A hapless DAO that promised users they didn’t need to worry about anyone stealing their funds is the subject of a proposed class action from a group of traders after it lost $55 million in a phishing scam.
As reported by Law360, the 14 traders who filed the suit in San Diego on Monday lost a combined $1.6 million when a developer working for bZx was duped by a malicious email sent to his personal computer in November last year.
The suit names the DAO itself alongside two co-founders, two bZx investors, a second DAO called Ooki DAO, and a number of other associated entities.
All of the named parties are, according to the group, jointly responsible for their losses due to the fact the DAO “lacks any legal formalities or recognition.”
The DAO promised that it would pay back all of those affected via a combination of its own BZRX tokens and so-called “new debt tokens.” However, this plan was dubbed “woefully inadequate” in the suit due to the fact that it would take thousands of years to reimburse fully.
bZx didn’t learn from its mistakes
This isn’t the first time bZx has fallen victim to hackers. Back in 2020, the protocol suffered a trio of attacks that drained it of somewhere in the region of $9 million.
One of these attacks was eerily similar to the most recent exploit, adding fuel to the 14 claimants’ assertion that bZx did nowhere near enough to adequately protect users from future attacks.
This is despite investors being told by the DAO’s creators when they stored their assets that “they need not ever worry about getting hacked or [anyone] stealing [their] funds.”
The plaintiffs also point out that, “the hack and subsequent theft were not the result of some complex scheme or unknown vulnerability in the code, but rather due to bZx’s simple negligence.”
In an email statement to Law360, the plaintiff’s attorney said:
“Those who form DAOs apparently believe that they can use the word ‘decentralized’ to evade corporate and individual responsibility.”
“The opposite is true: Without the protection of a corporation or limited liability company, everyone involved in a DAO’s governance is liable for the protocol’s negligence and illegality.”