Never come across the term Decentralised Autonomous Organisation ("DAO") before? You're not alone, but as of 13 January 2025, these virtual organisations held over US $32.2 billion in digital asset value on monitored blockchains 1 and represent the next frontier in digital asset recovery.
What is a DAO?
Sometimes described as "companies of the future", DAOs are virtual associations of anonymous2 token holders which operate on a decentralised and open-source blockchain ledger. In ethos, they are intended to be highly democratised structures with no executive control and autonomous, in the sense that they are governed at their inception by code which is written into self-executing smart contracts deployed on the blockchain.
Generally speaking, DAOs will share a publicly viewable un-hosted wallet secured by a private key that can require multiple signatories to authorise withdrawals. This un-hosted (multi-sig) wallet (Treasury Wallet) is akin to the DAO's bank account and can hold hundreds of millions of dollars in digital assets (Treasury Assets). DAOs may (amongst other things) also utilise sub-Treasury Wallets to segregate its digital assets and, if it has adopted an intermediary corporate vehicle to "legally wrap" itself (discussed below), may purchase real world assets or interests in other companies, and have bank accounts and/or accounts with providers that offer crypto-fiat exchange services (which include centralised cryptocurrency exchanges) opened on its behalf.
Decisions with respect to how the Treasury Assets are managed and transferred away from the DAO fall to those who hold the DAO's "governance" tokens. These tokens give the holder voting rights with respect to proposals3 that are put to the DAO; voting thresholds will be bespoke to each DAO. As such, a DAO may be unable to transfer its Treasury Assets until a proposal is passed.
To achieve a democratised structure, governance tokens should be distributed across a large pool of individual token holders (which has the effect of diluting voting power). However, governance tokens can be disproportionately allocated to numerous anonymous un-hosted wallet addresses (which can be controlled by the same person or a consortium of persons) at a DAO's inception, and this has the effect of "centralising" a DAO's token supply. Governance tokens can also be purchased in advance of being issued and traded on dApps, decentralised and centralised exchanges.
The objectives and parameters of each DAO can vary from fundraising for social and charitable causes (in which case holders waive the prospect of redeeming their tokens for value), to behaving closer to decentralised venture capital funds for start-ups (whereby tokens producing yields are issued and can be traded for value).
What is a legal wrapper?
Due to the anonymous nature of how a DAO's tokens can be held and its decentralised nature, DAOs by themselves are usually unable to purchase real-world assets (such as property and shares in companies) or open accounts in their own names. This will be particularly true if there is an obligation for the purchasing DAO to disclose the identities of the person/s which exert significant interest or control over it, supported by "Know Your Customer" information (KYC). This is why a corporate intermediary vehicle is usually adopted to act on its behalf in the "real world". We call this intermediary vehicle a "legal wrapper".
Additionally, DAOs which have not adopted a legal wrapper may also run the risk (or at least in the United States) of having their legal status inferred as an "unincorporated association" or a "general partnership"4, which would result in all token holders in a DAO being liable for the acts of each other.
As a result, DAOs adopt legal wrappers in an attempt to limit the liability of its token holders, to enter into legally binding agreements, open accounts and to benefit from the KYC information that a legal wrapper can offer, which a standalone DAO would otherwise be unable to provide.
In terms of the legal wrappers on offer to DAOs and decentralised projects more generally, many DAOs are adopting "ownerless" companies (which are also offered in the Cayman Islands via the Foundation Company 5). This is because the ownerless nature of these vehicles marries well with the anonymous and decentralised ethos of a DAO.
Ownerless companies can then be used to either hold a subsidiary company which acts as the DAO's legal wrapper, or can act as a legal wrapper in its own right. If a legal wrapper decides not to register as a Virtual Asset Service Provider (VASP) (if required in its home jurisdiction), or, if a holding company incorporates a legal wrapper in an unregulated / weaker regulated jurisdiction, then there is no / less enhanced regulatory oversight and no / minimised regulatory safeguards against unlawful activity.
