Mankiw Research: After the world's first DAO case, how long can the "decentralized cloak" of on-chain lending last?

“As long as the code is decentralized enough, there is no legal entity, and regulation has no way to intervene.” This was once the sanctuary that many on-chain lending entrepreneurs believed in. They were trying to build an “algorithmic bank” without a CEO or headquarters.

Author: Zhang Qianwen, Attorney at Law, Mankiw Blockchain Legal Services

introduction

“As long as the code is decentralized enough, there is no legal entity, and regulation has no way to intervene.” This was once the sanctuary that many on-chain lending entrepreneurs believed in. They were trying to build an “algorithmic bank” without a CEO or headquarters.

However, with the penalties imposed on the Ooki DAO case in the United States, this veil of "de-substantive" secrecy is being pierced layer by layer by regulatory agencies. Under the stricter logic of "penetrating regulation," how far can on-chain lending really go?

On-chain lending: Web3's autonomous banks

On-chain lending can be understood as an automated lending machine that operates without human intervention. Its main functions include:

• Automated Funds Pool: Lenders deposit money into a public pool managed by code and immediately begin earning interest.
• Over-collateralization: Borrowers must pledge assets exceeding the loan amount to control risk.
• Algorithmic interest rate setting: The interest rate is automatically adjusted by an algorithm based on the supply and demand of funds, and is completely market-driven.

This model eliminates the intermediary role of traditional banks, enabling a 24/7 global automated lending market. It requires no manual review and is entirely executed automatically by code, greatly improving the efficiency of capital utilization, releasing asset liquidity, and providing a native source of leverage for the crypto market.

• The ideal is lofty: Why do entrepreneurs pursue "de-subjectification"?

In traditional finance, banks and lending platforms have clearly defined corporate entities, so it's clear who to contact if problems arise. However, on-chain lending, by design, attempts to eliminate the concept of "who." It doesn't pursue simple anonymity, but rather a system architecture, primarily manifested in two aspects:

1. The opponent is code , not people.

Instead of signing contracts with any company or individual, you interact directly with a public, automatically executing smart contract. All lending rules, such as interest rates and collateral ratios, are hardcoded into the code. Your counterparty is this program.

2. Decision-making is based on the community, not management.

The protocol has no board of directors or CEO. Major upgrades or parameter adjustments are decided by a vote of governance token holders distributed globally. Power is decentralized, thus blurring the lines of responsibility.

For entrepreneurs, choosing "de-subjectification" is not only an ideal but also a realistic survival strategy , with the core purpose of defense:

• Defying regulations: Traditional lending requires expensive financial licenses and adheres to strict rules. Positioning itself as a "technology developer" rather than a "financial institution" aims to circumvent these barriers.
• Defensive liability: When users suffer losses due to events such as hacking attacks, the team can claim that "the code is open source and the protocol is unmanaged" in an attempt to avoid liability for compensation like traditional platforms.
• Defensive jurisdiction: With no physical presence and servers spread globally, it is difficult for any single country to easily shut it down. This "unshutdownable" characteristic is its ultimate defense against geopolitical risks.

The reality is harsh: Why doesn't the "code is innocent" approach work?

I. Regulatory Risks :

Regulators' wariness of on-chain lending stems from three core risks that cannot be ignored:

1. Shadow banking:

On-chain lending, while essentially creating credit, operates entirely outside the central bank and financial regulatory system, making it a typical shadow banking activity. A large-scale price drop could trigger a chain reaction of liquidations, creating systemic risk and impacting the entire financial system.

2. Illegal securities:

Users depositing assets into a fund pool to earn interest is seen by regulators such as the U.S. SEC as very much like issuing an unregistered "securities" to the public. Promising and providing returns, regardless of how decentralized the technology, may violate securities laws.

3. Money laundering risks:

The fund pooling model is easily exploited by hackers: they deposit stolen "money" as collateral, then lend out clean stablecoins, cutting off the traceability of the fund chain and easily completing money laundering, which poses a direct threat to financial security.

Regulatory principle: Substance over form

• Functional regulation: They don't care whether you're a company or just code; they only care whether you're actually doing the work of a bank, attracting deposits and making loans. If you're engaged in financial business, you're subject to financial regulation.
• Penetrating enforcement: If there is no clear legal entity to hold accountable, they will directly trace it back to the developers and core governance token holders. The Ooki DAO case is a precedent, where members who participated in governance voting were also held accountable.

Simply put, "de-subjectification" only makes the system appear to be "driverless," but as long as it may endanger financial security or harm investors, the regulator, like a traffic policeman, will definitely issue a ticket and try to find the "owner" hiding behind the scenes.

II. Cognitive Misconceptions:

Many entrepreneurs attempt to circumvent regulations in the following ways, but these defenses have proven to be very fragile. The following four points are common misconceptions:

• Myth 1: DAO governance is exempt from liability: decisions are made by community vote, and the law does not punish the masses.

