664 F.Supp.3d 1100

S.D. Cal.

2023

CHRISTIAN SARCUNI, еt al., on behalf of themselves and other similarly situated v. bZx DAO, et al.

Case No.: 22-cv-618-LAB-DEB

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF CALIFORNIA

March 27, 2023

Hon. Larry Alan Burns

ORDER:

DENYING IN PART AND GRANTING IN PART MOTION TO DISMISS, [Dkt. 27];
DENYING MOTION TO STRIKE, [Dkt. 27]; and
DENYING MOTION TO DISMISS, [Dkt. 31]

In what appears to be a case of first impression, nineteen named Plaintiffs brought this putative class action against Kyle Kistner, Tom Bean, bZeroX LLC, Leveragebox LLC (collectively, the “Leveragebox Defendants“), Hashed International LLC, and AGE Crypto GP, LLC (the “Hashed Defendants,” and, together with the Leveragebox Defendants, “Defendants“) as members of a general partnership for one count of negligence. (Dkt. 21, First Amended Complaint (“FAC“)). Plaintiffs allege that each Defendant is a general partner of the bZx DAO, a purported “Decentralized Autonomous Organization.” The FAC also names the bZx DAO and its successor, the Ooki DAO, as Defendants. Plaintiffs allege they were injured by Defendants’ negligence after a developer working for the bZx DAO was successfully targeted by a phishing attack which led to the theft of $55 million in cryptocurrency. (Id. ¶ 1). The named Plaintiffs lost $1.7 million. (Id.).

The Leveragebox Defendants move to dismiss the FAC for failure to state a claim, lack of personal jurisdiction, and to strike the FAC‘s class allegations (the “Leveragebox Motion“). (Dkt. 27). The Hashed Defendants join the Leveragebox Motion and separately move to dismiss the FAC for failure to state a claim, insufficient service, and lack of subject matter jurisdiction (the “Hashed Motion“).

Having considered the parties’ submissions and the relevant law, the Court GRANTS IN PART and DENIES IN PART the Leveragebox Motion, (Dkt. 27), and DENIES the Hashed Motion, (Dkt. 31). The claims against Tom Bean, bZeroX LLC, and Leveragebox LLC are DISMISSED WITHOUT PREJUDICE.

I. BACKGROUND

According to the FAC, the bZx DAO operated a blockchain-based software called the bZx Protocol, which offered cryptocurrency margin trading and lending products. (FAC ¶¶ 42-44, 68, 71). In order to understand the nature of the bZx DAO and FAC‘s allegations, a brief overview of cryptocurrency and the technology underlying that asset class is necessary. A cryptocurrency is a digital asset based on a network that is distributed across a large number of computers. (Id. ¶ 35). This decentralized computer network securely and publicly records all transactions for a given cryptocurrency on a distributed ledger called a blockchain. (Id. ¶ 37). Some blockchains can record transactions for multiple cryptocurrencies. (Id.). The blockchains at issue in this case are Ethereum, Polygon, and the Binance Smart Chain (“BSC“). (Id.).

An individual unit of a given cryptocurrency is called a token. (Id. ¶ 38). Tokens are fungible and tradeable. (Id.). The value of many cryptocurrencies fluctuates relative to the U.S. Dollar (or other currency), similar to how the price of a traditional commodity might fluctuate. (Id. ¶ 35). Some cryptocurrencies, like Bitcoin or Ether, can be used to purchase goods or services and are also bought, sold, and held for their value. (Id. ¶¶ 35, 37). Other cryptocurrencies take advantage of the blockchain‘s distributed ledger to perform functions such as recording votes. (Id. ¶ 41). Cryptocurrency tokens are stored in a digital wallet, which can be accessed with a unique password. (Id. ¶ 39).

As the cryptocurrency industry expanded, new decentralized finance, or “DeFi,” applications developed that allow users to engage in increasingly complex transactions without having to interact with traditional banks or other regulated entities. (Id. ¶ 40). One possible method for governing a DeFi protocol is through a Decentralized Autonomous Organization (“DAO“). (Id. ¶ 41). DAOs don‘t typically take on a formal corporate structure, opting instead to distribute governance rights among persons who hold a specific governance token. (Id.). Tokenholders can propose and vote on actions for the affiliated DAO to take. (Id.). If a proposal receives the required number of votes, the DAO adopts the proposal. (Id.).

At issue in this case is a DeFi application called the bZx Protocol. (Id. ¶ 42). The bZx Protocol is “a protocol for tokenized margin trading and lending.” (Id.). Essentially, the bZx Protocol enables margin trading and lending in various cryptocurrencies instead with a traditional fiat currency and traditional securities. (Id. ¶ 43). The bZx Protocol offers two products: Fulcrum, which allows margin lending and trading, and Torque, which allows users to make loans with fixed interest rates. (Id. ¶¶ 43-44). The bZx Protocol supports three blockchains: Ethereum, Polygon, and BSC. (Id. ¶ 45). To use the bZx Protocol, a user selects which blockchain network to use and then connects a wallet to deposit cryptocurrency tokens. (Id.). The bZx Protocol claims to be “non-custodial” because users maintain control over their own passwords and digital assets. (Id. ¶ 46). The bZx Protocol‘s website contains numerous claims about the Protocol‘s security. (Id. ¶¶ 46, 48-50). bZx Protocol developers used private keys which allowed the developer to access all of the assets recorded on two of the three compatible blockchains—Polygon and BSC. (Id. ¶¶ 47, 54).

When the bZx Protocol was first created, it was controlled by bZerox LLC, an LLC co-founded and controlled by Defendants Tom Bean and Kyle Kistner. (Id. ¶ 67). The Fulcrum and Torque products were operated by Leveragebox LLC, which was also co-founded and controlled by Bean and Kistner. (Id.). In August 2021, the bZx Protocol announced plans to transition control of the Protocol from bZeroX LLC to the bZx DAO, a DAO controlled by real and legal persons holding BZRX tokens—a cryptocurrency issued by the DAO. (Id. ¶¶ 68-69). In a public call describing the pending transition, Kistner stated:

It‘s really exciting. We‘re going to be really preparing for the new regulatory environment by ensuring bZx is future-proof. So many people across the [cryptocurrency] industry right now are getting legal notices and lawmakers are trying to decide whether they want DeFi companies to register as virtual asset service providers or not—and really what we‘re going to do is take all the steps possible to make sure that when regulators ask us to comply, that we have nothing we can really do because we‘ve given it all to the community.

