A
French
court
recently
determined
that
Code
Is
Law.
Essentially.
And
the
decision
—
somewhat
ironically
for
an
industry
that
usually
accepts
that
exploits
happen
(and
may
even
be
a
necessary
step
towards
advancing
protocol
security)
—
has
put
DeFi
in
a
bind.
This
is
an
excerpt
from
The
Node
newsletter,
a
daily
roundup
of
the
most
pivotal
crypto
news
on
CoinDesk
and
beyond.
You
can
subscribe
to
get
the
full
newsletter
here.
In
February,
the
Avalanche-based
automated
market
maker
Platypus
Finance
was
breached,
with
the
thieves
making
away
with
$8.5
million.
As
is
now
routine,
the
attackers
were
quickly
identified
and
the
stolen
funds
traced
down.
What
happened
next
is
somewhat
atypical,
with
the
ultimate
results
possibly
setting
a
troublesome
precedent:
Platypus’
operators
and
community
decided
to
pursue
legal
action
against
brothers
Mohammed
and
Benamar
M.
(last
name
redacted
in
court
documents).
While
not
the
first
time
blockchain
thieves
have
been
brought
to
court,
the
situation
is
something
of
an
enigma
considering
that
crypto,
at
least
as
initially
conceived,
is
designed
to
operate
outside
the
bounds
of
the
law.
The
Bitcoin
blockchain
doesn’t
need
a
money
transmitter
license
to
function,
it
just
needs
to
exist.
Likewise,
since
the
earliest
days
of
the
crypto
industry,
the
goal
has
usually
been
to
design
systems
that
work
for
all
—
open,
global,
censor-resistant
platforms
do
what
they
do
whether
used
by
a
crook
or
a
saint.
See
also:
Calling
a
Hack
an
Exploit
Minimizes
Human
Error
|
The
Node
Key
to
this
egalitarian
standard
has
been
the
idea
that
the
code
is
the
code,
and
that
is
what
matters
most.
Judges,
regulators
and
politicians
may
try
to
set
parameters
around
what
types
of
financial
services
can
be
accessed
and
by
whom,
but
in
crypto,
such
restrictions
cannot
apply
(except
to
the
extent
that
centralized
companies,
like
Coinbase,
must
implement
KYC/AML
procedures).
There
is
some
debate
whether
Mohammed
was
being
sincere
when
he
argued
in
court
that
he
was
a
“white
hat”
hacker,
only
looking
to
keep
10%
of
the
proceeds
for
discovering
a
vulnerability
in
the
code.
He
claimed
he
was
an
“ethical
hacker”
who
took
the
“endangered
funds”
so
the
protocol
would
learn
a
lesson
and
plug
its
hole.
Likewise,
there
is
an
argument
to
be
had
whether
Platypus
acted
rightly
in
seeking
justice
through
the
legal
system.
The
victims
certainly
had
a
legal
right
to
press
charges,
as
any
victim
of
a
theft
would.
But
if
the
system
executes,
it
executes.
And
if
the
code
is
the
law,
then
all
users
have
to
live
with
the
fact
that
the
code
contained
a
vulnerability
that
was
exploited.
Curiously,
the
French
judge
overseeing
the
case
seemed
to
take
that
same
view
when
dismissing
the
charges
against
the
brothers.
According
to
a
Le
Monde
article,
he
compared
the
financial
exploit
of
Platypus,
which
seemingly
had
an
infinite
money
bug
(accessible
through
a
DeFi-native
“flash
loan”),
to
exploiting
a
vending
machine
to
get
extra
bags
of
chips.
Many
in
DeFi
are
calling
for
Platypus
to
appeal
the
controversial
decision
by
taking
the
matter
to
a
higher
court.
Code
may
be
code,
but
a
theft
is
a
theft,
they
argue,
and
restitution
is
justified.
This
seems
to
be
a
piece
with
the
growing
sense
of
maturity
across
the
industry.
A
decade
ago,
it
may
have
been
OK
to
say
crypto
could
self-regulate,
that
bad
actors
would
be
dealt
with
through
the
free
market
and
that
code
reigns
supreme.
