Decentralized Autonomous Organizations (DAOs): An Evergreen Guide to On‑Chain Governance

In crypto, one of the most influential innovations in organizational design is the decentralized autonomous organization, or DAO: a collective that coordinates resources and decision‑making through rules encoded in smart contracts on a blockchain. DAOs aim to let token holders or members propose, debate, and vote on changes without centralized management, turning governance itself into programmable infrastructure.

DAOs sit at the center of Web3’s promise to make finance, games, and online communities collectively owned rather than run by a single company, but a decade of experimentation has shown that “decentralization” is not a magic word. The original 2016 venture fund known simply as “The DAO” raised 12.7 million ETH before a reentrancy vulnerability allowed an attacker to drain roughly a third of its assets, forcing a controversial Ethereum hard fork and leaving a permanent scar on the ecosystem. Since then, protocol DAOs like Aave, Curve, JustLend DAO, Kelp DAO, Stake DAO, gaming DAOs, and ecosystem treasuries such as Dash’s have explored a wide range of governance models, incentive structures, and legal wrappers, with mixed results in participation, security, and resilience. Recent exploits, including the Kelp DAO bridge attack that siphoned about 116,500 rsETH via compromised off‑chain infrastructure, show that decentralized governance does not automatically mean robust operational security. At the same time, new research on delegated voting, better incident response practices, and ongoing regulatory work on how to treat DAOs under existing law suggest that the model is maturing rather than fading. This explainer surveys what DAOs are, how they work in practice, where they fail, and how governance is evolving in leading DeFi and gaming communities, with the goal of equipping a crypto‑native reader to evaluate DAO designs with a clear, critical lens.

What Is a DAO?

A decentralized autonomous organization is best understood as an organization whose key rules and resources are managed directly by software deployed on a distributed ledger, usually a public blockchain such as Ethereum. Instead of a traditional company charter or bylaws that are enforced by courts and executives, a DAO’s constitution lives in smart contracts that define who can propose changes, how votes are counted, and how funds are spent. Membership is often represented by tokens—sometimes fungible governance tokens, sometimes non‑fungible membership passes, and sometimes protocol positions such as liquidity provider tokens—that grant voting power or access to benefits. In theory, this architecture allows people who may never meet, and who are scattered across jurisdictions, to coordinate capital and work without a single party having unilateral control over the treasury or roadmap.

The term “DAO” gained mainstream visibility with the 2016 launch of The DAO, an Ethereum‑based venture capital vehicle whose token holders would collectively vote on which projects to fund and how to deploy the pooled ETH. That experiment ended infamously when an attacker exploited a reentrancy bug in the DAO’s smart contracts and siphoned about 3.6 million ETH, forcing an emergency hard fork of Ethereum and leaving the unforked chain to continue as Ethereum Classic. Although that hack highlighted how fragile poorly designed smart contracts can be, it also crystallized the concept: a DAO is not merely a multisig wallet or a Telegram chat, but a set of on‑chain rules that determine what can happen to treasury assets and protocol parameters. Since then, the term has broadened to cover everything from DeFi protocol governance to NFT collector clubs and gaming guilds, but the common thread is that collective decisions are constrained and executed by smart contract logic.

In practice, there is a spectrum between “pure” DAOs, which exist only as a decentralized smart contract system, and “wrapped” DAOs that are connected to a legal entity such as a foundation, LLC, or association. A pure DAO might hold a protocol treasury and upgrade code through on‑chain votes without any incorporated entity behind it, leaving regulators and courts to puzzle over who, if anyone, is responsible when things go wrong. A wrapped DAO, by contrast, might route ownership of its IP and core contracts through a conventional legal vehicle, which then recognizes the DAO’s votes as binding instructions. This distinction matters for liability, taxation, and enforceability, and it has become more salient as DAOs move from experimental communities to platforms controlling billions of dollars of user funds.

From the perspective of users interacting with a DeFi protocol or restaking platform, the presence of a DAO means that key parameters—interest rate curves, collateral lists, risk frameworks, fee schedules, reward emissions, or even which bridge provider to use—are not set by a centralized team alone but can be changed by token holder governance proposals. Aave, for example, explicitly allows AAVE and related token holders to submit, deliberate on, and vote for governance proposals that adjust the protocol, in a documented multi‑stage process. JustLend DAO, which operates on Tron, uses governance to approve major upgrades such as its SBM V2 overhaul and to configure recurring supply‑mining campaigns for USDD. For an end user, this means that the “terms” of the protocol are potentially more transparent and adjustable, but also that governance risks—low participation, capture by large holders, rushed upgrades, or malicious proposals—are part of the risk surface.

Core Properties and Design Goals

At a high level, DAOs pursue three intertwined design goals: decentralization, autonomy, and on‑chain verifiability. Decentralization refers to the dispersion of decision‑making power among many stakeholders rather than concentrating it in a board or CEO. Autonomy refers to the ability of the organization to operate through predefined code without constant human discretion, at least for routine operations such as issuing rewards or adjusting interest rates within a preset band. On‑chain verifiability refers to the fact that the rules and state changes can be inspected directly on the blockchain, allowing any observer to confirm that votes were counted correctly or that treasury transfers followed authorized proposals. These properties differentiate DAOs from traditional corporations, which may offer shareholder votes but rely on off‑chain processes and discretionary enforcement.

In reality, DAOs vary widely in how far they push each of these dimensions. Some DeFi DAOs keep a “guardian” multisig with emergency powers to pause the protocol or veto clearly malicious governance proposals, trading pure autonomy for safety. Others, especially in the wake of high‑profile governance attacks, have implemented timelocks that delay the execution of successful proposals to allow for public review and response. The Aave governance process, for instance, explicitly includes steps like temperature checks, off‑chain Snapshot votes, technical reviews, and only then an on‑chain Aave Improvement Proposal vote, with minimum participation thresholds and the possibility to halt changes if security concerns arise. These kinds of guardrails blur the line between algorithmic autonomy and human oversight, but they are often essential if the DAO is to remain secure at scale.