In re bZeroX, LLC, CFTC No. 22-31, 2022 WL 4597664, at *4 (Sept. 22, 2022).¹

When the transfer of control was completed in August 2021, bZeroX LLC transferred all of its assets to the bZx DAO and dissolved. (FAC ¶ 68). At that time, the bZx Protocol held $80 million in assets and the bZx DAO was charged with “maintaining the protocol, building new products, marketing the brand, and managing the community.” (Id.). From that point forward, the bZx DAO and Protocol were controlled by BZRX tokenholders, who becamе “the main drivers of governance and decision making of the bZx platform.” (Id. ¶ 69). Tokenholders can suggest and vote on governance proposals which, if adopted, are implemented by the bZx Protocol. (Id.).

On or about November 5, 2021, an unknown hacker sent a phishing email to a bZx Protocol developer‘s personal computer.² (Id. ¶ 52). The email appeared legitimate and included a Word document containing hidden malicious software. (Id.) Once the Word document was opened, the hacker was able to access the developer‘s personal digital wallet, which in turn provided access to the developer‘s private key. (Id. ¶ 54). Once the hacker obtained the private key, he or she was able to transfer all cryptocurrencies held on the Polygon and BSC blockchains out of the bZx Protocol. (Id.). The Ethereum blockchain wasn‘t impacted by the hack because the bZx Protocol had finished implementing certain security protocols. (Id. ¶ 59). As a result of the hack, users lost approximately $55 million worth of cryptocurrency tokens. (Id. ¶ 55). This wasn‘t the first time the bZx Protocol was hacked—in 2020 the Protocol was targeted by three hacks with losses of approximately $9 million, at least one of which involved a phishing attack. (Id. ¶ 61).

On November 21, 2021, the bZx DAO approved a compensation plan for those impacted by the hack. (Id. ¶ 63). The plan compensated anyone who lost BZRX tokens by providing replacement BZRX tokens or BZRX tokens that would vest over time. (Id. ¶ 64). The compensation plan also provided “debt tokens” which will gradually be repurchased to make victims whole. (Id. ¶ 65). The FAC alleges complete repayment will take thousands of years. (Id.).

In December 2021, the bZx Protocol encouraged users to transfer to a successor platform called the Ooki Protocol. (Id. ¶ 66). The Ooki Protocol is controlled in the same manner as the bZx Protocol, except the ‍‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‍controlling DAO is called the Ooki DAO and the governance tokens are called OOKI tokens. (Id.). Many BZRX tokenholders transferred their tokens for OOKI tokens. (Id.) While bZx, Fulcrum, and Torque still exist, it is undisputed that the Ooki DAO is the direct successor to the bZx DAO. (Id.).

Plaintiffs are nineteen non-citizen bZx Protocol users who individually lost between $800 and $450,000 in the hack, and collectively lost $1.7 million. (Id. ¶¶ 1, 3-21). Plaintiffs initiated this putative class action on May 2, 2022, (Dkt. 1), and filed their FAC on June 27, 2022, (Dkt. 21, FAC). The Leveragebox Defendants moved to dismiss the FAC in its entirety on July 18, 2022, (Dkt. 27), and the Hashed Defendants moved to dismiss the FAC on July 29, 2022, (Dkt. 31).

II. RULE 12(b)(6) MOTION TO DISMISS

A. Legal Standard

A Rule 12(b)(6) motion to dismiss tests the sufficiency of the complaint. Navarro v. Block, 250 F.3d 729, 732 (9th Cir. 2001). “To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.‘” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 547 (2007)). A claim is plausible if the factual allegations supporting it permit “the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. The factual allegations need not be detailed; instead, the plaintiff must plead sufficient facts that, if true, “raise a right to relief above the speculative level.” Twombly, 550 U.S. at 545. The plausibility standard isn‘t a “‘probability requirement,’ but it asks for more than a sheer possibility that a defendant has acted unlawfully.” Iqbal, 556 U.S. at 678 (quoting Twombly, 550 U.S. at 556). Courts aren‘t required tо accept legal conclusions couched as factual allegations and “formulaic recitation[s] of the elements of a cause of action” aren‘t sufficient. Twombly, 550 U.S. at 555. The Court accepts as true all facts alleged in the complaint and draws all reasonable inferences in favor of the plaintiff. al-Kidd v. Ashcroft, 580 F.3d 949, 956 (9th Cir. 2009). Ultimately, a court must determine whether the plaintiff‘s alleged facts, if proven, permit the court to grant the requested relief. See Iqbal, 556 U.S. at 666; Fed. R. Civ. P. 8(a)(2).

B. Negligence Claim

“In order to establish negligence under California law, a plaintiff must establish four required elements: (1) duty; (2) breach; (3) causation; and (4) damages.” Illeto v. Glock Inc., 349 F.3d 1191, 1203 (9th Cir. 2003) (citing Martinez v. Pacific Bell, 225 Cal. App. 3d 1557, 1564 (1990)). The Leveragebox Defendants argue the FAC fails to allege facts sufficient to establish the duty and breach elements of a negligence claim. (Dkt. 27-1 at 12-18).

1. Duty

“In California, the ‘general rule’ is that people owe a duty of care to avoid causing harm to others and that they are thus usually liable for injuries their negligence inflicts.” S. Cal. Gas Leak Cases, 7 Cal. 5th 391, 398 (2019). However, “liability in negligence for purely economic losses . . . is ‘the exception, not the rule.‘” Id. at 400. “The primаry exception to the general rule of no-recovery for negligently inflicted purely economic losses is where the plaintiff and the defendant have a ‘special relationship.‘” Id. The parties here agree that courts consider six factors to determine whether a special relationship exists:

(i) “the extent to which the transaction was intended to affect the plaintiff,” . . . (ii) “the foreseeability of harm to the plaintiff,” (iii) “the degree of certainty that the plaintiff suffered injury,” (iv) “the closeness of the connection between the defendant‘s conduct and the injury suffered,” (v) “the moral blame attached to the defendant‘s conduct,” and (vi) “the policy of preventing future harm.”

