long as someone else invests money after you. If you happen to be the last, you're out of luck". Would such a contract be legal?

I'll give real world examples that go both ways:

1. Parking garage tickets: they include tiny little print saying the garage won't be liable for lost or stolen items from your car. Generally if your car is broken into those will be enforceable and the garage won't be liable.

2. Sky diving contract: include tiny little print that says if I die as a result of the companies negligence, they won't be liable and/or I waive my right to sue. Unenforceable, you can't waive negligence. (think about a skydiving school forgetting to pack a chute, someone dying, the family suing and losing, because of a defense that the deceased waived out negligence in the contract).

Lets look at a potential negligence claim against the creators of the DAO code.

1. By creating and soliciting investment for the DAO did its creators the investors a duty? If yes go on;

2. By creating code that allowed ~$40M of investors funds to be taken, was their a breach of that duty? if yes, go on

3. Did the substandard code result in damages to the investors? if yes go on

4. Can the investors prove monetary loss? if yes, you have a good civil claim for negligence against the creators of the DAO for the damages.

When you sign, there is a notarial act, and a video of you shaking hand and saying out loud that you understand this is a Ponzi scheme and you might end up loosing all your money, there is also some drug tests performed to make sure you are not under the influence of any drug, and some psychiatric evaluation to make sure you are not disabled in any way.

[.] Another thought slightly off topic: can I sue a Las Vegas casino because I put $100k on Red but the ball ended on Black and I lost everything? They even facilitate drugging me with C2H6O!

For example, someone signing a standard residential lease wouldn't be expected to read fine print that says "after two years, rent doubles and I can kick you out and demand rent in advance". But someone signing a commercial real estate contract would be expected to read and abide just about anything, including something like that.

So I think how enforceable legal a contract that says "btw, there's a strong chance your money will wind-up with a stranger" depends on how well the investment literature really conveys that risk.

Also, I have the vague impression that the riskiest investments are reserved for high-net-worth-individuals (those with $2 million+ in non-real estate assets) because they can afford to lose more money.

For those that don't know an unconscionable contract is a term of art, and basically means an otherwise lawful contract that the court will not enforce, because it is so unfair usually as a result of an unlevel playing field between the parties entering the contract. This is very good, and a legal theory I had not considered.

>So I think how legal a contract that says "btw, there's a strong chance your money will wind-up with a stranger" depends on how well the investment literature really conveys that risk.

Say for example the party who wrote the contract wrote it in a language they knew the majority of investors did not read because they could not read the language. Further, the contract drafter induced the majority of investors based on marketing materials in different language than the contract that the investors could read, but were ultimately were inconsistent with the underlying contract.

Another general rule of contract law where a promise, agreement or term is ambiguous, the court will enforce the meaning that works against the interests of the party who drafted to contract.

I probably wouldn't have experimented with the DAO if I knew it wouldn't be ruled by its source code, like the terms clearly stated when I "invested" in it.

Fantastic legal point. For example, I once sued a car company on behalf a client based on the claims from the promotional materials which were inconsistent with the contract. Of course the car dealer defended on the four corners of the contract, but we prevailed because the court found the promotional material to be enforceable notwithstanding the contract. Now keep in mind that was a single judgment in a single case, it is not controlling precedent.

You can probably sue the creators for their claims but it won't change the situation and it just means the next DAO will be launched anonymously.

Good luck getting money back from most any scam...Its not like Bernie Madoff used a smart contract and yet about $6B of the money is never coming back.

> and it just means the next DAO will be launched anonymously.

Fool me once, right? Sure people might fall for the anonymous DAO the next time, but people still fall for the Nigerian email scams too. Still from a practical point of view, do you think after losing ~$50M about ~1/3 investments the market/people are going to be lining up to put another $150 into a new DAO, only this time they won't even be convinced by the credentials/background of the creator?

But with a smart contract it's gone.

> Fool me once, right?

No. Please never invest in a smart contract. Consider this your warning and walk away. They're not for you. Ditto everyone who doesn't plan on reading the contract.

