[Proposal] Launching a DAO-Operated Zone — With KYC, Compliance, and Community Safety in Mind

Hi everyone,

As many of you know, I’ve been discussing this initiative with several members in private over the past weeks. It’s time we bring this conversation to the wider forum:

I’d like to formally propose that we move forward with launching a DAO-operated zone.

The key motivations behind this are simple:

:white_check_mark: Give the DAO direct control over a space we can shape according to our values.

:white_check_mark: Ensure it’s compliant — this includes implementing KYC (with reasonable limits), applying geo-blocks where required (e.g., OFAC compliance), and having clear boundaries to prevent misuse.

:white_check_mark: Protect the ecosystem — our primary goal is to prevent bad actors from exploiting the zone. A well-run DAO zone sends a strong message that we take responsibility seriously.

A well-maintained and active DAO zone will also make it far easier to onboard additional zone operators in the future. It serves as both a proof of concept and a signal of trust and maturity to the broader ecosystem.

I’d love to hear your thoughts — especially from those I’ve spoken with already — and move toward making this happen with strong consensus and community involvement.

Let’s do this right.

Please feel free to voice your thoughts and support of this?

6 Likes

Can we choose deposit and withdrawal limits?

2 Likes

We would be able to chose these limits however we need to ensure that we do not place the DAO at risk or open the floodgates for abuse.

We may be able to leverage the former PVL compliance officer for guidance on this matter.

3 Likes

Well done Toxic, I agree with your stance.
I hope that the whole community will standby it…

2 Likes

Happy to support this.

2 Likes

If is possible, I wish that Toxic can be the only spokesperson within the DAO-Operated Zone, communicating to the broad public any DAO decision.

2 Likes

lol this forum is where we communicate for all DAO matters :slight_smile:

1 Like

Toxic - this is an amazing idea. This will benefit the ecosystem and the community in many different ways.

Few cases i can think of our,

Institutional Onboarding
A compliant zone opens doors for institutional capital — especially for those who want to participate without operating their own zones.

Interoperable Model
Can be a scalable template for compliant zones across chain.

Freedom to Interact Peer-to-Protocol:
This empowers individuals and community members to interact directly with the protocol, without relying on institutions or zone mangers they’d prefer to avoid.

2 Likes

Speaking personally for this post (and not on behalf of the Foundation), I think this is an excellent proposal as it would be independent of any entity and governed by the DAO rather than rely on the willingness of entities to run and maintain zones.

Also do not take the following as legal advice and is more for general information and food for thought for the DAO community members to consider. It is not to be considered exhaustive either. Also apologies for the length but wanted to make sure the community consider these things seriously.

First of all I agree that it is of critical importance that any DAO-run zone chooses parameters that minimizes the risk of bad actors using it while allowing the majority of legitimate users sufficient room to make Panther a useful tool. As mentioned this means KYC verification, and preferably liveness checks which is supported by PureFi, the KYC/KYT provider of the canary network that has integration with Panther and conservative deposit/withdrawal limits. Eurobit as the Zone Manager, chose not to utilize the KYC/liveness feature of Purefi for the zone it runs on canary, instead purely relying on wallet screening and geo-blocking afaik.

Do note that the Foundation does not intend to deploy any zones of its own nor is it its function.

KYC/Liveness checks and Geo-blocking

For a mainnet DAO zone, it would make sense to use the full feature set of Purefi and it’s also a distinguishing factor of Panther vs other privacy smart contracts like Railgun/Privacy Pools which rely solely on Proof of Innocence/blacklists without KYC which has yet to be tested vs the more traditional approach that Panther takes which also encourages institutional adoption.

Despite this, reasonable deposit/withdrawal limits should be considered to minimize the risk of large hacks/laundered funds from going through Panther.

Geo-blocking OFAC sanctioned countries is prudent along with a consideration whether to allow US users or not. Just because the regulatory climate has changed, doesn’t mean it can’t change on a dime.