An equally important design axis is how voting power is allocated. Many early DAOs adopted a simple one‑token‑one‑vote mechanism, where voting weight is proportional to the number of governance tokens held or delegated. Research and industry experience have shown that this can lead to severe concentration of voting power, as large holders or delegates control the outcome of most proposals. Recent academic work on DAO governance, including studies on mitigating voting power concentration, has explored alternative mechanisms such as delegated voting schemes, capped voting, or multi‑house governance to balance efficiency and fairness. In response, many DAOs now blend token voting with delegation, reputation systems, or lock‑ups, attempting to align voting power with long‑term commitment and expertise rather than just raw capital.

Finally, DAOs often embed economic incentives directly into their governance structures. Protocols like Curve coordinate liquidity incentives through “gauges” that distribute token emissions to pools selected by veCRV holders, effectively paying users to allocate liquidity according to governance preferences. JustLend DAO’s USDD V2.0 supply mining campaigns use governance‑authorized reward programs to attract stablecoin deposits by promising a target APY, with parameters that can be adjusted in successive phases. These mechanisms make the DAO not just a passive decision forum but an economic engine that shapes user behavior, for better or worse.

Danicjade

Jun 26, 2026

View article →

Aave founder Stani Kulechov dismisses reports of a Payward stake sale at a 70% discount, saying AAVE isn't for sale as DAO revenue tops $134M annually

The Block • Jun 26, 2026

Top Comment

Benthic

Jun 26, 2026

$50M buyback framework against a ~$1.3B AAVE mcap is why the discount rumor had teeth: this isn't a passive governance token waiting for someday value accrual. Aave has already pushed toward surplus distribution via Umbrella, treasury-funded buybacks, GHO revenue, and Chainlink SVR liquidation MEV, so any strategic stake sale would reprice DeFi cash-flow tokens way beyond AAVE. A forced-looking 70% print would have handed bears a comp; Stani killing it fast keeps the valuation debate on protocol economics instead of cap-table distress.

From The DAO Hack to Modern DAO Governance

To understand why today’s DeFi DAOs obsess over audits, governance guards, and incident response, it helps to revisit the story that coined the term “DAO” for most of the industry. The DAO launched in 2016 as an experiment in decentralized venture capital, allowing anyone to send ETH to a smart contract in exchange for tokens that conferred voting rights over which projects to fund. It quickly attracted unprecedented capital, raising about 12.7 million ETH—at that time roughly 14 percent of all ETH in existence—and became one of the largest crowdfunding events in history. The enthusiasm rested on a simple narrative: code would govern capital more impartially and transparently than a traditional fund manager, and profits from successful investments would flow back to token holders.

Under the hood, however, The DAO’s contracts contained a subtle but devastating bug: a reentrancy vulnerability in the withdrawal logic that allowed an attacker to repeatedly drain funds before the contract could update balances. In a reentrancy attack, a malicious contract invokes a function on the target contract that sends it funds, and during that external call, the malicious contract calls back into the vulnerable function again, exploiting the fact that the target has not yet updated its internal state. Because The DAO’s contract sent ETH before updating the user’s token balance, a carefully crafted attacker contract could recursively withdraw in a loop, causing the same DAO tokens to be “refunded” multiple times before the system realized anything had changed. This design violated what is now a standard safety pattern in smart contract development: checks, then effects (state updates), and only then interactions with external contracts.

When the attack was launched, the bug had already been noted publicly, and community members were debating fixes that required governance approval and possibly a new deployment of the contract. The attacker acted before those mitigations could be implemented, siphoning off approximately 3.6 million ETH—over a third of the DAO’s holdings—into a “child DAO” controlled by the attacker. Because of the contract’s rules, there was a delay before the attacker could withdraw the funds completely, giving the Ethereum community time to debate a response. After intense controversy about whether it was legitimate to “rewrite history,” the network executed a hard fork that effectively reversed the hack by moving the stolen ETH to a refund contract, while a minority of participants rejected the fork and continued the original chain as Ethereum Classic. The fork split not only the blockchain but the community’s philosophy about immutability and intervention.

From a governance standpoint, the lesson was sobering. The DAO’s rules were entirely on‑chain and transparent, yet the system failed because critical vulnerabilities in the code were not caught or could not be patched quickly enough within the DAO’s own governance process. The fact that the vulnerability had been publicly discussed but still remained exploitable underscored the challenge of combining decentralized decision‑making with the need for rapid, expert response to technical threats. This incident significantly slowed enthusiasm for investment DAOs in the short term, but it also catalyzed a wave of tooling, audit practices, and governance design patterns that underpin modern DAOs. Projects like Aragon emerged to provide standardized DAO frameworks with upgradeable governance modules, while development best practices such as reentrancy guards, timelocks, and staged rollouts became common.

Ten years later, the shockwaves from The DAO hack are still felt whenever a high‑stakes protocol grapples with a vulnerability or governance dispute. DeFi lending platforms, decentralized exchanges, and restaking protocols now approach governance with a more cautious mix of automation and human oversight. Aave, for instance, formalized a governance pipeline that starts with informal temperature checks, proceeds through off‑chain Snapshot votes, requires technical documentation and security reviews, and only then culminates in an on‑chain vote that directly triggers smart contract changes. This layered process is an implicit acknowledgement that purely code‑driven governance can be brittle, and that off‑chain discussion and expert review must complement token voting for upgrades that affect billions in collateral.