> Still from a practical point of view, do you think after losing ~$50M about ~1/3 investments the market/people are going to be lining up to put another $150 into a new DAO

You think people aren't that dumb? Wishful thinking. Even with all the warnings in the world they'll run to "invest".

But I don't assume all future smart contracts are scams. Eventually one will do something useful, and simply enough that it can be verified.

> only this time they won't even be convinced by the credentials/background of the creator?

Oh, entirely.

The background of the creator is a negative. They'll claim they're honest so that they can leave an update backdoor in the script which they'll inevitably use to steal everything. Fact of nature.

But if they're anonymous there's no way we'd participate if they left an update hook, so they wouldn't, and it'd be much less likely to be a scam.

I was referring to contracts and crimes generally to highlight the concept of contracts being per se unenforceable.

In another comment I do include theft too, but further add other potential charges: criminal misappropriation, breach of trust, fraud, conspiracy, computer crime, securities fraud, and/or wire fraud.

If you fix a lottery or something, it's pretty straightforward to work out the deception/misrepresentation and reliance involved to build a fraud case. But here, the DAO's whole purpose was, "send us currency and it will do whatever the code tells it to, and only that, subject to no other rules."

Again: that's kind of the point of the article: that the DAO was constructed in such a way to make problems like this unrecoverable.

>and then search the Internet for "model jury instructions [that-crime]", and come back with the one that would invalidate this contract?

Have a look at this Yale Law Review article: Validity of Contracts Which Violate Regulatory Statutes.[1]

Say I raise investment under contract with all my investors, and I included a little provision no one reads that says I can appropriate all or part of the investment. Wouldn't you know it I absconded with their investment. My investors sue me and I file an affirmative defense of No Breach of Contract and introduce the Contract which expressly states I can appropriate my investors money as I see fit. That contract will not be enforced, are we in agreement?

If you and I enter and contract where I will buy a drugs and I pay you and you don't deliver, if I sue you to enforce the contract you agree the court won't make you give me the illegal gun right? But will the court make you give me back the money? That is not a yes or no but a maybe depending on the facts do you agree?

>that's kind of the point of the article: that the DAO was constructed in such a way to make problems like this unrecoverable.

That is the point... funds are unrecoverable all the time in real world in contract/criminal cases, but that does not absolve anyone of liability. Moreover, you can not contract away negligence or for criminal acts.

[1] https://www.jstor.org/stable/792459?seq=1#page_scan_tab_cont...

[0] Assuming they'd be clearly enough defined, where the proven mathematical statements have a meaningful and useful correspondence to the marketing statements.

There's nothing illegal, to my knowledge, about writing a contract that explicitly and provably says "If you push this button, the corporation will give you all of its money."

If the contract instead said "If you illegally provide drugs / firearms, the corporation will give you all of its money," - of course that's illegal.

To use examples where people can quickly grasp the law and not focus on the facts, which have a tendency to muddy the waters. But lets dive into the muddy waters:

>There's nothing illegal, to my knowledge, about writing a contract that explicitly and provably says "If you push this button, the corporation will give you all of its money."

Say Apple Pay updates their terms tomorrow and they include a new provision that says Apple or another Apple Pay member can take all the money from all your accounts connected to Apple Pay. Like everyone does you agree to the update without reading the terms, and next thing all your money is gone. Whether or not you know it even mighty Apple Execs would be facing criminal charges with that kind of activity.

As it relates to the DAO creators, I think the big question is if they knew or should have known the software was vulnerable to the extend investments might be lost. Factually I think they knew, as I understand one of the first DAO proposals after funding was investment for the creators themselves so they could create a security framework on top of the DAO from known attacks.

> Have a look at this Yale Law Review article: Validity of Contracts Which Violate Regulatory Statutes.[1]

You're making a circular argument there. You're assuming the contract violates some statute and reasoning from there. But the question at hand is whether someone using the contract and following its exact terms has committed a crime of any kind, or has simply executed a transaction allowed by the system.