In the Ooki DAO case, token holders who participated in the voting were also identified as administrators and punished. If a DAO is not registered, it may be considered a "general partner," and each member will bear unlimited joint and several liability.

• Myth 2: Only writing code, not operating: I only developed the open-source smart contract, and the front-end was deployed by someone else.

Despite EtherDelta being a decentralized trading protocol, the SEC determined that founder Zachary Coburn wrote, deployed, and profited from smart contracts, and therefore bears responsibility for the unregistered exchange.

• Myth 3: Anonymous deployments cannot be detected: Team identities are hidden, server IPs are concealed, and they cannot be tracked.

Absolute anonymity is almost a false proposition! Funds can be converted into cash on centralized exchanges, code repository commit records, and social media information can all expose one's identity.

• Myth 4: Offshore architecture is beyond the jurisdiction of the US SEC: The company is located in Seychelles, but the servers are in the cloud, so the US SEC has no jurisdiction.

The United States' "long-arm jurisdiction" is very strong. If even one US user accesses or transacts involving US dollar stablecoins, US regulators can assert jurisdiction. BitMEX was heavily fined as a result, and its founder was sentenced.

The Entrepreneur's Dilemma: The Real-World Challenge of Complete "De-Subjectification"

When entrepreneurs choose to completely "de-identify" themselves in an attempt to circumvent regulations, they face numerous obstacles:

1. Unable to sign a contract, cooperation is difficult.

Code cannot act as a legal entity to sign contracts. When it comes to leasing servers, hiring auditing firms, or collaborating with market makers, no one can sign the agreement on behalf of the developer. If the developer signs it personally, that individual will bear the responsibility; if they do not sign, it will be impossible to establish partnerships with reputable, large institutions.

2. Unable to protect their rights; code is copied at will.

Web3 champions open source, but this means competitors can legally copy your code, interface, and even brand entirely, making only minor modifications (i.e., "forking"). Without a legal entity to enforce this, it's difficult to protect your intellectual property through lawsuits or other means.

3. Lack of a bank account hinders salary payments and financing.

The lack of a bank account prevents DAOs from directly receiving fiat currency investments, paying employee salaries, and contributing to social security. This severely limits recruitment and hinders the entry of funds from traditional large investment institutions.

4. Slow decision-making, missing opportunities for crisis management.

Delegating decision-making power entirely to the DAO community means that any important decision will require a lengthy process of proposal, discussion, and voting. In the event of a hacker attack or severe market volatility, this "democratic process" could cause projects to miss the optimal response time and become unable to compete efficiently with centralized counterparts.

Compliance Path: How Entrepreneurs Can "Rebuild Their Identity"

Faced with reality, top-tier projects no longer pursue absolute de-subjectification, but instead turn to a pragmatic "Code + Law" model, the core of which is to establish a compliant "shell" for the protocol.

The three main compliance architectures currently in use:

1. A two-tier architecture for development and governance:

• Operating Company: A typical software company registered in Singapore or Hong Kong, responsible for front-end development, recruitment, and marketing. It describes itself as a "technology service provider" and does not directly engage in financial business.
• Foundation: A non-profit foundation established in the Cayman Islands or Switzerland, responsible for managing the token treasury and community voting. It acts as the legal embodiment of the protocol and bears ultimate responsibility.

2. DAO Limited Liability Company:

By directly utilizing the laws of Wyoming or the Marshall Islands, the DAO itself can be registered as a new type of limited liability company. This limits the liability of members to the amount they have invested, avoiding the risk of unlimited liability.

3. Compliant Front-End and Permissioned DeFi:

While the underlying protocol cannot prevent anyone from using it, the official website operated by the project team can filter users:

• Geographic blocking: Block access from IPs located in sanctioned or high-risk areas.
• Address screening: Use professional tools to block known hacker and money laundering addresses.
• Establish a KYC-compliant funding pool: A lending pool established in partnership with institutions specifically for professional users who have completed identity verification.

Conclusion: From "Code Utopia" to "Compliant New Infrastructure"

The next big thing for on-chain lending is undoubtedly RWA, which will bring real-world assets (such as government bonds and real estate) onto the blockchain. However, to handle trillions of dollars in traditional funds, a clear legal entity and compliance structure are essential for entry.

Compliance is not a betrayal of our original mission, but an essential path for Web3 projects to move into the mainstream. The future of on-chain lending will not be a binary choice between "decentralization or compliance," but a dual-track integration of "code autonomy + legal entity."

Disclaimer: As a blockchain information platform, the articles published on this site represent only the personal views of the authors and guests and do not reflect the position of Web3Caff. The information contained in the articles is for reference only and does not constitute any investment advice or offer. Please comply with the relevant laws and regulations of your country or region.