Id. at 401 (quoting J‘Aire Corp. v. Gregory, 24 Cal. 3d 799, 804 (1979)); see also Rowland v. Christian, 69 Cal. 2d 108, 113 (1968) (articulating an earlier version of the factors).

The FAC alleges that the “bZx protocol and its partners owed Plaintiffs a duty to maintain the security of the funds deposited using the bZx protocol, including but not limited to putting in place procedures such that a phishing attack on a single developer would not result in a multi-million dollar theft.” (FAC ¶ 99). Plaintiffs allege that the creators of the bZx Protоcol “told users that they need not ‘ever worry about . . . getting hacked or [anyone] stealing [their] funds.” (Id. ¶ 1). The FAC further alleges that the “bZx protocol and its partners also owed Plaintiffs a duty to supervise developers and those working on the protocol such that important passwords or security details could not be revealed through the actions of a single developer.” (Id. ¶ 100). Finally, the FAC alleges that the developer targeted by the phishing attack “owed Plaintiffs a duty to secure [passwords] against malicious attacks.” (Id. ¶ 101).

In Fabian v. LeMahieu, No. 19-CV-54-YGR, 2019 WL 4918431 (N.D. Cal. Oct. 4, 2019), the Court considered a claim of negligence based on similar facts. The plaintiffs alleged that cryptocurrency had been stolen from the defendant‘s exchange due to “unauthorized transactions.” Id. at *5. In denying a motion to dismiss, the court applied the six-factor special relationship test and found the defendant owed plaintiffs a duty of care:

Here, five of the six factors weigh in favor of finding a duty. It was foreseeable that a lack of security on the primary exchangе for [the cryptocurrency] would cause harm to individuals who, like plaintiff, deposited their [cryptocurrency] on that exchange and that any security failure on that exchange would result in harm to plaintiff and other similarly situated individuals. Further, it is plausible that [the defendants‘] alleged conduct, if true, could be viewed as morally reprehensible and this type of action could further the goal of preventing future harm. Imposing a duty to exercise care in this instance will not result in an undue burden on the [defendants] or the industry at large. Moreover, [the defendants‘] conduct was proximately connected to plaintiff‘s injury.

Id. at *12 (citing Rowland, 69 Cal. 2d 108).

Applying the special relationship factors here counsels in favor of finding Defendants owed Plaintiffs a duty of care. First, Plaintiffs were the intended beneficiaries of the transaction in that they were the bZx Protocol‘s users. The FAC alleges that the bZx Protocol is a platform for “tokenized margin trading and lending,” (FAC ¶ 42), which Plaintiffs traded on after connecting a wallet and depositing a supported cryptocurrenсy, (id. ¶ 45). Second, it was foreseeable that lack of security on the bZx Protocol would cause harm to individuals, like Plaintiffs, who used the BSC and Polygon blockchains on the platform. This conclusion is bolstered by the allegation that bZx was targeted by three previous hacks with initial losses of approximately $9 million, at least one of which involved a phishing attack. (Id. ¶ 61). Third, Plaintiffs allege an injury with a high degree of certainty: the named Plaintiffs were injured by the theft of approximately $1.7 million of their cryptocurrency tokens, while the total theft was approximately $55 million. (Id. ¶¶ 1, 3-21). Fourth, Plaintiffs allege a close connection between the negligent conduct and their injury: but for the bZx DAO‘s negligent failure to implement security measures that the operators knew were reasonably necessary to protect the Protocol, Plaintiffs’ cryptocurrency would have been safe. (See id. ¶ 1). Fifth, Plaintiffs allege the DAO‘s conduct is morally reprehensible in light of their promises of safety. (See id. ¶ 1). Sixth, a finding that Defendants owed Plaintiffs a duty furthers the policy of preventing future harm stemming from negligent oversight of security measures on DeFi protocols. See Fabian, 2019 WL 4918431, at *12 (applying six-factor test). The factors weigh in favor of finding a special relationship between the bZx DAO and Plaintiffs. Accordingly, the Court finds that Plaintiffs have alleged that the bZx DAO had a duty to exercise reasonable care with respect to their management of the protocol.

This conclusion isn‘t disturbed by the Leveragebox Defendants’ arguments that Fabian, supra, is distinguishable. (Dkt. 43 at 3-4). First, the Leveragebox Defendants’ attempt to distinguish Fabian because transactions with the bZx Protocol are “non-custodial” because users maintain custody over their own assets. (Id. at 3). The FAC alleges a successful phishing attack on a bZx developer allowed a hacker to gain access to all of the funds supposedly in Plaintiffs’ custody, (FAC ¶¶ 47, 52, 54, 56-57), rendering the distinction between custodial and non-custodial meaningless here. Second, the Leveragebox Defendants argue the FAC doesn‘t allege transactions between Plaintiffs and Defendants. (Dkt. 43 at 3-4). The FAC does, however, allege transactions between the named Plaintiffs and the bZx Protocol that were precisely the sort of transactions Fulcrum was intended to facilitate. (FAC ¶ 1).

2. Breach

The Leveragebox Defendants next contend that, even if they owed Plaintiffs a duty of care, the FAC doesn‘t allege facts plausibly stating that Defendants breached that duty. (Dkt. 27-1 at 17-18). Citing this Court‘s order in Razuki v. Caliber Home Loans, Inc., No. 17-cv-1718-LAB-WVG, 2018 WL 6018361 (S.D. Cal. Nov. 15, 2018), Defendants argue Plaintiffs can‘t state a claim by “simply asserting that a hack occurred, and therefore people were negligent.” (Dkt. 27-1 at 17-18). However, Plaintiffs allege breach with more specificity than the complaint in Razuki. While the complaint in Razuki offered conclusory statements without supporting facts, see 2018 WL 6018361, at *1, Plaintiffs here allege sufficient factual matter to support their claim.