“Stealing
is
bad,”
Rainbow’s
Mike
Demarais
said.
Today,
after
countless
DeFi
hacks,
the
proliferation
of
crypto
scams
and
the
implosion
of
exchange
like
Mt.
Gox,
it
seems
downright
irresponsible
and
naive
to
say
the
code
is
the
code
and
that
is
that.
Personally,
I
think
crypto’s
change
of
heart
is
for
the
better:
If
the
industry
is
to
grow,
it
needs
to
integrate
with
the
world,
and
that
means
integrating
with
the
law.
At
the
same
time,
I
recognize
that
what
makes
crypto
powerful
is
that
these
self–executing
platforms
are
extra-judicial.
Bitcoin
wouldn’t
be
Bitcoin
if
it
started
sanctioning
or
KYCing
users,
for
instance.
The
tech
itself,
as
the
code
is
written,
is
opinionated.
Crypto
has
a
bias
towards
anti-authoritarianism
and
equality
before
the
code.
But
crypto
isn’t
a
monolith,
and
this
is
a
complicated
topic
that
is
foundational
to
nearly
everything
that
has
been
built
in
blockchain
so
far.
CoinDesk
reached
out
to
a
number
of
protocol
founders
and
industry
expert
lawyers
to
get
their
take.
Neeraj
Agrawal,
head
of
communications
at
Coin
Center:
“We’ve
[Coin
Center]
always
taken
the
view
that
cryptocurrency
use
is
regulated
by
applicable
laws”
Scott
Lewis,
creator
of
DeFiPulse,
Slingshot
and
the
Canto
Network:
“I
might
be
misunderstanding,
the
exploiting
a
vending
machine
is
stealing
though,
right?
Is
that
an
example
in
favor
of
the
code
is
not
law
side?
Isn’t
that
the
canonical
‘code
is
not
law’
example?
Using
an
error
in
someone’s
code
to
take
people’s
money
is
not
OK,
and
it
shouldn’t
be
legal.
Laws
and
rules
around
smart
contract
hacks
are
unclear
and
should
be
clarified,
but
making
them
all
legal
is
not
the
answer”
Austen
Campbell,
Columbia
Business
School
professor
and
former
BUSD
portfolio
manager
at
Paxos:
“If
crypto
wants
to
go
mainstream,
it
needs
an
environment
where
regular
people
can
transact
with
confidence
and
know
the
rules
of
the
system,
not
be
at
the
mercy
of
exploits
and
hackers.
It
can’t
be
the
case
that
everyone
has
to
be
a
crypto
expert.”
David
Hoffman,
co-founder
of
Bankless:
“Code
is
Law
is
a
thought
experiment,
not
a
prescription.”
Christine
Kim,
Galaxy
Digital
vice
president
of
research:
“The
idea
that
‘code
is
law’
or
that
the
rules
enforced
and
not
enforced
by
a
smart
contract
have
the
final
say
over
who
owns
the
assets
on
a
blockchain
is
untrue
because
in
most
cases,
especially
DeFi
hacks,
protocol
teams
like
the
Kyber
development
team
will
rely
on
law
enforcement
for
the
retrieval
of
user
funds.
When
code
fails,
which
happens
with
some
frequency
with
DeFi
protocols,
the
law
is
the
law.”
Gwart,
gwart
of
gwart:
“Code
being
law
is
increasingly
difficult
with
the
complexity
of
the
system.
It’s
probably
naive
to
say
“code
is
law”
in
an
absolutist
way.
My
more
interesting
take
perhaps
is
that
these
types
of
decisions,
and
maybe
other
decisions
that
lean
on
law
being
law,
really
make
us
as
a
crypto
community
think
about
the
value
of
these
systems
if
they
are
ultimately
enforced
by
the
state.
I’m
not
sure
what
the
“correct”
equilibrium
is
here
but
I
do
sometimes
wonder
how
valuable
these
tools
can
be
if
contracts
are
ultimately
reliant
upon
common
law
or
state
law
or
whatever
to
work
out
these
situations.”