Blacklists, Responding to Legal requests

Blacklists of known bad addresses (such as OFAC) or those maintained by blockchain analysis companies is important as well.

As the DAO relies on voting and can be slow to enact decisions, the DAO should consider whether it wants to rely purely on on-chain voting or have a separate appointed Committee to manage and maintain black-lists. This Committee can perhaps consist of either people with a compliance background, Zone Managers and/or the KYC/KYT provider.

This committee can choose via multi-sig to selectively decrypt specific transactions if a lawful request is received. It can also add zAccounts to blacklists.

DAO LLC or General Partnership

Because of the Zone architecture, an important thing to think about is whether the DAO wishes to operate as is without a ‘legal wrapper’ which means it would be a general partnership or unincorporated association, which means that every person who “meaningfully participates” in governance can be jointly and severally liable. There’s some precedence for US regulators who have sued DAOs before (see Ooki DAO, Barnbridge DAO and bZeroX). and have managed to compel on-chain treasuries to pay and penalties against founders though thus far I have yet to see actions against non-founder individual token holders. The benefit of this is that it operates as is without additional setup and is the fastest way.

The other alternative which is legally preferable is to have a legal wrapper (a limited liability company) and there are some jurisdictions that allow you to register a DAO LLC. This means that members of the DAO are protected by the DAO LLC and that it’s the named defendant if anything goes wrong. The choice of where to incorporate is more complex as it determines where a regulator/third party must sue, what disclosures the entity must make (for e.g. VASP licenses) and what taxes it pays. An on-chain snapshot proposal to approve the wrapper is probably a way to start it along with some funds to pay the necessary fees.

Note that many DAOs don’t do this (even big ones) but it doesn’t mean that it’s the correct thing to do but rather because it’s more convenient not to incorporate and maintain. While it may be tempting to go unincorporated first then incorporate later, from a purely legal perspective, the sooner you incorporate the better especially prior to mainnet launch. However, this requires more effort and community members to step up to enable the DAO incorporation and also ongoing costs and maintenance.

I’ll share more when it comes to mind.

4 Likes

This is all very good information, I am just not entirely sure we would want to invest time and money in establishing an LLC since the DAO does not directly nor indirectly profit from users utilising the protocol in any actual way. We are just a collective of like minded people with the singular desire to have on chain private DEFI without exposing ourselves to the world.

I also previously reviewed the instance where a DAO was taken to court in the US and in that instance at the end of the day the case was in fact dismissed. Any thoughts from anyone else on this topic?

1 Like

Another topic on this matter - is since the DAO operated Zone will be generating some fees what would we do with such fees? Do we follow the same route as some other popular defi protocols and use those fees to reward governance stakers - if that is even a thing at the time or do we use those to buy and burn tokens instead? - Something else to think about. I believe establishing and having a treasury means there is the potential of liability and as such the DAO should be legally broke and have no funds at all.

1 Like

To summarise:

For KYC we can use PureFi and we can use all their security tools;

We can limit how people can deposit or withdraw (but this might risk to demotivate some big or small actors from using it);

Being able to blacklist bad actors;…

Legal part:
Anyone who votes or helps run it could be held legally responsible if something goes wrong (Ooki DAO and BarnBridge paid fines)…

For this reason a safer option is to create a legal company (like DAO LLC) to protect members from personal liability.
This way if regulators want to sue, they sue the company-not individual DAO members.

IMPORTANT: creating this company takes time and money, and community of course.

Is the Foundation going to pay for these fees?

Don’t they have already enough fees to pay all the rest? So who is gonna pay for the creation of the company?

A very good point, the DAO has no funds or funding, who will pay the costs of establishing such an LCC. Perhaps we could be like some of the privacy projects out there and receive an anonymous donation from someone to assist us in this initiative?

Again this all said - we don’t have to form an LLC - that brings much complexity, we are entirely able to just run this as a DAO, we are not the ZKP token and we did not sell the ZKP token to anyone, we are merely operating a zone using the protocol and the technology. We would be operating a zone in a protocol which uses a gas token which is available on the open market.