In parallel, the range of DAO applications has widened dramatically beyond investment clubs. Dash pioneered a treasury DAO model where part of the block reward is allocated to a fund controlled by masternode votes, paying out proposals that aim to grow the ecosystem. DeFi protocols such as Curve and JustLend DAO use DAOs to manage parameters, allocate emissions, and respond to crises, while gaming projects experiment with DAOs that coordinate player‑driven content and metagame rules. The explosion of sector‑specific DAOs has diversified governance challenges: lending DAOs must balance risk and growth; liquidity DAOs must manage emissions and gauge wars; gaming DAOs must incentivize both fun and sustainability; and cross‑chain DAOs must reconcile conflicting security assumptions across multiple networks. The idea of a DAO has shifted from a single famous experiment to an entire design space of digital institutions.

How DAOs Work in Practice

From the outside, a DAO can look like little more than a forum, a token, and a few voting links, but under the hood there are distinct layers that interact: the smart contract core, the voting and proposal framework, the treasury and financial logic, and the surrounding social and legal infrastructure. At the smart contract layer, the DAO is defined by contracts that hold funds, record votes, and execute authorized transactions according to predefined rules. These may be simple, such as a multisig controlled by token‑weighted voting, or complex, such as modular governance systems that support multiple proposal types, execution queues, and upgrade paths. Above that, most DAOs use dedicated voting platforms—either fully on‑chain or off‑chain with cryptographic signatures—to collect and tally votes in a way that is accessible to non‑technical users.

Snapshot is one of the most widely used off‑chain voting platforms in the DAO ecosystem. It allows token holders to sign messages representing their votes without paying gas fees, using various strategies to determine voting weight, such as balances at a specific block, staking positions, or delegation. Because Snapshot votes are off‑chain, they do not directly move funds or change protocol parameters; instead, DAOs either treat these votes as binding social signals that a multisig or council executes, or they connect Snapshot to on‑chain execution via additional infrastructure. The benefit is that participation is cheap and flexible, but the trade‑off is that enforcement depends on trusted actors or bridging systems between off‑chain votes and on‑chain changes.

On‑chain governance frameworks, like those used by Aave, Compound, or the core Curve DAO contracts, typically require token holders to lock or stake their tokens in order to create and vote on proposals, with established quorum and majority thresholds. Aave’s process illustrates how structured this can become. Governance there starts with a “TEMP CHECK” thread in the forum to measure initial sentiment, followed by a Snapshot vote that signals off‑chain consensus. If the idea survives initial scrutiny, proposers must submit detailed documentation, which is then subject to a technical review that can take up to three weeks and may freeze the process if security issues are found. Only after these steps does an official Aave Request for Comments and finally an Aave Improvement Proposal proceed to an on‑chain vote, which remains open for five days and requires a minimum of 320,000 votes to pass. This pipeline blends off‑chain deliberation, expert input, and on‑chain execution in a way that attempts to capture the benefits of decentralization without sacrificing prudence.

To highlight the interplay between governance and protocol economics, consider JustLend DAO’s recent overhaul of its lending market architecture. The launch of its Supply and Borrow Market V2 (SBM V2) introduced an isolated‑collateral model where each market is associated with vaults that manage risk more granularly, along with an Adaptive Curve Interest Rate Model that refines how borrowing costs respond to utilization. These are deeply technical changes that affect user yields, liquidation risks, and the protocol’s resilience in stress scenarios. Under a DAO model, such upgrades are not unilateral decisions by a core team but are introduced, debated, and approved by governance, often after test deployments and risk assessments. Similarly, recurring initiatives like JustLend’s USDD V2.0 supply‑mining campaigns—now in their late‑teen phases—are authorized by governance to maintain a target APY of around a few percent, with rewards distributed weekly to depositors. The DAO thus continuously tunes its incentives and risk parameters through repeated policy cycles, much like a central bank adjusting rates, but with proposals and votes visible to anyone.

Kelp DAO provides a different angle on how DAOs interface with complex infrastructure. As an Ethereum liquid restaking protocol, Kelp DAO issues rsETH to users who deposit ETH or liquid staking tokens and restakes those assets into various underlying protocols to capture additional yield. When Kelp DAO integrated a cross‑chain bridge to let users move rsETH between networks, its contracts depended on LayerZero’s messaging infrastructure to verify when rsETH had been burned on the source chain before minting it on Ethereum. In April 2026, attackers linked to North Korea’s Lazarus Group compromised internal RPC nodes used by a LayerZero verification network and launched a targeted DDoS against an external node, creating a situation where the verification logic saw only falsified blockchain data. The poisoned nodes made it appear that rsETH had been burned on the source chain when no such burn occurred, leading the Ethereum‑side contract to release 116,500 rsETH—roughly $292 million at the time—to an attacker’s address. This was not a failure of Kelp DAO’s on‑chain governance or even its smart contract code in the narrow sense; it was a failure of the off‑chain infrastructure on which the DAO’s trust assumptions rested.

The Kelp DAO exploit demonstrates that “how DAOs work” cannot be limited to smart contract diagrams. DAOs rely on oracles, bridges, RPC providers, indexers, and analytics services, all of which introduce trust dependencies and potential attack surfaces outside the formal governance process. After the exploit, Kelp DAO and its partners coordinated a recovery effort that restored rsETH’s backing over roughly five weeks, combining treasury measures, negotiations with affected parties, and governance‑driven changes to their bridging setup. This response mirrors a traditional corporate crisis management process but executed in a transparent, token‑holder facing way, with on‑chain votes and public post‑mortems. For a DeFi user, understanding a DAO means not only reading its governance docs but also examining which off‑chain components it depends on and how those are governed, audited, or diversified.