The FAC alleges that on November 5, 2021, “[a] bZx developer was sent a phishing email to his personal computer with a malicious macro in a Word document that was disguised as a legitimate email attachment, which then ran a script on his Personal Computer. This led to his personal mnemonic wallet phrase being compromised.” (FAC ¶ 52). The developer‘s personal wallet contained “private keys (or passcodes or passphrases) that enabled [the hacker to access bZx Protocol] users’ funds” and that “those keys were [the developer‘s] only means of accessing the protocol and making necessary changes to it.” (Id. ¶ 56). The FAC further alleges that these private keys had been used to successfully target the Protocol in other, similar hacks, (id. ¶ 61); the bZx Protocol made specific assurances about security, (id. ¶ 46, 48-50); and the Protocol failed to implement security measures that would‘ve prevented Plaintiffs’ injuries, (id. ¶¶ 54, 57-59, 61; see also id. ¶ 57 (“The problem, as the company reported it, was that—despite the protocol‘s promises to the contrary—the protocol‘s implementation on two of the three blockchains on which it operated was insecure. That is, the protocol was designed to work on the Ethereum blockchain, the Polygon blockchain, and the Binance Smart Chain blockchain, but only its operations on the Ethereum blockchain were seсure.“). Accepting the allegations in the FAC as true, the Court finds that Plaintiffs have stated sufficient factual matter to plausibly allege Defendants breached their duty care.

C. Partnership Liability

Plaintiffs’ theory of liability is premised on the existence of a general partnership among all persons holding BZRX tokens. The FAC contends Defendants are partners of the purported bZx DAO general partnership, (FAC ¶¶ 22-25, 72-75), and, therefore, jointly and severally liable for Plaintiffs’ injuries, (id. ¶¶ 99-102). The Leveragebox Defendants argue the FAC fails to plausibly demonstrate the existence of a general partnership. (Dkt. 27-1 at 18-22). Additionally, they argue the FAC doesn‘t sufficiently allege Defendants are members of the purported general partnership. (Id. at 22).

The Court first considers whether the FAC includes sufficient factual matter to plausibly allege that the bZx DAO is a general partnership, and then considers whether the FAC sufficiently alleges that each Defendant is a partner in such a partnership.

1. bZx DAO General Partnership Formation

California law provides that the “association of two or more persons to carry оn as coowners a business ‍‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‍for profit forms a partnership, whether or not the persons intend to form a partnership.” Cal. Corp. Code § 16202(a). “Under the Corporations Code, unless persons associated to do business together establish a formal entity like a corporation, the association is deemed to be a partnership regardless of the parties’ intent.” Jones v. Goodman, 57 Cal. App. 5th 521, 538 n.19 (2020); see also § 16202(b) (“[A]n association formed under a statute other than this chapter, a predecessor statute, or a comparable statute of another jurisdiction is not a partnership under this chapter.“). “[P]ersons may unintentionally create a partnership where their actions and behavior demonstrate an intent to engage in business together.” In re Marriage of Geraci, 144 Cal. App. 4th 1278, 1292 (2006) (noting that courts consider the surrounding circumstances to determine the parties’ intent). “It is well-settled that the existence of a partnership is a question of fact.” Persson v. Smart Inventions, Inc., 125 Cal. App. 4th 1141, 1157 (2005) (citing Holmes v. Lerner, 74 Cal. App. 4th 442, 445 (1999)).

A plaintiff can plead the existence of a partnership by making specific factual allegations demonstrating: (1) the right of the purported partners to participate in the management of the business; (2) the sharing of profits and losses among the purported partners; and (3) contributions of money, property, or services by the purported partners to the partnership. See Ramirez v. Sotelo, No. ED CV 13-2155 SJO (MRWx), 2014 WL 12586445, at *3 (C.D. Cal. May 8, 2014). “To participate to some extent in the management of a business is a primary element in partnership organization, and it is virtually essential to a determination that such a relationship existed.” Dickenson v. Samples, 104 Cal. App. 2d 311, 315 (1951). Importantly, “the distinguishing feature of partnership is association to carry on business together, not [an] agreement to share profits.” Holmes, 74 Cal. App. 4th at 454 (noting that the California legislature removed profit sharing from the statutory definition of a partnership, indicating that the legislature “intend[ed] profit sharing to be evidence of a partnership, rather than a required element of the definition of a partnership“); see also id. at 456 (“Ordinarily the existence of a partnership is evidenced by the right of the respective parties to participate in profits and losses and in thе management and control of the business.“); Cal. Corp. Code § 16202(c)(3) (“A person who receives a share of the profits of a business is presumed to be a partner in the business.“).

The FAC alleges that “the bZx protocol purports to be a DAO, a de-centralized autonomous organization, that lacks any legal formalities or recognition.” (FAC ¶ 2). Plaintiffs allege that “[g]iven their structures and the way they operate, the bZx and Ooki DAOs are general partnerships among tokenholders.” (Id. ¶ 71). Plaintiffs contend the DAOs should be recognized as general partnerships, and each partner should be jointly and severally liable for the torts of the DAO. (Id. ¶ 2) The Leveragebox Defendants contend that the FAC asserts legal conclusions and fails to allege facts sufficient to demonstrate the existence of general partnership. (Dkt. 27-1 at 18-23).

To plausibly allege the existence of a general partnership, the FAC must plead sufficient facts to demonstrate that the bZx DAO is (1) an association of two or more persons (2) carrying on as co-owners of (3) a business for рrofit. See Cal. Corp. Code § 16202(a). As a starting point, the FAC alleges that the DAO is an “association[] of two or more persons (the tokenholders and investors).” (FAC ¶ 71). The FAC also alleges that the bZx DAO generates profits through its margin trading and lending products, Fulcrum and Torque. (Id. ¶¶ 43-44, 71). The Leveragebox Defendants don‘t appear to dispute either allegation. (See Dkt. 27-1 at 18-23). The Court finds that the FAC sufficiently alleges that the DAO is an association of two or more persons and that it operates as a business for profit.

The Court next considers whether Plaintiffs sufficiently allege that the BZRX tokenholders carry on as co-owners of the DAO. See Cal. Corp. Code § 16202(a). The FAC alleges that “bZx outlined plans to transition both revenue from the protocol and control of aspects of the protocol to the bZx DAO. That is, ‘armed with tens of millions of dollars, [the DAO] will take up the task of maintaining the protocol, building new products, marketing the brand, and managing the community.‘” (FAC ¶ 68). Plaintiffs allege that “when the transition was completed, ‘the legal entity bZeroX LLC [ceased] to exist, and in its place the DAO . . . remained.‘” (Id.).

