After the world's first major DAO case, how much longer can the "decentralized facade" of on-chain lending hold up?

Written by: Mankiw

Introduction

“As long as the code is sufficiently decentralized, there is no legal entity, and regulators have nowhere to start.” — This has long been considered a safe haven by many on-chain lending entrepreneurs. They attempted to build an “algorithmic bank” without a CEO or headquarters.

However, with the enforcement action in the Ooki DAO case in the US, this “de-personalized” cloak is being pierced layer by layer by regulators. Under a stricter “look-through regulation” logic, how much further can on-chain lending go?

On-chain Lending: Web3’s Autonomous Bank

On-chain lending can be understood as an unmanned automated lending machine, with main features including:

Automated liquidity pools: Lenders deposit funds into a public pool managed by code and immediately start earning interest.

Overcollateralization: Borrowers must provide collateral greater than the loan amount to control risk.

Algorithmic interest rates: Rates are automatically adjusted by algorithms according to supply and demand, making them fully market-driven.

This model removes the intermediary role of traditional banks, enabling a global, automated lending market that runs 24/7 without manual approval, executed entirely by code. It greatly improves capital efficiency, unlocks asset liquidity, and provides native leverage to the crypto market.

Idealism: Why Do Entrepreneurs Pursue “De-personalization”?

In traditional finance, banks and lending platforms are clearly defined legal entities, so you know who to hold accountable if something goes wrong. On-chain lending, by design, tries to erase the “who.” It is not just about anonymity, but about a system architecture, mainly in two aspects:

1. Counterparty is Code, Not People

You no longer sign contracts with any company or individual, but interact directly with a public, self-executing smart contract. All lending rules, such as interest rates and collateral ratios, are hard-coded. Your counterparty is the program itself.

2. Decisions by the Community, Not Management

There is no board of directors or CEO. Major upgrades or parameter changes are decided by globally distributed governance token holders through voting. Power is decentralized, so responsibility also becomes ambiguous.

For entrepreneurs, choosing “de-personalization” is not just about ideals, but also a practical survival strategy. The core aim is to defend against:

Regulatory risk: Traditional lending requires expensive licenses and strict compliance. Positioning oneself as a “technology developer” instead of a “financial institution” is meant to bypass those barriers.

Liability risk: If a hack or other event causes user losses, the team can argue “the code is open source, the protocol is non-custodial,” attempting to avoid the compensation responsibility that traditional platforms face.

Jurisdictional risk: With no physical entity and servers distributed globally, it’s hard for any single country to shut it down. This “cannot be shut down” feature is the ultimate defense against geopolitical risks.

Reality Check: Why “Code Is Innocent” Doesn’t Work

A. Regulatory Risks:

Regulators’ concerns about on-chain lending stem from three core risks that cannot be ignored:

1. Shadow Banking:

On-chain lending essentially creates credit, but operates entirely outside central banks and regulatory systems—a classic case of shadow banking. If there is a large price drop, triggering cascading liquidations, it can cause systemic risk that impacts the entire financial system.

2. Illegal Securities:

When users deposit assets into a pool to earn interest, US regulators like the SEC see this as resembling the issuance of unregistered “securities” to the public. As long as returns are promised and provided, no matter how decentralized the technology, it may violate securities laws.

3. Money Laundering Risk:

The pool model is easily exploited by hackers: they deposit stolen “dirty” funds as collateral, borrow clean stablecoins, break the link in the money trail, and launder money with ease—posing a direct threat to financial security.

Regulatory Principle: Substance Over Form

Functional regulation: Regulators don’t care if you’re a company or code; they care only about whether you’re effectively engaging in banking activities—taking deposits and making loans. If you’re doing financial business, you’re subject to financial regulation.

Look-through enforcement: If there’s no clear legal entity to hold accountable, regulators will go after the developers and core governance token holders behind the scenes. The Ooki DAO case set a precedent: even voting members can be held liable.

In short, “de-personalization” just makes the system seem “driverless,” but if it threatens financial security or harms investors, regulators—the “traffic cops”—will issue fines and find a way to locate the hidden “owner.”

B. Misconceptions:

Many entrepreneurs have tried to evade regulation in the following ways, but these defenses have proven fragile. Here are 4 common misconceptions:

Misconception 1: DAO Governance Means No Liability: Decisions are made by community vote, so the law won’t punish the crowd.