From an asset recovery and tracing standpoint, the use of ownerless companies as legal wrappers throws up some curious issues. Clearly, any legal wrapper which minimises or avoids the need to record meaningful beneficial ownership information has the potential to make itself truly "ownerless" and anonymous, which may accurately reflect the decentralised nature of the DAO itself. Some may argue that token holders in a centralised DAO control the fate of the DAO's on-chain Treasury Assets, which may be worth hundreds of millions of dollars. However, for KYC purposes, all that may be required when onboarding an ownerless legal wrapper of a centralised DAO is KYC on the person/s who controls or manages the legal wrapper itself. Obviously, the person/s who controls the legal wrapper and the person/s who anonymously control a centralised DAO may not necessarily coincide. This is especially the case where the directors or controllers cannot by themselves administer the DAO's Treasury Assets without obtaining the requisite number of votes in favour from the token holders, or where they are taking instructions from those behind a centralised DAO. A point for individuals who are asked to act as directors of legal wrappers which is intended to administer a DAO is how they may properly assess, mitigate and discharge their duties as a director. This issue arises from the fact that in practice the anonymity enjoyed by token holders means that directors of such legal wrappers may not able to appreciate and evaluate the universe of stakeholders to whom they owe duties.
As to how legal wrappers hold a DAO's assets and who in fact "controls" the DAO, some guidance may result from litigation currently on foot in Hong Kong, where the Court is being asked to determine the true ownership of the Mantra DAO, which is wrapped by a Seychelles foundation vehicle 6. It is alleged by the defendants that this vehicle holds the DAO's digital assets on behalf of the DAO and its token holders. However, it is presently unclear how a Cayman Court will treat a DAO's Treasury Assets (i.e. will they fall to be assets of the Foundation Company, or will they be deemed to be held on trust for the DAO's token holders?). These considerations are important from an asset recovery perspective in an insolvency scenario, as token holders may risk being found to be unsecured creditors if they cannot establish a proprietary right in the DAO's Treasury Assets.
In Mantra, the plaintiffs in their capacity as the DAO's founders, allege that the project belongs to and should be operated by them. Whereas the defendants, who were elected by the DAO's token holders to govern the legal wrapper (Councillors) and act on behalf of the DAO, argue that control in fact lies with the holders of the DAO's governance tokens. The Hong Kong Court has delivered an interim judgment which held that the Councillors have a duty to account to the token holders about the project's funds. It also indicated that it will need to consider the DAO's white paper, staff employment, governance and management agreements to fully determine the substantive issues at trial.
Asset recovery challenges
Legitimate industry protects itself from the risks posed by bad actors who wish to abuse legal wrappers by (amongst other things) utilising responsible directors, and deploying sophisticated governance and security protocols. However, the utilisation of legal wrappers which do not identify those behind a centralised DAO or a decentralised project with a centralised token supply, provides scope to conceal the real identities of sophisticated bad actors which may be raising funds for seemingly legitimate projects, with the ultimate aim of transferring those assets away for illicit purposes.
Particular challenges with respect to enforcing a Court Order for the purposes of safeguarding Treasury Assets and appointing receivers or liquidators to a DAO's Treasury Wallet also arise due to several factors. For example, controllers of the legal wrapper (such as the directors) will unlikely exert any meaningful control over the DAO's Treasury Wallet unless they are the sole signatory and can control the outcome of a proposal (should one need to be passed in line with the DAO's protocol).
In any other case, the real identities and service details of the signatories to the Treasury Wallet must be located, as they will need to authorise any Court ordered transfer. Additionally, the DAO's token holders may also need to pass a proposal to authorise a Court ordered transfer of the DAO's Treasury Assets to a secured third party custodian wallet (for ringfencing purposes). However, this may be difficult to achieve should the DAO's token holders simply refuse to pass a proposal or where the DAO has been abandoned.