Types of DAOs Across Web3

While the term DAO is sometimes applied loosely, a few broad categories have emerged in practice. Protocol DAOs govern DeFi primitives such as lending markets, exchanges, and restaking services. Aave, Curve, JustLend DAO, Kelp DAO, and Stake DAO fall into this group, where governance decisions directly affect contract parameters and therefore user risk profiles. Treasury DAOs manage funds for an ecosystem or project, allocating grants, marketing budgets, and development funding. Dash’s treasury is a canonical example: a portion of each block reward accumulates in a fund that masternode operators vote to distribute to proposals aimed at improving the Dash network. Gaming and media DAOs coordinate creative projects, in‑game economies, or community content; Alien Worlds and other gaming ecosystems highlighted by industry voices like Saro McKenna exemplify how DAO‑supported initiatives can yield a portfolio of community‑built games across mobile platforms. Finally, investment and collector DAOs pool capital to acquire NFTs, invest in early‑stage projects, or pursue other portfolio strategies, though these are often constrained by securities law concerns.

To clarify how these differ, consider the following simplified comparison:

The boundaries between these categories are porous. A protocol DAO almost always functions as a treasury DAO as well, given that protocol fees and token treasuries must be managed. Gaming DAOs often acquire NFTs or tokens, blurring into investment DAOs. Even pure ecosystem funds, such as those now being proposed around Cardano or Dash, may evolve into protocol‑governing DAOs as their scope increases. For readers following crypto news, it is therefore helpful to ask a few simple questions whenever a DAO is mentioned: what does this DAO actually control, how is that control exercised, and what happens if governance fails or is captured?

Governance Mechanics and Political Economy

At the heart of every DAO is a mechanism for transforming individual preferences into collective decisions. Most DAOs today still rely on variants of token‑weighted voting, often with delegation. In its simplest form, one token equals one vote, and proposals pass if they reach a specified quorum and majority. This is straightforward to implement and aligns with familiar corporate shareholder models, but it is also vulnerable to plutocracy: large token holders can dictate outcomes, discouraging smaller participants from voting at all. The problem becomes even more acute in DeFi, where tokens can be borrowed or acquired quickly, enabling “governance attacks” where an actor accumulates enough voting power to push through a self‑dealing proposal.

Delegated or liquid democracy has emerged as one proposed mitigation. In this model, token holders can assign their voting power to delegates who specialize in governance, freeing themselves from having to track every proposal while still influencing outcomes through their choice of delegate. Academic work on DAOs has argued that delegation can reduce participation fatigue in token‑based governance by allowing passive holders to remain represented without needing to vote repeatedly on technical topics. At the same time, these studies observe that delegation can lead to concentrated voting power in a small number of prominent delegates, raising concerns about centralization and the possibility of collusion. Some DAOs now publish dashboards of delegates and their voting histories, providing transparency and reputational pressure, but the underlying trade‑off remains: efficient governance often requires some degree of power concentration.

The Curve DAO offers a vivid illustration of how governance and tokenomics intertwine. Curve introduced the veToken model, where users lock CRV tokens for a fixed period to receive veCRV voting power that determines where CRV emissions are directed. Liquidity providers and external protocols compete to attract veCRV votes to their pools, effectively creating a market for governance influence. When something goes wrong, such as the sDOLA inflation incident that left some borrowers with unexpected liquidations, the DAO can respond by proposing special gauges or remediation funds to compensate affected users. Such proposals must balance fairness to victims against the interests of other token holders and the protocol’s long‑term viability. The existence of veCRV and gauge wars means that some participants may support or oppose remediation not only on principled grounds but based on how it affects their own yield strategies, tying political economy tightly to economic incentives.

Stake DAO, built as a yield aggregator and governance hub, has experimented with its own governance token structure, introducing vlSDT as a locked voting token and migrating away from previous tokens such as sdBAL. Its April 2026 report highlighted the completion of a roadmap that included the launch of vlSDT and decisions about ending certain product lines, all approved through DAO processes. At the same time, Stake DAO has faced security incidents, including an exploit where an attacker minted an enormous quantity of a derivative token, prompting ongoing incident response and compensation discussions in governance. This juxtaposition—complex token models, AI‑driven analytics integrated into governance dashboards, and the ever‑present risk of smart contract failures—captures the lived reality of many DeFi DAOs: they are managing both high‑stakes financial logic and intricate incentive structures through community decision‑making, in an environment where mistakes are quickly punished by markets.

Cardano’s founder Charles Hoskinson has recently emphasized that improving DAO governance mechanisms is a key priority for that ecosystem, reflecting a broader recognition that governance design is now as important as consensus or throughput. His focus mirrors trends across chains, where research and experimentation are converging on a few core questions: how to prevent voting power concentration while keeping governance efficient; how to combine off‑chain deliberation with secure on‑chain execution; and how to meaningfully include non‑technical users in decisions that have subtle security implications. Different ecosystems are pursuing different answers, from Cardano‑style formalized governance frameworks to Ethereum‑based DAOs layering more social processes atop token voting, but all are grappling with the same tensions.

For many DAOs, especially gaming and community projects, governance mechanics must support more expressive decisions than a simple yes/no on a code upgrade. Gaming DAOs highlighted by firms like Protokol and communities such as Alien Worlds often involve players in deciding narrative arcs, in‑game asset issuance, and the allocation of development grants. In these contexts, participation and legitimacy may matter more than throughput, and one‑person‑one‑vote models or role‑based voting may be more appropriate than pure token weighting. Some gaming DAOs experiment with reputation points, participation badges, or class‑based voting (for example, players, creators, and investors each having distinct roles), blending Web2 community management practices with Web3 verifiability. These experiments may ultimately feed back into DeFi DAO design, especially as financial protocols seek better ways to incorporate the perspectives of everyday users alongside those of professional delegates and market makers.