Jon
Rice,
former
editor
in
chief
of
Blockworks,
Cointelegraph,
Crypto
Briefing:
“The
concept
of
decentralization
is
about
increased
participation
in
our
financial
system,
not
about
anarchy.
‘Code
is
Law’
is
a
tenet
of
DeFi
that
essentially
absolves
the
deployer
of
responsibility,
and
passes
it
instead
to
the
user.
This
isn’t
a
recipe
for
greater
participation,
it’s
just
another
obstacle
for
the
average
user
–
and
thus
another
hurdle
for
our
industry
in
attracting
both
capital
and
users.
“It’s
encouraging
to
see
courts
begin
to
look
more
closely
at
guardrails
for
DeFi,
but
only
if
those
decisions
place
the
burden
of
responsibility
on
those
who
should
know
best:
The
people
creating
and
deploying
the
code.”
Conor
Ryder,
head
of
research
at
Ethena
Labs:
“On
one
side
I
agree
that
we
are
lobbying
for
code
to
replace
the
need
for
trust,
interpretations
of
law
etc.
Code
is
law
does
fit
that
narrative
but
I
do
think
it’s
too
extremist.
“It’s
a
very
dangerous
precedent
to
set
and
at
the
end
of
the
day
it’s
still
an
attack
on
a
security
vulnerability
—
if
a
Web2
company
had
a
similar
vulnerability
that
was
taken
advantage
of,
you
can
be
sure
that
there
would
be
legal
action
taken.
Encouraging
these
types
of
attacks
is
definitely
met
with
negativity
for
a
still
relatively
immature
space
and
if
he
really
was
an
‘ethical
hacker’
there
were
likely
more
subtle
ways
he
could
have
raised
the
issue
and
still
been
compensated.”
Cami
Russo,
co-founder
of
The
Defiant:
“I
interpret
code
is
law
as
whatever
the
outcome
is
to
code
that
is
executed
by
smart
contracts,
cannot
be
interfered
with
and
should
be
upheld
both
via
social
consensus
around
blockchains
and
also
in
actual
courts.
I
think
there
is
more
nuance
to
the
concept.
“I
believe
intent
matters
of
both
the
developer
of
the
code
and
the
user
of
the
code.
The
purpose
of
the
protocol
or
dapp
and
the
intention
of
the
user
of
that
dapp
should
be
taken
into
account.
If
a
user
of
a
protocol
is
achieving
a
certain
outcome
by
interacting
with
the
code
in
a
way
the
developers
did
not
intend,
then
that
should
weigh
into
whether
that
outcome
should
be
changed
or
reverted,
especially
if
other
users
are
hurt.
“A
simplified
way
of
seeing
this
is,
a
lock’s
intended
purpose
is
to
prevent
access
from
say
a
safe.
Someone
might
know
how
to
pick
that
lock
and
access
funds
inside
the
safe.
They
found
a
“vulnerability”
in
that
lock,
but
they’re
not
using
it
as
it
was
intended
and
they
have
produced
an
outcome
that
was
not
desired
by
the
manufacturers
of
the
lock
or
those
keeping
money
on
the
safe.
In
this
case,
external
parties
should
interfere
with
the
outcome.
The
same
is
true
for
smart
contracts.”
Nelson
Rosario,
founder
of
Rosario
Tech
Law
and
professor
of
law
at
Chicago-Kent
College
of
Law:
“There
will
always
be
a
space
for
Code
is
Law
interpretations
of
on-chain
activity,
but
whether
that
is
good
or
not
will
likely
be
a
case-by-case
determination.”
Maria
Bustillos,
Brick
House
co-founder:
“In
general
I
think
it’s
not
a
bad
idea
to
refer
to
the
[Bitcoin]
white
paper;
this
tech
was
developed
specifically
to
address
significant
weaknesses
in
legacy
financial
systems.”
Michelle
Lai,
Electric
Coin
Company
board
member
and
governance
councillor
and
Synthetix:
“The
code
is
law
camp
is
slowly
being
coerced
into
compliance,
for
the
sake
of
their
freedom.