The FAC alleges the “bZx DAO is controlled by those who hold the BZRX token” and that tokenholders have governance rights in the DAO. (FAC ¶¶ 41, 69). “That is, ‘the keys to the bZx treasury, [were] turned over to the DAO, and [BZRX] tokenholders [became] the main drivers of governance and decision making of the bZx platform going forward.‘” (Id. ¶ 69). Specifically, they allege that tokenholders can both suggest and vote on governance proposals. (Id. ¶¶ 41, 69). Tokenholders can propose “spending treasury funds to hire people; changing organizational goals and policies; and even distributing treasury assets to tokenholders, like how corporations can authorize dividends.” (Id.). If a proposal receives the required number of votes, the DAO or Protocol will take the proposed action. (Id. ¶ 41).

The Leveragebox Defendants concede that BZRX tokenholders possess some governance rights, but argue these rights are too limited to establish the existence of a general partnership. (Dkt. 27-1 at 22 (“BZRX tokens provide owners only some fraction of govеrnance rights which relate to only a narrow set of parameters of the protocol.“)). But limited governance rights don‘t divest a partnership of its essential nature—a partnership can still exist when individual partners only control a part of the enterprise. See Singleton v. Fuller, 118 Cal. App. 2d 733, 741 (1953) (“The fact that no complete control of any part of a partnership venture is vested in each partner does not [negate] the existence of a partnership since, by agreement, one partner may be given the duty of management of the enterprise or any part thereof.“). The Court finds the FAC plausibly alleges that the BZRX tokenholders possessed governance rights over the DAO.

Plaintiffs also allege that tokenholders can share in the DAO‘s profits. (FAC ¶ 41). The Leveragebox Defendants dispute this characterization, arguing the FAC doesn‘t sufficiently allege the existence of profit and loss sharing. (See Dkt. 27-1 at 20-21). They contend that Plaintiffs merely “speculat[e] that BZRX token holders could share profits,” but that this allegation “fall[s] far short of allеging that the [tokenholders] agreed to share profits and losses.” (Id. at 21 (emphasis in original)). “The actual sharing of profits . . . is prima facie evidence, which is to be considered, in light of any other evidence, when determining if a partnership exists.” Holmes, 74 Cal. App. 4th at 457; see also Nelson v. Abraham, 29 Cal. 2d 745, 749 (1947) (“A partnership connotes coownership in the partnership property with a sharing in the profits and losses of a continuing business.“). “The fact, however, that profits and losses are not shared equally does not necessarily compel a conclusion that no partnership existed.” Constans v. Ross, 106 Cal. App. 2d 381, 389 (1951).

Here, the FAC alleges that tokenholders “can vote to ‘distribut[e] treasury assets to tokenholders, like how corporations can authorize dividends.‘” (FAC ¶ 41). Also relevant here is the Commodity Future Trading Commission‘s (“CFTC“) Order Instituting Proceedings, which the Court has already judicially noticed. The CFTC found that the “bZx Protocol liquidity pool[‘s] . . . assets were supplied by liquidity providers who, in exchange, had received interest-generating tokens, as well as BZRX Protocol Tokens (‘BZRX Tokens‘) conferring voting rights on certain matters relevant to bZx Protocol governance.” In re bZeroX, LLC, 2022 WL 4597664, at *2. The CFT‘s findings reinforce the FAC‘s allegations that tokenholders can share in the DAO‘s profits either by voting to distribute treasury assets among themselves or via an interest-generating token.

The Leveragebox Defendants argue that Plaintiffs “allege no facts suggesting that defendants (let alone all BZRX token holders) agreed to bear any and all losses suffered by a partnership.” (Id.). However, “[a]n agreement to divide profits implies an agreement for a corresponding division of losses, unless otherwise expressly stipulated.” Nat‘l Bank of Com. in Pasadena v. Thompson Advert. Co., 114 Cal. App. 327, 329-30 (1931) (citations omitted); see also Brown v. Fairbanks, 121 Cal. App. 2d 432, 440 (1953) (“A provision to share losses may be implied in a partnership or joint venture agreement.“). On balance, the Court finds the allegation that BZRX tokenholders may share profits weighs in favor of treating the DAO as a general partnership.³

The Leveragebox Defendants further argue that finding “that each and every BZRX token holder plausibly could be a co-owner of a business with management

authority and unlimited personal liability for any losses connected to the platform, and thus subject to full discovery into their potеntial liability . . . [would be a] radical expansion and alteration of long-standing principles of partnership law [and] should not be countenanced.” (Dkt. 27-1 at 22-23). However, when transitioning control of the bZx Protocol from bZerox LLC to the bZx DAO, the partners elected to forgo registering the DAO as an LLC or other legal entity with limited liability. In fact, the CFTC concluded that “Bean and Kistner determined that transitioning to a DAO would insulate the bZx Protocol from regulatory oversight and accountability for compliance with U.S. law.” In re bZeroX, LLC, 2022 WL 4597664, at *4. In a public call describing the pending transition, Kistner stated:

It‘s really exciting. We‘re going to be really preparing for the new regulatory environment by ensuring bZx is future-proof. So many people across the [cryptocurrency] industry right now are getting legal notices and lawmakers are trying to decide whether they want DeFi companies to register as virtual asset service providers or not—and really what we‘re going to do is take all the steps possible to make sure that when regulators ask us to comply, that we havе nothing we can really do because we‘ve given it all to the community.

Id. Given this context, the Court disagrees that recognizing the bZx DAO as a general partnership would be a “radical expansion and alteration of long-standing principles of partnership law [that] should not be countenanced.” (Dkt. 27-1 at 22-23); see also Nat‘l Bank of Com., 114 Cal. App. at 329-30 (“Courts do not countenance partnerships which attempt to afford all the advantages of commercial intercourse without corresponding liabilities, and an agreement which contemplates such evasion will be construed and enforced as a general partnership.“).

Accepting the allegations in the FAC as true, the Court finds that Plaintiffs have stated facts sufficient to allege that a general partnership existed among the BZRX tokenholders.

2. Partnership Allegations Against Each Defendant

The Court next considers whether the FAC makes sufficient factual allegations to demonstrate that each individual defendant is a partner of the bZx DAO general partnership. Because anyone holding a BZRX token is a partner in the pаrtnership, Plaintiffs can make this showing by specifically alleging that each Defendant held BZRX tokens.