Benthic

Jun 23, 2026

View article →

Lido revokes canonical wstETH bridge support on nine networks following DAO vote

blog.lido.fi • Jun 23, 2026

Top Comment

Benthic

Jun 23, 2026

Lido’s DAO voted to revoke canonical recognition for wstETH bridge endpoints on zkSync Era, Mode, Scroll, Mantle, Swell, Zircuit, Soneium, Polygon PoS, and Lisk. The tokens and bridges are not being shut off: holders can keep, transfer, or bridge wstETH back to Ethereum, but Lido contributors will stop monitoring, marketing, and ecosystem support on those networks. The same vote lets the Network Expansion Committee handle future revocations with unanimous approval and a public forum post, turning multichain support into a pruned list instead of a forever badge.

DAOs in DeFi: Lending, Liquidity, and Restaking

DeFi has been the most fertile ground for DAOs because protocol parameters can be encoded in smart contracts and adjusted via on‑chain decisions. Lending markets such as Aave, Compound, and JustLend DAO rely on governance to manage risk and growth. Aave’s governance process, described earlier, is emblematic of a mature lending DAO: it involves multiple stages of community discussion, Snapshot signaling, security review, and on‑chain voting for changes like listing new collateral assets, adjusting risk parameters, or deploying to new chains. This approach recognizes that small configuration changes—say, a tweak to loan‑to‑value ratios—can have outsized impacts in volatile markets and therefore demand careful vetting.

On Tron, JustLend DAO has recently implemented a significant architectural shift with its Supply and Borrow Market V2. By introducing a dual‑layer structure with vaults and markets, the DAO aims to isolate risks so that a problem in one market does not cascade across the entire protocol, while its Adaptive Curve Interest Rate Model refines how borrowing costs respond to shifts in utilization. These are precisely the kinds of technical choices that benefit from DAO oversight: a strong governance process can weigh input from risk managers, developers, and users before approving such a migration. The same governance apparatus coordinates recurring initiatives like USDD V2.0 supply mining campaigns, where each new phase—now into the late teens and nineteen phases—sets parameters such as duration, APY targets around roughly four percent, and reward distribution mechanics. For users, the continuity of these programs provides a predictable yield environment, while the DAO retains flexibility to adjust incentives in response to market conditions.

Liquidity and exchange DAOs face their own governance challenges. Curve’s gauge system not only allocates CRV emissions but also must handle emergency situations, such as the sDOLA incident in which a bug led to unexpected inflation and borrower losses. In response, proposals have been introduced to create special funding gauges or veFunder mechanisms that direct a share of emissions towards remediation pools for affected users. Curve DAO’s governance forum regularly hosts such proposals, requiring veCRV holders to weigh the moral and reputational value of compensating victims against the cost to other token holders and the protocol’s long‑term incentive budget. Similarly, the Curve DAO has used governance to support recovery pools for other incidents, including pools on networks like Fraxtal dedicated to assets impacted by prior exploits, indicating that post‑incident remediation is becoming an expected function of major DeFi DAOs.

Stake DAO, which aggregates yields and builds products atop protocols like Curve, amplifies these governance dynamics. Its own DAO must decide how to respond when underlying protocols or its own contracts experience incidents, such as the exploit where an attacker minted an enormous amount of a synthetic token tied to Curve governance. The Stake DAO Association’s reports detail how the DAO has navigated migrations such as the launch of vlSDT, the end of products like sdBAL, and an ongoing roadmap for integrating AI agents with on‑chain data to aid risk monitoring and governance. This layering of DAOs—where one protocol’s DAO builds on another’s—creates complex interdependencies, making coordinated governance and incident response even more challenging.

Restaking and cross‑chain DAOs like Kelp add yet another dimension. By design, restaking protocols accept staked assets and deposit them into a variety of underlying services, amplifying both yield and risk. When Kelp DAO’s rsETH bridging setup was compromised through the LayerZero infrastructure, the fallout rippled across not only Kelp’s users but also restaked positions in multiple protocols and pools. The DAO and its partners had to design a recovery plan that restored rsETH’s backing, balanced fairness among users who had exited or remained, and reassessed cross‑chain trust assumptions. This process required more than just technical patching; it called for governance resolutions about treasury usage, compensation mechanisms, and future bridge providers, often in an environment where on‑chain transactions from the attacker appeared perfectly valid because the exploit targeted off‑chain verification. The Kelp case underscores that DAO governance must now grapple with sophisticated nation‑state‑level threat actors and complex multi‑chain systems, not only with on‑chain bugs.

As a result, DeFi DAOs are increasingly integrating security considerations directly into governance workflows. Technical review committees, security councils, and formalized incident response playbooks are becoming common, sometimes enshrined in governance documents and sometimes backed by third‑party firms specializing in cyber incident response. These procedures cover not only immediate triage—such as pausing markets, halting emissions, or disabling compromised bridges—but also communication policies, evidence collection, coordination with exchanges, and long‑term remediation. In this sense, DAOs are converging with traditional organizations in their need for robust operational security, even as their tooling and decision structures remain distinctively on‑chain.

Beyond DeFi: Treasury, Gaming, and Ecosystem DAOs

While DeFi DAOs attract the most TVL and headlines, other sectors show how DAOs can support ecosystems that are not purely financial. The Dash treasury DAO has long served as an example, including in academic and ecosystem discussions such as Cardano’s early treasury research. Dash allocates part of its block reward to a treasury that funds proposals to enhance network adoption and infrastructure, with masternodes voting on which proposals receive funding. Payments are made in advance directly from the protocol once proposals pass, which has advantages in terms of automation but also creates challenges when funded projects under‑deliver, introducing questions about accountability and oversight. Recent initiatives like the Dash Ecosystem Fund aim to refine and expand this model, creating additional vehicles for ecosystem support that complement the existing DAO treasury and target specific use cases, such as broader adoption efforts.