I’m
not
saying
i
agree
fully
with
code
is
law,
nor
with
full
compliance,
but
the
Overton
window
shifted
towards
compliance
for
many
projects
that
might
have
been
more
pro-privacy,
due
to
the
heavy
handedness
and
cowboy
behavior
of
some
regulators.”
Eva
Beylin,
director
of
the
Graph
Foundation:
“Code
is
law
is
not
as
binary
as
we’re
making
it
seem.
Code
can
be
law
and
also
there
are
other
laws
that
we
abide
by.
In
the
case
of
the
French
decision
it’s
quite
frustrating
that
a
precedent
is
being
set
that
code
is
law
=
no
other
laws
apply.
For
example,
if
someone
enters
the
right
code
to
break
into
your
house,
isn’t
it
still
called
robbery/breaking
and
entering?
Just
because
they
followed
the
code
(aka
entered
the
pin),
doesn’t
mean
the
act
itself
surrounding
it
was
legal.
“Same
thing
with
sim
swaps
and
hacking.
Just
because
someone
got
access
to
your
sim
or
account
because
they
happened
to
know
your
password/pin
doesn’t
mean
that
it’s
not
illegal
(e.g.
doesn’t
mean
that
it’s
legal).”
Jared
Grey,
Sushi
CEO:
“Code
is
the
law
until
it’s
exploited
in
the
face
of
criminality,
when
the
general
rule
of
law
supersedes.
Tl;dr:
I
don’t
think
you
can
excuse
criminality
through
the
use
of
technology.
What
is
criminal
is
a
wider
discussion.”
Stephen
Palley,
litigation
partner
and
co-chair
of
Brown
Rudnick’s
Digital
Commerce
group:
“The
catchphrase
“Code
is
Law”
comes
from
a
book
written
by
law
professor
Larry
Lessig.
His
more
nuanced
discussion
of
this
concept
has
become
shorthand
by
people
working
on
crypto
projects
to
mean
something
like
‘anyone
who
interacts
with
a
blockchain
protocol
should
be
bound
by
anything
that
results
from
that
interaction
—
the
code,
well
or
poorly
written,
determines
and
is
the
final
boss
of
outcomes.’
Under
this
sort
of
rubric,
thus,
there
are
no
mistakes
and
the
concept
of
a
hack
or
exploit
isn’t
recognized.
Whether
or
not
U.S.
courts
will
follow
the
French
court’s
reasoning
remains
to
be
seen.
You
can
get
pretty
far
with
terms-of-service
or
a
user
agreement,
that
will
bind
a
user
to
consequences
and
to
accept
all
results,
whether
expected
or
unexpected.
It’s
less
certain
that
a
U.S.
court
will
agree
to
consequences
that
involve
conduct
that
appears
fraudulent
or
illegal,
as
the
general
rule
is
that
you
can’t
consent
to
a
crime.
Now,
there’s
a
ton
of
nuance
here
that
I
can’t
unpack
in
a
simple
quote
but
I
think
we
can
expect
some
US
Courts
in
some
circumstances
to
bind
users
to
the
results
of
irreversible
code,
as
long
as
the
consequences
of
software
errors
are
knowingly
and
voluntarily
waived.”
General
counsel
for
Alliance,
Mike
Wawszczak:
“Let’s
be
clear
about
what
“code
is
law”
might
mean
to
people
like
lawyers
and
judges.
It
cannot
mean
“code
trumps
law”
or
“code
is
on
equal
footing
as
law.”
Instead,
it
means
something
like
“the
law
defers
to
the
outputs
of
code
in
its
normal
functioning,
whether
that
code
is
well-written
or
not,
whether
the
function
was
intended
by
the
developer
or
not,
whether
other
users
of
the
code
are
affected
in
some
way
or
not.”
It’s
a
deference,
not
a
trump
card.
“The
judge
in
Platypus
appears
to
be
saying
that
there
is
no
reason
to
overrule
the
deference
here,
but
that
does
not
mean
another
judge
lacks
that
power.
