EXCLUSIVE: ‘Code is Law’ documentary explores the void between DeFi and law
Upcoming documentary, Code Is Law: Crypto’s Unstoppable Heists, examines why, despite multi-million dollar hacks continuing to plague the sector, very few of those responsible ever appear in court.
The cryptocurrency industry, especially decentralized finance (DeFi), continues to feel like a financial wild west: full of promise, risk, and an ever-present sense of lawlessness.
With legal repercussions generally lacking, a sense of impunity for those able to game the system leads to doubts over where authority lies.
So, in a murky world of on-chain finance where millions are secured only through lines of code, what place do legacy legal systems have?
Protos got a sneak peek at the film and spoke to director James Craig, who, unlike many founders, developers, and security researchers who see “code is law” as little more than a meme, believes that the idea “still holds more weight than the industry wants to admit.”
If code is law, is there a way back?
In the mainstream, crypto is often seen as a dirty word. High profile blow-ups like FTX and Celsius made headlines around the world; their founders now sit in cells, and rightly so.
However, these are pretty standard white-collar crimes, the crypto element merely a coincidence rather than necessary. Like countless pre-crypto schemes they hinged on deception, and treating customer’s money like a personal piggy bank.
The “unstoppable heists” explored in James Craig and Louis Giles’ documentary, on the other hand, are something unique to the crypto world.
Once a vulnerability has been exploited, there’s no way back. Some even argue that “code is law”: in other words, if they’re smart enough to manipulate the system, they are entitled to the rewards.
Read more: $25 million Ethereum MEV exploit puts ‘Code Is Law’ on trial
If ByBit hack didn’t shift the conversation, what will?
The film takes as case studies a series of high-profile hacks stretching back to 2016. The stories of The DAO, Indexed Finance, Mango Markets and Kyber Network are told through slick montages, voiceovers and interviews from those directly involved.
Developers describe their unease at watching millions of dollars worth of crypto pour into smart contracts they’d written. Immutable code cannot be patched if a vulnerability is discovered.
When things go wrong (spoiler alert, they do), devs can only watch as funds are drained from their creations.
The developers’ responses are described in thrilling detail. From copycat-hacking their own protocol to save funds from the hacker, to tracking down the culprit via an unsavoury trail of clues linking ostensibly “anon” online personas.
Surprisingly, the narrative barely mentions the “hard-fork” of the then-fledgling Ethereum blockchain in response to The DAO hack. Such action “simply wouldn’t be feasible today, technically or politically”, says Craig.
If North Korea’s $1.5 billion hack of ByBit “didn’t shift the conversation, it’s hard to imagine what would.”
What can be done?
Craig gets the impression that “as the space matured… the consensus was that bad on-chain behavior needed real consequences.”
“Hacks will never disappear,” but “the ecosystem does seem to be getting better at protecting itself,” he says.
He praises initiatives like the Security Alliance, which coordinates incident response through experienced volunteers, a formalization of the frenetic responses recounted in the film.
However, self-policing in crypto is, by its nature, almost entirely reactive. Negotiations can be fruitful, but often the carrot of a bounty is ignored, and isn’t a deterrent anyway.
That leaves the risk of legal consequences as the stick.
One of the developers interviewed, Laurence Day, says that an “independent financial network… feels like moving away from banks… not from legal systems.”
But as Craig points out, “existing laws don’t map cleanly to smart contract exploits.”
This can lead to frustrated efforts to convict hackers, even when they admit their actions.
Read more: Avi Eisenberg seeks leniency in child porn and crypto sentencing
Only one case saw an attacker arrested for what he called a “highly profitable trading strategy” two months after asking “what are you gonna do, arrest me?”
While initially billed as a chance to set precedent on the “code is law” argument, the defence ultimately decided to cast doubt on the prosecution’s evidence base.
Despite an initial conviction, the charges were later vacated.
Aside from the rare dose of poetic justice, the documentary’s various antagonists have escaped punishment for their actions, so far.
Immutable code is a leap of faith
Despite the film’s major theme of self-executing code interacting with a faceless legal system, these are unavoidably human stories.
In the film, Day describes the painful parallels between himself and his project’s hacker. He’s called it “both the single worst day of my life and the catalyst for pretty much every single thing that I’ve done professionally since.”
Craig found that those facing a major exploit “described the same thing: total emotional and psychological exhaustion.”
He adds that developers may even “fear blowback themselves,” and hesitate to engage law enforcement.
Read more: What does Roman Storm’s guilty verdict mean for the wider DeFi sector?
Developers and auditors alike take on heavy responsibility. Deploying immutable code is a leap of faith for those who write it and lingering doubts are inevitable, especially as money rolls in and the stakes grow higher.
Crypto, and DeFi especially, is a new world whose rules are still being written, one line at a time. But if code is law, where are the consequences?
Code Is Law: Crypto’s Unstoppable Heists is released tomorrow. Watch the trailer here.
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.