In the Ooki DAO case, governance token holders who voted were also deemed managers and penalized. If a DAO is unregistered, it can be seen as a “general partnership,” where each member bears unlimited joint liability.

Misconception 2: Just Writing Code, Not Operating: I only developed the open-source smart contract; someone else deployed the front end.

Even though EtherDelta was a decentralized trading protocol, the SEC found founder Zachary Coburn liable for writing and deploying the smart contract and profiting from it, holding him responsible for running an unregistered exchange.

Misconception 3: Anonymous Deployment Means Untraceable: Team identities are hidden, server IPs concealed, so they can’t be traced.

Absolute anonymity is nearly a myth! Cashing out on centralized exchanges, code repository commits, and social media activity can all expose identities.

Misconception 4: Offshore Structure Is Out of Reach: The company is in Seychelles, the servers are in the cloud, so the US SEC has no jurisdiction.

The US’s “long-arm jurisdiction” is extremely aggressive. If even one US user accesses the service or if transactions involve USD stablecoins, US regulators may claim jurisdiction. BitMEX was heavily fined and its founders sentenced for this reason.

Entrepreneurial Dilemma: The Practical Challenges of Complete “De-personalization”

When entrepreneurs choose absolute “de-personalization” to evade regulation, they face significant obstacles:

1. Unable to Sign Contracts, Difficult to Cooperate

Code cannot sign contracts as a legal person. If you need to rent servers, hire auditors, or collaborate with market makers, no one can sign on behalf of the protocol. If a developer signs personally, they bear the responsibility; if no one signs, it’s impossible to partner with major institutions.

2. Cannot Defend Rights, Code Easily Copied

Web3 values open source, but that means competitors can legally copy your code, interface, and even your brand with slight modifications (“forking”). Without a legal entity, it’s nearly impossible to protect your intellectual property through lawsuits.

3. No Bank Account, Fundraising and Payroll Blocked

DAOs have no bank accounts, making it impossible to directly receive fiat investment or pay employees and social security. This severely limits talent recruitment and blocks access for traditional institutional funding.

4. Slow Decision-Making, Missed Crisis Response

Giving all decision-making power to the DAO community means any major decision requires lengthy proposals, discussions, and voting. In the event of a hack or extreme market volatility, this “democratic process” may cause the project to miss the best response window—making it less efficient than centralized competitors.

Compliance Path: How Entrepreneurs “Rebuild the Entity”

Facing reality, top projects no longer pursue absolute de-personalization and instead move toward a pragmatic “Code + Law” model, centered on building a compliant “wrapper” for the protocol.

Currently, three mainstream compliance structures exist:

1. Dual-Layer Structure Separating Development and Governance:

Operating Company: Register a regular software company in Singapore or Hong Kong, responsible for front-end development, hiring, and marketing. It claims to be a “technology service provider” and doesn’t touch financial business directly.

Foundation: Establish a non-profit foundation in the Cayman Islands or Switzerland to manage the token treasury and community voting. It serves as the legal representative of the protocol and bears ultimate responsibility.

2. DAO Limited Liability Company:

Use the laws of places like Wyoming in the US or the Marshall Islands to register the DAO itself as a limited liability company. This limits members’ liability to their investment and avoids the risk of unlimited joint liability.

3. Compliant Front-End and Permissioned DeFi:

Although the underlying protocol can’t prevent anyone from using it, the official website operated by the project team can screen users:

Geo-blocking: Block IPs from sanctioned or high-risk regions.

Address screening: Use professional tools to block known hacker and money-laundering addresses.

KYC pools: Work with institutions to offer lending pools exclusively for users who have completed identity verification.

Conclusion: From “Code Utopia” to “Compliant New Infrastructure”

The next explosive growth area for on-chain lending will undoubtedly be RWA—bringing real-world assets (like government bonds and real estate) on-chain. To attract trillions of dollars in traditional capital, a clear legal entity and compliance structure are the entry ticket.

Compliance is not a betrayal of original ideals, but a necessary step for Web3 projects to go mainstream. The future of on-chain lending is not a binary choice between “decentralization or compliance,” but a dual-track integration of “code autonomy + legal entity.”