As for Kistner and Bean, the FAC alleges that they co-founded the bZx Protocol and initially controlled in through bZeroX LLC, which they also co-founded and controlled. (FAC ¶¶ 22-23, 67). Although the FAC doesn‘t specifically allege that Kistner or Bean held BZRX tokens, it does allege that they participated in Protocol decision making and that the only way to participate in such decision making is by holding and voting BZRX tokens. (Id. ¶ 69, 72-73). These allegations support the reasonable inference that Kistner and Bean necessarily held BZRX tokens when they participated in protocol decision making.⁴ The FAC also alleges that Kistner is still listed as an employee of bZx. (Id. ¶ 67). The Court finds the FAC makes sufficient allegations to permit the reasonable inference that Kistner and Bean hold BZRX tokens.

As for Leveragebox LLC, the FAC alleges that Leveragebox operated the Fulcrum trading platform when the phishing attack and hack occurred. (Id. ¶ 78). The FAC doesn‘t allege that Leveragebox LLC held governance tokens, participated in the management of the bZx DAO, or shared in the profits of the DAO. The Court finds the FAC fails to allege that Leveragebox LLC was a general partner of the bZx DAO.

As for bZeroX LLC, the FAC alleges that ‍‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‍bZeroX created and controlled the

protocol until August 2021, at which time bZeroX transferred its assets to the bZx DAO and dissolved. (Id. ¶ 79). At the time of the hack, bZeroX didn‘t exist as a legal entity. The FAC doesn‘t contain any allegations suggesting that bZeroX held BZRX tokens, participated in the management of the bZx DAO, or shared in the profits of the DAO. The Court finds the FAC fails to allege that bZeroX was a general partner of the bZx DAO.

As for Hashed International LLC and AGE Crypto GP, LLC, the FAC alleges both entities were investors in the bZx Protocol and members of the DAO and general partnership. (Id. ¶¶ 22-25). The FAC alleges that Hashed has “publicly disclosed that it ‘supported the [bZx] team’ . . and invested in the protocol and the BZRX token.” (Id. ¶ 74). The FAC doesn‘t explicitly allege that AGE held governance tokens, but does allege that both entities participated in protocol decision making. (Id. ¶ 74-75). As previously discussed, these allegations support the reasonable inference that Hashed and AGE necessarily held BZRX tokens when they allegedly participated in protocol decision making. The Court finds Plaintiffs’ allegations sufficient to permit the reasonable inference that Hashed and AGE hold governance tokens.

* * *

The motion to dismiss for failing to allege facts sufficient to demonstrate the existence of a general partnership is GRANTED IN PART and DENIED IN PART, and the claims against Leveragebox LLC and bZeroX LLC are DISMISSED.

D. Corporate Veil Piercing

Bean and Kistner argue that Plaintiffs plead no facts that warrant piercing the corporate veil of the Leveragebox and bZeroX LLCs. (Dkt. 27-1 at 8-9). However, the FAC alleges Bean and Kistner are liable as partners of the bZx DAO general partnership, not as members of their LLCs. (FAC ¶¶ 22-23, 72-73). Therefore, the Court DENIES Bean and Kistner‘s motion to dismiss to the extent it argues Bean and Kistner are shielded from liability by their LLCs.

E. Terms of Use

The Leveragebox Defendants argue Plaintiffs’ negligence claim is bаrred by the Terms of Use they agreed to when they accessed the Protocol via the Fulcrum website. (Dkt. 27-1 at 9-10). “Contracts formed on the Internet come primarily in two flavors: ‘clickwrap’ (or ‘click-through‘) agreements, in which website users are required to click on an ‘I agree’ box after being presented with a list of terms and conditions of use; and ‘browsewrap’ agreements, where a website‘s terms and conditions of use are generally posted on the website via a hyperlink at the bottom of the screen.” Nguyen v. Barnes & Noble Inc., 763 F.3d 1171, 1175-76 (9th Cir. 2014). Fulcrum‘s Terms of Use were hyperlinked on the bottom of the Fulcrum homepage and users weren‘t required to click “I agree” before accessing the platform. (Dkt. 27-1 at 9; Dkt. 27-2 Ex. 2). Therefore, Fulcrum‘s Terms of Use are a “browsewrap” agreement.

Under California law, browsewrap agreements are binding on a website user only when the user has “actual or constructive knowledge of a website‘s terms and conditions.” Long v. Provide Com., Inc., 245 Cal. App. 4th 855, 863 (2016) (quoting Nguyen, 763 F.3d at 1176), see, e.g., Cairo, Inc. v. Crossmedia Servs., Inc., No. 04-cv-4825, 2005 WL 756610, at *5 (N.D. Cal. Apr. 1, 2005) (finding website‘s browsewrap terms of use were binding on plaintiff when he admitted he had actual knоwledge of the terms). “[W]here a website makes its terms of use available via a conspicuous hyperlink on every page of the website but otherwise provides no notice to users nor prompts them to take any affirmative action to demonstrate assent, even close proximity of the hyperlink to relevant buttons users must click on—without more— is insufficient to give rise to constructive notice.” Nguyen, 763 F.3d at 1179-80; see also Long, 245 Cal. App. 4th at 864-67 (adopting Nguyen‘s reasoning).

Here, a hyperlink to the Terms of Use is located at the bottom of Fulcrum‘s homepage and appear to be visible only if a user scrolls through other material, including the “Start Now” buttons used to access the platform‘s trading and lending features. (See Dkt. 27-2 Ex. 2 at 21-23). Additionally, the Terms of Use are displayed in small font located below at least eighteen other hyperlinks. (Id. at 22-23). The FAC contains no allegations suggesting that Plaintiffs had actual knowledge of the Terms of Use when they accessed the Protocol. The Court finds Plaintiffs had neither actual nor constructive notice of the Terms of Use and, therefore, aren‘t bound by them. The Court further finds that the Terms of Use don‘t bar Plaintiffs’ clаim against any of the Leveragebox Defendants. The Leveragebox Defendant‘s motion to dismiss is DENIED to the extent to seeks to dismiss Plaintiffs’ claims based on Leveragebox‘s Terms of Use.