If someone solicits investment funds and those funds disappear without ever having been invested as a direct result of the person who solicited the funds, and drafted the contract, then yes we are all safe in assuming (but I actually know) at least one statute was violated. Very important that I again acknowledge that the DAO funds have not disappeared, and potentially may not.

Even if the funds disappear that does not mean any prosecutor anywhere is going to file charges either and even if they did, we don't know there would be a conviction, maybe there is a plea and the terms include no conviction.

The point is, you don't need an underlying conviction on the criminal side to prove a illegal contract on the civil side. In fact as we all know the standard is lower on the civil side, so it is easier to prove illegal contract on the civil side than proving the criminal case.

>But the question at hand is whether someone using the contract and following its exact terms has committed a crime of any kind, or has simply executed a transaction allowed by the system.

I really haven't addressed what the hacker(s) did or their potential liability anywhere in the thread, all times I have been addressing potential liability for the creators of the DAO. As to your question, whether or not it would be a lawful defense for the hacker(s) to say they were a party to a contract that permitted the taking of the other funds, I suppose it depends who the hacker(s) is(are) and what the crimes charged are. For example, if the hacker(s) are some or all of the creators of the DAO, the whole "contract let me do it" would not be a lawful defense, in fact such a defense would backfire and probably only prove their knowledge of the exploit when creating the DAO and intent in soliciting investment to the DAO. However, if the hacker was some lone wolf 16 year old kid (minor), in a criminal/delinquency setting I could see the defense maybe going somewhere depending on the charge, but it is still ~$40M so I don't really know.

> Say I raise investment under contract with all my investors, and I included a little provision no one reads that says I can appropriate all or part of the investment. Wouldn't you know it I absconded with their investment. My investors sue me and I file an affirmative defense of No Breach of Contract and introduce the Contract which expressly states I can appropriate my investors money as I see fit. That contract will not be enforced, are we in agreement?

Personally I don't understand the people acting like "smart contracts" exist independent from an existing judicial system (or systems) just because there's computers involved. I guess the same people excited for cryptocurrency are largely the same people who don't believe in government so the whole point is to somehow be independent of any legal jurisdiction.

clearly, A lost money and do have a case against B for negligence or various other items you list above. This is not the interesting question.

The interesting question is - were the actions of C: - illegal - can he be sued by either A or B

Just one of the possibilities, is if C is actually the same as B. I hate to even use this example, but it is simply one of the strongest and clearest. Moreover, if the hackers were the same as the DAO creators it would only pour on the liability, it would show their knowledge that the code would let them take the investors money and intent to defraud when soliciting investors money.

Even in set of facts most likely to support the DAO let me do it Defense say a minor who bought in, found the vulnerability and exploited it as a lone wolf. Then the minor gets sued in civil court for breach of contract and invokes the old not only did the contract let him do what he did, but if it didn't the contract isn't enforceable against him anyway because he is a minor defense. At the end of the day I have a hard time believe any court would allow the minor to keep ~$40M of other investors money, even if the contract says he can, simply because I don't think there is a court that would find it unconscionable. Unconscionable contracts being a term of art for contracts the courts won't enforce, even though they are otherwise legal and valid, because it is unfair.

is there some kind of common law that would indicate what sort of contract would be deemed unfair? Because a lot of contracts seems to be drafted in favour of one party, and the expense of the other, simply because of power imbalance. Employment non-compete contracts tend to have this property. What about assymptotic licensing like those of software/service EULA (e.g., where they have a clause that says they can terminate your service for whatever reason they desire).

The controlling law for a specific contract would come from stare decisis or the precedent as set by case law.

Your gut it on point, because although employers get away with a lot, it is one of the areas courts are likely to find contracts to be unconscionable as a natural result of the unlevel playing field between the two parties.

>Employment non-compete contracts tend to have this property.