Gaming DAOs offer a different flavor of collective coordination. Protokol describes gaming DAOs as organizations that give players ownership over game universes by allowing them to participate in governance and economic decisions, turning the player base into stakeholders rather than mere consumers. These DAOs may manage in‑game asset issuance, control community treasuries that fund tournaments and content, or even vote on core game mechanics and balancing decisions. Alien Worlds, for instance, has highlighted how community‑supported projects built under DAO‑like structures have grown into a broad ecosystem of games published across mobile app stores, suggesting that DAO‑style funding and governance can sustain not just a single title but a constellation of related experiences. For players, participation in such DAOs can provide both a voice in the game’s direction and a share in its economic upside, though it also raises familiar questions about whether token whales or early insiders dominate decisions.

Ecosystem DAOs tied to base layer blockchains, such as those emerging on Cardano, Avalanche, or other smart contract platforms, straddle the line between protocol and community governance. Cardano’s founder has explicitly identified DAO governance as a focus area, signaling an intention to evolve the chain’s own governance and to support a rich ecosystem of DAOs on top of it. Ecosystem funds can be structured as DAOs that allocate grants to infrastructure builders, DeFi projects, and community initiatives, using on‑chain proposals and votes to ensure transparency. At the same time, these DAOs must operate within the legal and regulatory frameworks that apply to the underlying blockchain’s foundation or steering entities, often leading to hybrid models where a foundation retains certain veto powers or compliance responsibilities while acknowledging DAO decisions as guidance.

Media and content DAOs, such as those coordinating crypto news or research contributors, show yet another angle. Squid DAO’s ongoing votes to allocate contributor rewards among different “lanes”—news, development, operations, and so on—illustrate how DAOs can be used to manage labor and compensation within a distributed team. In such cases, governance must navigate subjective evaluations of work quality, potential conflicts between editorial independence and token holder preferences, and the temptation to gamify or politicize compensation decisions. While these DAOs may manage far less capital than major DeFi protocols, the reputational stakes can be high, especially when they position themselves as neutral information providers in a highly polarized industry.

Across treasury, gaming, ecosystem, and media use cases, a few common governance patterns reappear. Proposals are typically discussed in public forums or Discord servers before being formalized into Snapshot votes or on‑chain proposals. Delegation, working groups, and committees emerge to handle specialized tasks such as risk management, security, or communications. And as treasuries grow, DAOs increasingly turn to professional service providers—legal counsel, auditors, protocol engineers, PR firms—whose roles and compensation must themselves be governed. The line between a “decentralized” organization and a network of vendors coordinated by token holders becomes blurry, underscoring that decentralization is a gradient rather than an absolute state.

Law, Regulation, and the Problem of the DAO “Wrapper”

One of the thorniest issues DAOs face is their legal status. As the UK Law Commission’s scoping paper on DAOs notes, most DAOs do not fit neatly into traditional categories such as companies, partnerships, or trusts, especially when they exist primarily as smart contracts and online communities without a formal legal entity. The Commission explored whether so‑called “pure DAOs” could be characterized as collections of contracts, general partnerships, unincorporated associations, or trust‑like arrangements, but found that many DAOs resist simple classification. It concluded that there was no immediate need to create a new DAO‑specific legal form for England and Wales, but recommended that the government keep the matter under review as the ecosystem evolves. This stance reflects a cautious approach: regulators are aware of DAOs but are reluctant to rapidly invent bespoke legal containers for them.

The absence of a clear legal framework creates practical problems. If a DAO governs a protocol that causes harm—through a bug, exploit, or reckless parameter change—who, if anyone, can be held liable? Are token holders jointly responsible as members of an unincorporated association or partnership? Could delegates or core contributors be singled out as de facto managers? These questions are not academic, as litigants and regulators have already attempted to assign responsibility to DAO participants in various jurisdictions. Without a defined wrapper, courts may default to expansive interpretations that expose active participants to unexpected liabilities.

To mitigate this, many DAOs have adopted “wrapping” strategies, creating legal entities that interface between the on‑chain DAO and the off‑chain legal system. Common wrappers include foundations in jurisdictions such as Switzerland or the Cayman Islands, not‑for‑profit associations, and limited liability companies in U.S. states that have explicitly recognized DAOs as a form of LLC. In these arrangements, the legal entity may hold intellectual property, sign contracts, and act as an employer or service contractor, while its bylaws commit it to follow DAO votes on major decisions. The TwoBirds analysis of English law, for instance, discusses how DAOs might be understood as unincorporated associations or partnerships under current law, and how wrapping them in an entity could limit liability and facilitate interactions with traditional institutions. However, such wrappers can also centralize power if the entity’s directors or trustees are not tightly bound to DAO governance outcomes.

Regulation also intersects with DAOs through securities, commodities, and consumer protection law. Governance tokens may be viewed as securities if they confer profit expectations and are marketed as investments, particularly when there is a core team that drives development and promotes token value. Treasury DAOs that allocate funds to ventures may look, economically, like investment funds subject to regulation. Even gaming and community DAOs may trigger regulatory scrutiny if token sales are used to fund development and tokens appreciate in secondary markets. As a result, many DAOs have moved away from public token sales towards gradual, community‑driven token distributions, or have placed geographic restrictions on participation to avoid specific regulatory regimes.