James
McGirk,
content
lead
at
Spectral:
“It’s
a
shame
we’re
moving
away
from
our
original
principles,”
McGirk
says,
“But
it’s
a
sign
of
maturity.
Industry
is
starting
to
realize
there’s
more
to
blockchain
than
digital
rat
poison.”
Jake
Brukhman,
founder
of
CoinFund:
“In
general,
I
would
say
that
code
is
law
refers
to
transactional
hardness
and
often
lower
counterparty
risks
associated
with
blockchains.
This
is
a
key
and
central
innovation,
but
I
also
think
it
can
work
in
tandem
with
traditional
law.
Blockchain
primitives
are
tools
in
a
toolbox.
I
think
the
comparison
to
a
vending
machine
is
meaningful,
I’m
just
not
sure
what
conclusion
about
code-is-law
to
take
from
it.”
Paul
Dylan-Ennis,
professor
at
the
University
of
Dublin
and
CoinDesk
columnist:
“The
Platypus
case
brings
us
into
direct
contact
with
a
contradiction
in
DeFi.
On
one
hand,
we
want
hackers
to
be
punished.
On
the
other,
we
are
supposed
to
be
building
decentralized
protocols
that
take
the
state
out
of
the
mix.
Until
we
get
clear
on
what
Code
is
Law
really
means
we’ll
be
confused
by
decisions
from
the
traditional
legal
system.
The
way
I
see
it,
this
case
is
another
example
of
how
we
tend
to
have
these
concepts,
but
they
are
more
like
memes
than
well
thought
of
principles.
and
we
let
the
contradictions
hang
around
w/o
trying
to
solve
them.
I
agree
that
the
principle
is
worth
keeping,
though
I’d
veer
to
the
side
that
says
the
problem
is
actually
that
the
code
is
obviously
not
up
to
scratch
to
actually
be
our
law.”
Lex
Sokolin,
partner
at
Generative
Ventures
and
CoinDesk
columnist:
“We
want
to
be
in
a
place
not
just
where
code
is
law,
but
where
law
is
code,
and
where
arbitration
and
conflict
resolution
can
happen
through
digital
means.
Until
software
can
really
deal
with
the
many
complexities
of
human
behavior
—
perhaps
through
LLMs
[AI
software]
—
deterministic
and
narrow
software
implementations
like
smart
contracts
aren’t
sufficient
to
resolve
morally
complex
issues.
That’s
the
precedent
set
by
“the
DAO”
and
it
has
served
Web3
well.
Further,
law
most
often
is
the
collective
human
wisdom
codified
through
exceptions
and
errors.
It
is
not
recorded
in
a
modern
way,
but
it
comes
from
timeless
experience.
Crypto
needs
a
balance
between
anarchist
caveat
emptor
and
some
semblance
of
communal
rejection
of
immoral
actions.”
Krystal
Scott,
artist:
“I
do
agree
code
is
law
is
kind
of
the
whole
reason
for
everything
in
the
first
place.
If
everyone
just
started
going
to
court
we’re
going
to
eventually
just
end
up
back
in
the
exact
bureaucratic
structure
crypto
was
invented
to
escape
.
But
it
is
quite
comical
that
the
court
just
acquitted,
perhaps
the
bureaucracy
is
also
growing
and
adjusting
with
the
space.
Likely
it’s
all
just
coming
together
tbh
crypto
is
becoming
less
of
an
outsider
thing.”
Odysseas.eth,
of
Phylax:
I
think
that
code
is
law
is
a
silly
idea
because
we
give
value
to
Ethereum.
Ethereum
has
value
and
Ethereum’s
classic
doesn’t
because
we,
unanimously,
agreed
that
we
want
to
do
the
fork
to
roll
back
the
DAO
hack.
So,
it’s
always
the
social
layer
that
ends
up
giving
value
to
things.
Thus,
it
makes
sense
that
if
someone
makes
the
code
behave
in
a
way
that
the
original
designer
didn’t
want,
then
it’s
ok
to
pursue
legal
means.