III. RULE 12(b)(2) MOTION TO DISMISS

The Leveragebox Defendants move to dismiss all claims against Bean, arguing the Court lacks personal jurisdiction over him. (Dkt. 27-1 at 24-25). Although the motion to dismiss doesn‘t invoke Rule 12(b)(2), the Court will construe it as 12(b)(2) motion to dismiss for lack of personal jurisdiction.

A. Legal Standard

Rule 12(b)(2) governs motions to dismiss for lack of personal jurisdiction. See Fed. R. Civ. P. 12(b)(2). The plaintiff must establish that the court has personal jurisdiction over the defendant by “mak[ing] only a prima facie showing of jurisdictional facts to withstand the motion to dismiss.” Love v. Assoc‘d. Newspapers, Ltd., 611 F.3d 601, 608 (9th Cir. 2010); see also Pebble Beach Co. v. Caddy, 453 F.3d 1151, 1154 (9th Cir. 2006). To make this showing, “the plaintiff need only demonstrate facts that if true would support jurisdiction over the defendant.” Ballard v. Savage, 65 F.3d 1495, 1498 (9th Cir. 1995). “Uncontroverted allegations in the complaint must be taken as true, and conflicts over statements contained in affidavits must be resolved in [plaintiffs‘] favor.” Love, 611 F.3d at 608.

“Federal courts ordinarily follow state law in determining the bounds of their jurisdiction over persons.” Daimler AG v. Bauman, 571 U.S. 117, 125 (2014) (citing Fed. R. Civ. P. 4(k)(1)(A)). “California‘s long-arm statute allоws the exercise of personal jurisdiction to the full extent permissible under the U.S. Constitution,” the inquiry centers on whether exercising jurisdiction over a particular defendant comports with due process. Id.; see also Cal. Civ. Proc. Code § 410.10 (“A court of this state may exercise jurisdiction on any basis not inconsistent with the Constitution of this state or of the United States.“). “Due process requires that the defendant ‘have certain minimum contacts’ with the forum state ‘such that the maintenance of the suit does not offend traditional notions of fair play and substantial justice.‘” Picot v. Weston, 780 F.3d 1206, 1211 (9th Cir. 2015) (quoting Int‘l Shoe Co. v. Washington, 326 U.S. 310, 316 (1945)).

Federal courts may exercise either general or specific jurisdiction over nonresident defendants. Helicopteros Nacionales de Colombia, S.A. v. Hall, 466 U.S. 408, 414 (1984). General jurisdiction exists when a defendant has “substantial” or “continuous and systematic” contacts with the forum state. Id. at 415. If a defendant‘s contacts are insufficient to establish general jurisdiction, specific jurisdiction might still exist. A three-part test determines whether a non-resident defendant has sufficient contacts to be subject to specific jurisdiction:

(1) The non-resident defendant must purposefully direсt his activities or consummate some transaction with the forum or resident thereof; or perform some act by which he purposefully avails himself of the privilege of conducting activities in the forum, thereby invoking the benefits and protections of its laws;

(2) the claim must be one which arises out of or relates to the defendant‘s forum-related activities; and

(3) the exercise of jurisdiction must comport with fair play and substantial justice, i.e. it must be reasonable.

Picot, 780 F.3d at 1211 (quoting Schwarzenegger v. Fred Martin Motor Co., 374 F.3d 797, 802 (2004)). The plaintiff must prove the first two prongs, CollegeSource, Inc. v. AcademyOne, Inc., 653 F.3d 1066, 1076 (9th Cir. 2011), then the burden shifts to the defendant to “set forth a ‘compelling case’ that the exercise of jurisdiction would not be reasonable,” id. (quoting Burger King Corp. v. Rudzewicz, 471 U.S. 462, 477 (1985)). “For claims sounding in tort, [the Ninth Circuit] appl[ies] a ‘purposeful direction’ test and look[s] to evidence that the defendant has directed his actions at the forum state, even if those actions took place elsewhere.” Picot, 780 F.3d at 1212.

B. Specific Personal Jurisdiction over Bean

The FAC alleges that the Court has specific personal jurisdiction over all Defendants because they purposefully entered the general partnership which: was controlled from California; has at least one member conducting partnership business in California; and directed at least some activities at California. (FAC ¶ 33). Specifically, the FAC alleges that the Court has specific personal jurisdiction over Bean only because he is a general partner in the bZx DAO general partnership. (Id.). However, “[l]iability and jurisdiction are independent. Liability depends on the relationship between the plaintiff and the defendants and between the individual defendants; jurisdiction depends only upon each defendant‘s relationship with the forum.” Sher v. Johnson, 911 F.2d 1357, 1365 (9th Cir. 1990). “Jurisdiction over a partnership does not necessarily permit a court to assume jurisdiction over the individual partners,” and “California court[s] ‘ha[ve] jurisdiction over only those individual partners who personally established the requisite minimum contacts with California.” Goehring v. Superior Ct. of San Diego Cnty., 62 Cal. App. 4th 894, 904-05 (1998); see also Sher, 911 F.2d at 1366 (“[A] partner‘s actions may be imputed to the partnership for the purpose of establishing minimum contacts, but ordinarily may not be imputed to the other partners.“).

Bean argues the Court lacks personal jurisdiction оver him because the FAC fails to plausibly allege that he was a member of a general partnership controlled from California. (Dkt. 27-1 at 24-25). Even if he were a general partner, Bean contends he lacks sufficient minimum contacts with California to establish specific personal jurisdiction. (Dkt. 43 at 9-10). Although the Court has found that Plaintiffs sufficiently allege Bean is a partner of the bZx DAO general partnership, Plaintiffs only allege that Bean “was aware that Kistner moved to California and intentionally communicated with Kistner in California about partnership business.” (FAC ¶ 73). That fact alone is insufficient to make a prima facie showing of personal jurisdiction over Bean. See, e.g., Sher, 911 F.2d at 1366 (finding a law firm partner who represented a California resident, made phone calls and sent letters to California in the course of representation, and travelled to California on several occasions to service the client didn‘t have the requisite minimum contacts to establish purposeful availment); see also Data Disc, Inc. v. Sys. Tech. Assocs., Inc., 557 F.2d 1280, 1285 (9th Cir. 1977). The Court finds it lacks spеcific personal jurisdiction over Bean. The Court GRANTS Bean‘s motion to dismiss for lack of personal jurisdiction, and the claim against him is DISMISSED WITH LEAVE TO AMEND to add additional facts demonstrating the requisite minimum contacts.