From a user’s perspective, these legal complexities underline the importance of reading not only a DAO’s smart contract code and governance forums but also its legal disclosures and wrapper documentation. A DAO that is entirely “pure” may offer maximal decentralization but leave contributors, delegates, and even voters exposed to uncertain legal risks. A DAO with a strong wrapper can interface more smoothly with regulators, banks, and corporate partners, but may introduce back‑doors or vetoes that partially re‑centralize control. As regulators publish more guidance and precedent accumulates, the DAO ecosystem will likely converge on a handful of standardized wrapper models, but for now, the diversity of approaches is itself a risk factor.

CurveCap

Jun 22, 2026

View article →

ENS DAO proposes dissolving itself and transferring nearly $500 million treasury to ENS foundation

𝕏/@LefterisJP • Jun 22, 2026

Top Comment

Benthic

Jun 22, 2026

Post #20 matters: Katherine confirmed treasury custody transfers to the Foundation, while protocol upgrades, fees, and root stay with tokenholders. That makes the live tradeoff much sharper than “delegate fatigue”: the DAO would keep constitutional control but hand day-to-day capital control over a $86.9M endowment, ~$56.6M liquid wallet, and the ENS token stack to a five-seat foundation model. If ENS wants Mozilla/Signal governance, fine, but tokenholders should demand hard on-chain budget vetoes and custody red lines before they accept a weaker treasury-backed attack-cost story.

Security, Risk, and Incident Response in DAOs

If DAOs are going to govern systems that hold billions in user funds, security cannot be an afterthought. The DAO hack highlighted the dangers of insecure smart contracts, and subsequent incidents have broadened the threat model to include oracle manipulations, governance attacks, bridge exploits, and off‑chain infrastructure compromises. DAOs must manage not only technical risk but also organizational risk: poor decision‑making, slow response, or inadequate incident communication can be just as damaging as a vulnerability.

Smart contract vulnerabilities remain a primary concern. Reentrancy, as seen in The DAO, is a classic example where a contract’s logic allows an external call to re‑enter sensitive functions before internal state has been updated. The Nervos Network’s explanation of reentrancy emphasizes that such attacks exploit timing and the sequencing of operations: a vulnerable contract might send funds before recording that the funds have been sent, enabling a malicious recipient to repeatedly call the withdrawal function and drain balances. To prevent this, best practices mandate the checks‑effects‑interactions pattern, where contracts first verify preconditions, then update internal state, and only then make external calls, reducing the window for re‑entry. Reentrancy guards—simple mutex‑like flags that block nested calls—provide another line of defense. Yet, as Nervos notes, many contracts over the years have still performed external calls before internal updates, leaving them open to reentrancy and variations on it. For DAOs, this underscores the need for rigorous audits and code reviews before governance deploys or upgrades core contracts.

Cross‑chain and off‑chain risks add new layers. The Kelp DAO bridge incident shows that even if on‑chain contracts are formally correct, off‑chain infrastructure can be subverted to feed false data into critical decision points. In this case, attackers gained control of internal RPC nodes used by a LayerZero verification network and launched a DDoS attack on an external node, so that the verification logic saw only the attacker‑controlled data. The compromised nodes reported fabricated blocks that showed rsETH burns on the source chain, and the DVN, trusting those nodes, confirmed cross‑chain messages as valid, causing the Ethereum‑side contract to release 116,500 rsETH without any corresponding burn upstream. Chainalysis emphasizes that traditional security tools, which focus on on‑chain anomalies, did not flag the attack because each transaction looked legitimate based on the poisoned view of reality. The lesson for DAOs is that relying on a single verification network or a narrow set of off‑chain nodes can create a single point of failure, even when the on‑chain logic is sound.

Governance itself can be an attack vector. If voting power is concentrated, an attacker might acquire or borrow sufficient tokens to pass a malicious proposal that drains the treasury or changes critical parameters. Some DAOs mitigate this with timelocks that delay execution, allowing the community to mobilize and counteract an attack, or with security councils that can veto clearly malicious changes. Aave, for example, freezes its governance process if technical reviews flag security concerns, preventing proposals from advancing until issues are resolved. However, these safeguards introduce their own centralization and trust assumptions. DAOs must balance the risk of governance capture against the ability to respond quickly to emergencies.

Incident response is therefore an essential part of DAO operations. Sygnia’s guidelines on incident response for organizations emphasize the importance of preparation, clear communication, rapid containment, and post‑incident learning, all of which apply to DAOs as much as to traditional firms. Preparation means not only having audits and monitoring in place but also establishing who has authority to pause contracts, who communicates with users and partners, and how evidence will be collected and preserved. During an incident, DAOs should focus on limiting damage—by disabling vulnerable features, pausing emissions, or temporarily suspending markets—and on transparent communication that balances speed with accuracy. Afterward, a thorough post‑mortem should identify root causes, both technical and organizational, and governance should formalize lessons learned into updated processes, such as stricter review requirements or new monitoring tools.

We see these principles at work in real‑world DAO responses. Curve DAO’s reaction to the sDOLA incident involved not only technical analysis of the bug but also governance proposals for remediation, such as gauges that direct CRV emissions to affected borrowers to help offset losses. Stake DAO’s handling of its exploit has included public reporting, proposals to compensate users, and roadmap adjustments informed by the incident. Kelp DAO’s rsETH restoration process, which took about five weeks, combined treasury measures, changes in bridge integrations, and ongoing governance communication, all while external analysts tracked how the attackers laundered hundreds of millions of dollars, closing the window for further recovery. These examples illustrate that effective incident response for DAOs is not purely reactive; it must be grounded in governance structures that can move quickly with clear mandates.