Applying for third-party disclosure relief to obtain the KYC on the beneficial owner of accounts registered to ownerless companies (or legal wrappers who are beneficially held by ownerless companies) with, for example, fiat-cryptocurrency exchange service providers (including centralised cryptocurrency exchanges) may also have limited tracing value. This is because non-membership information (for the legal wrapper or ultimately, its ownerless parent company) may be legitimately accepted in the alternative as good KYC.7 Under those circumstances, such fiat-cryptocurrency service providers (of which some operate in jurisdictions that regulate centralised cryptocurrency exchanges) may give rise to similar asset tracing and recovery challenges posed by unregulated cryptocurrency exchanges.
In some cases, it may also be impossible to determine whether any intermediary vehicle (regardless of whether it is ownerless) legally wraps a particular project or DAO as there is currently no requirement to record or disclose this information in an accessible register. As such, where projects and their legal wrappers do not share the same name and a connection between them is not voluntarily disclosed, token holders may find it hard to discern whether the DAO or project they participate in is legally wrapped, where to bring a claim, what statutory rights they may have against the legal wrapper, what other assets that legal wrapper may hold and thus the full recovery paths available to them.
In addition to the above, there is no requirement to maintain a record (supported by high quality KYC) of who the signatories are to a Treasury Wallet. However, there are legitimate privacy and possibly serious safety concerns for these signatories should their information get into the wrong hands.
Risk round-up
As mentioned above, responsible industry arguably has the necessary experience, tools and safeguards in place to mitigate against the risks of abuse posed by bad actors through the utilisation of legal wrappers generally. However, asset recovery professionals must be alive to the risks posed by these vehicles where they're abused, since they could easily play a role in the "integration" and "placement" stage of a crypto-fiat laundering process. This is because legal wrappers are another means of off-ramping and on-ramping illicit cryptocurrencies, whether by purchasing real world assets or by opening accounts (including those which facilitate crypto-fiat exchange trades).
Due to the potential disconnect between those who operate or control a legal wrapper (of which KYC can be provided) and those who can anonymously control a centralised DAO which hosts a high value Treasury Wallet, there is a risk that legal wrappers and ownerless vehicles alike could be exploited by bad actors of a centralised project or DAO to circumvent the usual investigative advantages provided by regulated cryptocurrency exchanges and other providers which require traditional KYC on a corporate client.
Utilising any legal wrapper in this way (which circumvents the need to disclose who is behind a centralised project or DAO) for the purposes of on-ramping and off-ramping illicit cryptocurrencies can frustrate investigators' efforts to ascertain the identity of bad actors, and in turn their ability to meaningfully trace and recover a DAO or project's misappropriated digital assets.
This article was first published in ThoughtLeaders4 FIRE Magazine " ISSUE 20 76
Footnotes
1. Private blockchain networks only permit a verified select number of users to access it, this provides a high level of privacy and security which may impact the accuracy of these figures.
2. Whether a token holder can be identifiable will depend on many factors, including how the token was acquired, the source of cryptocurrencies used and how sophisticated any blockchain based laundering methods were utilised before the token's acquisition.
3. Proposals are akin to resolutions put forward to members of a private company at a general meeting.
4. See Samuels v. Lido DAO, Order re Motion to Dismiss, No. 23-cv-06492 (N.D. Cal. Nov. 18, 2024); CFTC v. Ooki DAO, No. 3:22-cv-05416 (N.D. Cal. June 8, 2023) (default judgment); and Sarcuni v. bZx DAO, 664 F. Supp. 3d 1100, 1117–18 (S.D. Cal. 2023).
5. Foundation Companies are governed by the Foundation Companies Act, 2017. Section 8 permits all shares in a Foundation Company to be cancelled subject to the appointment of a supervisor (whose details are recorded in a register). The supervisor has no economic or beneficial interest in the Foundation Company, and its supervisory powers and duties can be restricted by the Foundation Company's constitution. A supervisor may also be the Foundation Company's director.
6. Mantra Dao Inc and Another v. John Patrick Mullin and others [2024] HKCFI 2099.
7. This is because KYC on the controller of the legal
wrapper, which could be the director or another office holder who
is conferred with statutory stewardship powers, may be
accepted.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