Definitely, and it leads to very specific case law. For example, case law might be specific to a profession (say a doctor) and geography (any restriction on competition outside of 20 miles is unenforceable). Keep in mind case law is jurisdiction specific, so say a 20 mile radius non-compete against a doctor in a major city might be enforceable, but in another jurisdiction say a small town where there are only two licensed doctors, the court may very well find it would be unconscionable to enforce the non-compete because it would limit the communities access to healthcare.

>What about assymptotic licensing like those of software/service EULA (e.g., where they have a clause that says they can terminate your service for whatever reason they desire).

It is difficult to try to answer legal questions in a vacuum without a specific set of facts, but as a general rule you can certainly have a contractual right to terminate the contract. Another general rule would be the courts are more likely to provide damages than any equitable relief, meaning, say my EULA didn't include the a termination provision, then I stop providing you access to my software and you sue me. If the court agrees with you, the court's ruling is far more likely to have me pay you the monetary damages you suffered before they are to order me to continue providing you the software under the contract (though there is always exceptions and some cases the court will make a party actually perform the contract).

If we sign a paper contract that includes a clause giving me permission to withdraw money, and the contract also explicitly says that only the letter of the contract should be considered and not its intent or spirit, why would this be considered theft if I decide to exercise this clause?

Lets split illegal into 2 words criminal and unenforceable. You statement can be right and it can be wrong depending on the facts. Enter most any contract with a minor, its unenforceable. How about you take my money in exchange for something, but you don't give me that something and never intended to give me that something, that is criminal fraud.

>If we sign a paper contract that includes a clause giving me permission to withdraw money, and the contract also explicitly says that only the letter of the contract should be considered and not its intent or spirit, why would this be considered theft if I decide to exercise this clause?

Generally, because as a society we don't want criminals taking advantage of vulnerable members of our society including minors, elderly or non accredited investors. Moreover, we especially don't want them to escape liability by hiding behind a contract that the victim signed. For the record I am not really addressing it as theft directly, as I don't think I ever called what may happen on the DAO theft even if the money gets released.

In what jurisdiction do you litigate? Switzerland?

Who has standing to sue? Any investor?

The SEC might go after the DAO for selling an unregistered investment vehicle to US residents. They've done that many times with offshore firms, with varying degrees of success.

What liabilities the Ethereum Foundation have for the DAO is far from clear, but they work close enough with it coordinate the vulnerability and make changes to the underlying software specifically to handle this case.

The creators of DAO does have a legal entity, Slock.it. They are incorporated in Germany. This is not the first cryptocurrency theft in the world.

It's that close a connection? That's a shame. The DAO is interesting, but the door lock business is a marginal idea. Creating the DAO just to fund the door lock business starts to look scammy.

> As a lawyer I have called the DAO snake oil[1] from the beginning, but mostly because it sold itself as something new legally...which it is not (of course I was downvoted).

I'm very curious as to the grounds for your assertion that the DAO's terms and conditions would be considered a 'legal' contract, rather than say the equivalent of a software license - in the case of the later it is common (and legally valid) practice for the terms of the license to indemnify the creators (and in this case probably other users) from any consequences stemming from the use of said software.

There are many things you can not indemnify yourself against - so indemnification against 'any consequences' is not possible.

Apple can not update their EULA for Apple pay, and avoid being held negligent if they messed up and all their customers money was stolen from their accounts. Otherwise every single EULA would make all software companies legally untouchable - which they aren't.

This is very different, Apple are responsible not because they are providing you the software but because they are providing a service and that service involves transmission of funds and that scopes them to a completely different set of obligations. If I provide you with an open-source bitcoin-wallet under an MIT license and do not make claims of security or guarantees of any kind and you lose bitcoins due to security issues in said software - it's your own problem. That is in the former and later-case there is a clearly identifiable party which is providing the service, or in the later-case self-service.

With Ethereum it's much more of a gray-area, one could argue slock.it is only providing source-code and your choice to use it in a particular way (interacting with other users, the DAO) is done entirely at your own risk; though I'm not sure that interpretation would stand, since there definitely is a degree of centralized marketing by particular participants - and obviously non-compliance with SEC rules etc.