Finally, monitoring is becoming a distinct discipline for DAO security. Chainalysis and other analytics firms have argued that cross‑chain invariant monitoring—checking that tokens released on a destination chain match burns on the source chain—is essential for spotting bridge exploits of the type that hit Kelp DAO. More generally, DAOs can set up alerts for unusual governance proposals, sudden shifts in voting power, anomalous contract interactions, or large, unexplained flows of funds. Some, like Stake DAO, are experimenting with AI agents that track protocol metrics and flag anomalies to human operators, blending automation with human judgment. Over time, we can expect security operations centers for DAOs to resemble those of traditional financial institutions, but with the advantage that much of the relevant data is transparent and on‑chain.

Designing Better DAOs

A decade into the DAO experiment, it is clear that there is no single perfect design. Instead, projects must make explicit trade‑offs between decentralization, efficiency, security, and regulatory compatibility. Nevertheless, research and practice are converging on several promising directions. On the voting side, mechanisms that reduce the dominance of large token holders without paralyzing decision‑making are a priority. Delegated voting with accountability—where delegates publish manifestos, receive delegated power transparently, and can be recalled by token holders—offers one avenue. More radical ideas include quadratic voting, which makes it increasingly costly to accumulate marginal voting power, or multi‑house systems where different stakeholder groups hold vetoes or specialized decision rights. These approaches seek to align governance outcomes with the broader community’s interests, not just those of capital‑rich actors.

On the process side, multi‑stage governance pipelines like Aave’s, which blend off‑chain temperature checks, Snapshot signaling, technical review, and on‑chain execution, are becoming best practice for high‑impact changes. The use of formal verification, rigorous audits, and bug bounties before deploying critical contracts is now widely recognized as essential, even if not always fully implemented. Some DAOs are experimenting with “safe modes” or “circuit breakers” that can be activated by predefined councils or automatic triggers when abnormal behavior is detected, temporarily limiting protocol functionality while preserving core guarantees.

Interoperability and composability introduce additional design considerations. As more DAOs build on each other’s protocols—Stake DAO on Curve, Kelp on restaking and bridges, Squid DAO on cross‑chain messaging—governance actions in one DAO can have cascading effects on others. There is a growing case for cross‑DAO standards and communication channels, such as shared principles for incident response, standardized disclosure formats for governance proposals, and interoperability frameworks for delegations or reputation. Snapshot already serves as a common platform for off‑chain voting across many DAOs, supporting flexible strategies and helping users participate in multiple communities through a single interface. Similar shared infrastructure for on‑chain governance, auditing, and analytics could reduce fragmentation and raise the baseline quality of DAO operations.

Education and user experience are equally important. For many token holders, governance remains confusing or intimidating, especially when proposals involve complex smart contract changes or risk parameter tweaks. Crypto‑native media, research collectives, and DAO tooling providers can help by offering plain‑language summaries of proposals, simulations of potential impacts, and ratings of delegate performance. The Cardano ecosystem’s focus on governance mechanisms, including research into better treasury systems and DAO structures, reflects an understanding that robust governance needs not only good code but also informed participants. Gaming and community DAOs may serve as entry points for users to learn governance concepts in a more playful setting before engaging with high‑stakes DeFi protocols.

From a strategic perspective, DAOs must also decide how much autonomy to seek relative to core teams and legal entities. Fully decentralized governance is appealing but difficult to achieve safely in the early life of a protocol, when rapid iteration and expert oversight are valuable. Many projects therefore follow a “progressive decentralization” path, starting with a more centralized structure and gradually transferring control to a DAO as the protocol matures. A key challenge is ensuring that this decentralization is genuine rather than symbolic, with real authority over treasuries, upgrades, and strategic decisions moving into the hands of the DAO. Legal wrappers, as discussed earlier, must be designed to support this power shift rather than entrenching a small group of insiders.

Looking ahead, the frontier of DAO design is likely to include stronger identity and reputation layers, improved multi‑chain governance, and deeper integration with AI. Identity‑aware governance could mitigate sybil attacks and allow for one‑person‑one‑vote mechanisms in certain contexts, although it raises privacy and inclusivity concerns. Multi‑chain governance frameworks will need to reconcile different consensus and finality assumptions across networks, especially as protocols like Kelp DAO operate on multiple chains and depend on bridges. AI, already being deployed as a monitoring and analytics tool, may eventually assist in drafting proposals, summarizing debates, and even simulating the long‑term effects of governance options, though ultimate decisions will likely remain with human or token‑based voters for the foreseeable future.

Outlook

DAOs began as an audacious idea that software could coordinate capital and decision‑making without centralized management, but a decade of practice has turned them into a complex, evolving family of institutions. The early failure of The DAO revealed both the potential and the risks of this model, and subsequent experiments in DeFi, gaming, and ecosystem funding have shown that meaningful decentralization is possible but hard‑won. Today, major protocols like Aave, Curve, JustLend DAO, Kelp DAO, and Stake DAO rely on DAOs to manage parameters, allocate resources, and respond to crises, while treasury and gaming DAOs demonstrate that on‑chain governance can support ecosystems that are not purely financial. At the same time, incidents such as the Kelp bridge exploit and ongoing governance debates about remediation, risk, and centralization make clear that DAOs are neither automatically safe nor inherently fair.

For a crypto news audience, the key takeaway is that “there is a DAO” is only the beginning of the story. Evaluating a DAO means examining its governance mechanics, legal wrapper, security posture, incident history, and the distribution of power among token holders and delegates. It means asking how proposals are generated, how quickly and safely upgrades can be made, and how the DAO has behaved when things have gone wrong. As regulators refine their approach and as research on voting power, participation, and security continues, DAOs are likely to become more standardized and professionalized, particularly in the DeFi sector where user funds are at stake. Yet the space will also remain a laboratory for new forms of digital organization, from small creative collectives to global restaking platforms. Whether DAOs ultimately fulfill their promise of more open, user‑owned networks will depend less on the rhetoric of decentralization and more on the mundane but crucial details of governance design, security engineering, and community stewardship.