Some Considerations Regarding the Legal Situations of Other DAOs

For bZeroX and Ooki DAO

bZeroX was a leveraged trading platform. The protocol was compromised when its creators were phished, allowing hackers to drain its funds. In response, the creators launched a successor protocol, Ooki, and issued debt tokens to affected bZeroX users. However, many users found this remedy insufficient and pursued legal action.

During the court proceedings, it was noted that token holders could be considered part of a general partnership. However, no final determination on liability was made, and the case was eventually mutually dismissed.

Despite this, the CFTC imposed penalties on bZeroX, LLC and its founders for illegally offering leveraged and margined retail commodity transactions involving digital assets. The agency also pursued action against Ooki DAO, which the court recognized as a legal entity capable of being sued. Notably, the court did not assign liability to any individual DAO member. It’s also worth mentioning that Ooki DAO never formally responded to the case and only geo-blocked U.S. users after legal action was initiated.

BarnBridge DAO

In the BarnBridge case, the DAO offered bond-like products, prompting SEC action for offering unregistered securities. There was no apparent effort to prevent U.S. citizens from purchasing these products. The SEC did not classify the DAO itself as the issuer; instead, it focused on the investment pool in question.

As a result, the question of liability became ambiguous. Could it fall on token holders, those who voted on the pool, the developers, the deployers, or the founders? Ultimately, both founders agreed to pay fines to settle the matter.

Samuels v. Lido DAO

In this case, Samuels purchased Lido tokens, which he later sold at a loss. He sued Lido DAO, alleging it had offered unregistered securities. The court found that Lido’s largest investors could be considered part of a general partnership. However, it ruled that Samuels himself, as a simple token holder, was not a partner. Still, the court left open the possibility that further discovery could reveal facts supporting such a relationship.

Samuels is currently pursuing legal action against the large venture capital firms involved with Lido, accusing them of soliciting unregistered securities.

From what I can see, there are three core elements to consider: Classification, Jurisdiction, and Liability.

Classification:

bZeroX and Ooki were classified as offering illegal leveraged/margined commodity trades.

BarnBridge was seen as offering unregistered securities.

In Lido’s case, the tokens were argued to be securities, and the DAO structure was scrutinized as a potential general partnership.

Jurisdiction:

The CFTC and SEC have asserted jurisdiction over DAOs when their activities fall under the agencies’ regulatory authority.

All cases emphasized the importance of conducting activities involving the U.S. or sufficiently preventing U.S. citizens from participating.

Liability:

In Ooki, while the DAO was sued, no individual was held personally liable.

In BarnBridge, the founders assumed liability.

In Lido, plaintiffs consider that venture capital investors could be liable due to their activities within the DAO.

https://www.courtlistener.com/docket/63281750/sarcuni-v-bzx-dao/

https://www.courtlistener.com/docket/65369411/commodity-futures-trading-commission-v-ooki-dao/

https://www.courtlistener.com/docket/68095676/samuels-v-lido-dao/

1 Like

Taking all of the above into account:

If we effectively restrict access to the protocol for U.S. citizens, and if the Zone is not involved in activities that could be interpreted as commodities trading or the offering of securities, then the SEC and CFTC should have no grounds for regulatory action.

As for potential lawsuits from individuals, that will depend largely on jurisdiction and liability. For example, a California court has suggested that DAO token holders could potentially be treated as forming a general partnership, which could expose them to certain legal risks. That said, we do not permit U.S. citizens to access the protocol, so any judgment made under U.S. law may not carry the same weight or apply in other jurisdictions.

Even if a DAO were to be successfully sued, the impact would depend heavily on the jurisdiction of the court. Enforcing a judgment—identifying liable parties and collecting damages—would be a major challenge. Consider a scenario where a North Korean court “successfully” sues; such a ruling would have little to no practical effect. On the other hand, a ruling from a European court could carry more weight and lead to different considerations.

2 Likes

I do support this. Let’s do it!

2 Likes