I think your example is convoluted. Free open source software has no contract. For a contract to be legally binding it must have consideration (exchange of goods / services / promises). This is not met.

EULAs and 'Software licences' (like MIT) are't the same thing. A EULA is a legal contract between the copyright holder and the end user, containing consideration, to which the user must agree. An open source licence such as MIT is just a declaration of permissions of use, and has no consideration.

So above it seems to me you are comparing having 'no contract' to 'a contract'.

But the DAO definitively has a contract, not a licence agreement.

Now, the DAO contract basically says 'no one can be held responsible for anything' - which in my opinion is a legal fantasy, contracts can not supersede the law. Regardless of the technological hoops in between, there are real people, with a binding contract - thus there can be tort.

I do accept when ever something new comes along and case law hasn't yet settled any technical loop holes there will always be debate, but I do think this looks pretty clean cut.

And under what circumstances can you even declare that person to actually be a thief in the sense of the law? Everybody's assumed to have studied the thing they're paying for - whose perception of what the system allows and is meant to do goes, legally?

That of the person with the best understanding of the code (would mean the thief can't be legally wrong), or of the majority (would mean that highly technical niche contracts could be completely derailed legally by "noobs" flooding the market), or case-by-case?

Setting the standard as "what the code appears to do when reviewed by average developers" would be very legally unpredictable. It would also illegalize a lot of useful and beneficial benign "hacks".

All the questions you're asking are, essentially, what would be argued on.

But my point was that none of the involved parties can just indemnify themselves against any consequences. With sums of money like that, any of those parties could well be sued, and end up in court. You can't EULA yourself out of that.

Edit: If you cannot see that this is something new then I'm not sure that we can have a productive conversation on this topic.

Just because it doesn't imply it (in all cases) doesn't exclude it as a possibility.

The intent of the DAO is clearly not for a hacker to misappropriate all the funds into their own pocket.

Perhaps you can argue that the DAO specifically allowed this to happen (thus it is not theft).

Yet at the same time we recognise this act as morally reprehensible.

If we find it morally wrong then do we not have a duty to correct it?

It's not just that it allowed this to happen. It's that the whole point of the thing -- the idea that was supposed to herald a world-changing revolution in which "dumb" contracts and their associated baggage of lawyers, courts and governments would become permanently obsolete -- was that it was presented explicitly as saying "if a human interpretation of the human-language description of the contract disagrees with the executed instructions of the code implementing the contract, the code wins, period". Along with a caveat, of course, about how you better be damn sure about your code, because if you screw it up and lose money, it's your fault for writing bad code and you deserve to lose your money.

So now they're trying to walk that back and say that maybe they should have a mechanism for dealing with this contract that had a bug that lost them a bunch of money. Which undermines the entire selling point of the system.

For example, imagine a world where I solicit a bunch of investors money under contract. In the contract I included a provision, no one read, that says any of the member can simply take all or part of the groups investment funds. Then that 1 member who actually read the contract appropriates ~$40M of my investors' money. Sound similar enough? Well there is nothing magical about the DAO or the non-DAO contract that would protect me or the member who appropriated the money from liability, civilly and/or criminally.

What are the potential crimes that could be charged? theft, criminal misappropriation, breach of trust, fraud, conspiracy, computer crime, securities fraud, and/or wire fraud. Now I am not saying all these would be charged and if so found guilty on all counts, but as a defense attorney they roll off my tongue.

>Normally a corporation is registered in one or many countries, but how can it be registered in none?

Not exactly without precedent. Example 1: I conduct business individually or as a group without having created a corporation, that is a sole proprietorship and I/the group would be personally liable for the actions of the unregistered business. Example 2: I am lawfully registered as a Delaware C-corp but I am physically located in another State conducting business (without having properly qualified my DE C-Corp to do business in said jurisdiction), I will not receive the corporate protections for the activities I conduct in said State. Example 3: I have a lawful corporation, but I forget to file my annual report and said corp is administratively dissolved by the State, again I would loss corporate protections and be individually liable for the business activities.