If
someone
breaks
into
my
house,
they
make
the
door
or
window
behave
in
a
manner
that
was
not
intended
(e.g.
break
when
locked).
that
doesn’t
mean
that
as
a
society
we
accept
that
and
say
force
is
law.
“In
effect,
the
community
that
participates
in
the
network
(namely
the
miners
and
the
users
that
generate
the
fees)
are
the
sovereign
entities,
not
the
network
itself.
Because
the
sovereign
is
the
person
that
decides
the
exception.
That
watches
the
watchmen
sort
of
speak.
It’s
sovereign
value
because
we,
as
a
community,
can
decide
when
something
is
not
ok
and
do
something
about
it.
Fiat
is
not
because
it’s
not
the
community
that
decides,
but
a
small
clique
of
people
with
questionable
incentives.
Miguel
Morel,
CEO
of
Arkham
Research:
“In
the
online
world
of
decentralized
finance
it
makes
sense
that
code
is
law,
one
expects
smart
contracts
to
follow
whats
been
written
in
the
code
without
exception.
However,
humans
who
are
the
ones
using
these
smart
contracts
exist
in
the
physical
world
of
jurisdictions
and
stately
governance
—
this
supersedes
anything
written
in
code,
and
therefore
I’d
expect
it
to
take
precedence
over
anything
we
believe
in
crypto.”
L0la
L33tz,
author:
“Humans
have
been
trying
to
regulate
our
way
of
life
for
centuries,
but
math
will
always
route
around
our
systems.
Code
is
the
only
law
that
is
always
enforceable.
This
basically
means:
Even
if
this
case
was
decided
differently,
then
the
next
person
that
writes
[bad]
code
comes
along,
which
will
also
be
exploited,
and
there’s
really
nothing
that
can
stop
them,
and
you
can
try
to
‘enforce’
your
law,
but
maybe
they’re
smarter
and
won’t
get
caught
(i.e.
escape
the
law).
Scott
Fitsimones,
creator
of
AirGarage:
“If
you
leave
the
front
door
and
get
robbed,
it’s
still
a
crime.
Similarly,
courts
should
uphold
the
intent
of
smart
contract
even
if
there
was
a
programming
error
that
led
to
an
exploit.
It’s
a
win
for
the
whole
ecosystem
when
there
is
justice
and
consequences
for
bad
actors.
The
Platypus
case
sets
a
dangerous
precedent
that
the
legal
system
doesn’t
apply
to
smart
contracts.
The
French
court
is
saying
cops
aren’t
coming
because
the
front
door
was
left
ajar.”
Arthur
Brietman,
co-founder
of
Tezos:
‘Law
is
law,
and
depending
on
what
the
law
says,
it
won’t
always
align
with
code.
But
good
law
sets
defaults,
and
minimizes
the
need
for
parties
to
enter
into
contractual
agreements
to
depart
from
those
defaults.
This
is,
in
a
nutshell,
the
wisdom
of
Coase’s
theorem.
By
that
standard,
I
do
not
believe
that
strictly
following
the
code
is
the
best
a
legal
system
can
do,
there
is
room
to
define
meaningful
abuse
without
introducing
arbitrary
discretion.
This
does
not
mean
code
is
useless,
shifting
the
burden
of
a
legal
complaint
is
huge!
‘Defaults’
are
powerful.”
The
Blockchain
Socialist:
“My
view
on
code
is
law
comes
from
both
criticizing
the
original
phrase
from
Lawrence
Lessig
and
from
actually
talking
to
him
in
a
podcast
episode.
Essentially
code
can
act
as
an
instrument
of
social
control,
but
it
is
not
equivalent
to
law.
Real
legal
systems
possess
inherent
ambiguities
to
accommodate
diverse
situations,
which
code
often
lacks.
This
inflexibility
of
code
means
it
cannot
foresee
all
potential
scenarios
where
law
might
be
applied,
underscoring
the
limits
of
treating
code
as
law
where
courts
are
used
to
tackle
ambiguous
situations.
Rather
than
code
is
law,
I
prefer
saying
that
code
is
political.”
Mike
Demarais,
co-founder
of
Rainbow
wallet:
“Stealing
is
bad”