IV. RULE 12(f) MOTION TO STRIKE

The Leveragebox Defendants next move to strike the FAC‘s class allegations pursuant to Rule 12(f). (Dkt. 27-1 at 23-24). They argue the Court should strike the class allegations because the named Plaintiffs aren‘t “adequate” class representatives under Rule 23. (Id.). Rule 23(a)(4) requires that class representatives “fairly and adequately protect the interests of the class.” Fed. R. Civ. P. 23(a)(4). The adequacy inquiry “serves to uncover conflicts of interest between named parties and the class they seek to represent.” Amchem Prods., Inc. v. Windsor, 521 U.S. 591, 625 (1997) (citing Gen. Tel. Co. of the Sw. v. Falcon, 457 U.S. 147, 157-58 & n.13 (1982)). “[A] class representative must be part of the class and ‘possess the same interest and suffer the same injury’ as the class members.” E. Tex. Motor Freight Sys., Inc. v. Rodriguez, 431 U.S. 395, 403 (1977) (quoting Schlesinger v. Reservists Comm. to Stop the War, 418 U.S. 208, 216 (1974)). “To assure ‘adequate’ representation, the class representative‘s personal claim must not be inconsistent with the claims of other members of the class.” In re Beer Distrib. Antitrust Litig., 188 F.R.D. 549, 554 (N.D. Cal. 1998). “Where the complaint demonstrates that a clаss action cannot be maintained on the facts alleged, a defendant may move to strike class allegations prior to discovery.” Sanders v. Apple Inc., 672 F. Supp. 2d 978, 990 (N.D. Cal. 2009).

Here, the putative class includes “[a]ll people who delivered cryptocurrency tokens to the bZx protocol and had any amount of funds stolen in the theft reported on November 5, 2021, except for people whose only cryptocurrency stolen was the BZRX token.” (FAC ¶ 80). The FAC also provides that “[n]one of the Plaintiffs or proposed class held meaningful stakes of BZRX token.” (Id. ¶ 64). The Leveragebox Defendants contend this allegation is essentially an admission the class representatives held some BZRX tokens, (Dkt. 43 at 10), and are therefore general partners of the bZx DAO and “equally liable under Plaintiffs’ own general partnership theory,” (id. at 23-24).

While the Leveragebox Defendants are correct that, under Plaintiffs’ general partnership theory, anyone holding BZRX tokens at the relevant time is jointly and severally liable for the torts of the DAO, the FAC doesn‘t ‍‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‍clearly demonstrаte a conflict of interest between the named Plaintiffs and the putative class. Specifically, the allegation that “[n]one of the Plaintiffs or proposed class held meaningful stakes of BZRX token,” (id. ¶ 64), doesn‘t clearly demonstrate that the named Plaintiffs necessarily held BZRX tokens. This allegation can also be interpreted to mean the named Plaintiffs held no BZRX tokens. Accordingly, the Court finds the FAC doesn‘t demonstrate an irreconcilable conflict of interest between the named Plaintiffs and the putative class.

The motion to strike the class allegations is DENIED WITHOUT PREJUDICE. If discovery reveals actual conflicts of interest between the named Plaintiffs and the putative class, Defendants can renew their motion to strike at that time. Additionally, Plaintiffs can opt to revise the class definition when filing their Second Amended Complaint to attempt to correct any potential Rule 23(a)(4) problems. See Hawkins v. Comparet-Cassani, 251 F.3d 1230, 1238 (9th Cir. 2001) (quoting U.S. Parole Commʼn v. Geraghty, 445 U.S. 388, 408 (1980)) (“The district court is not ‘to bear the burden of constructing subclasses’ or otherwise correcting Rule 23(a) problems; rather, the burden is on Plaintiffs to submit proposals tо the court.“); see also Andrews Farms v. Calcot, Ltd., 268 F.R.D. 380, 388-89 (E.D. Cal. 2010) (collecting cases).

V. RULE 12(b)(4) MOTION TO DISMISS

The Hashed Defendants move to dismiss the entire action because the FAC incorrectly names Hashed and AGE as defendants when they didn‘t hold BZRX tokens. (Dkt. 31-1 at 6). Specifically, they move to dismiss for insufficient process under Rule 12(b)(4) and contend Plaintiffs violated Rule 11 because a reasonable inquiry would have revealed Hashed and AGE weren‘t tokenholders.⁵ (Id.).

A Rule 12(b)(4) motion to dismiss is technically “proper only to challenge noncompliance with the provisions of Rule 4(b) or any applicable provision incorporated by Rule 4(b) that deals specifically with the content of the summons.” 5B Wright & Miller, Federal Practice and Procedure § 1353 (3d ed. 2022). Rule 4(a)(1)(A) and (B) require that a summons must include the correct names

of the parties and be directed at the correct defendant. Fed. R. Civ. P. 4(a)(1)(A), (B). If a summons doesn‘t include the correct information, dismissal is proper under Rule 12(b)(4). See J.L. v. Best W. Int‘l, Inc., 521 F. Supp. 3d 1048, 1073 (D. Colo. 2021). When a defendant asserts the plaintiff named the wrong party, dismissal under Rule 12(b)(4) is inappropriate if the plaintiff subsequently states they named the defendant they intended to. See, e.g., id. at 1074 (denying Rule 12(b)(4) motion to dismiss and rejecting defendant entity‘s argument that plaintiff should have sued a subsidiary when plaintiff stated they intended to name the defendant entity and not the subsidiary).

The Hashed Defendants don‘t challenge the form of procеss, the content of the summons, or the manner in which service of process was delivered. (See Dkt. 7 (service on AGE); Dkt. 8 (service on Hashed). Nor do they challenge that Plaintiffs intended to sue Hashed and AGE. Instead, Hashed and AGE assert they never held BZRX tokens. Specifically, Hashed asserts an unidentified South Korean natural citizen invested in the tokens, (Dkt. 31-1 at 3), and AGE asserts it entered a Simple Agreement For Future Tokens, but doesn‘t state whether it ever received BZRX tokens, (id.). Beyond these assertions, the Hashed Defendants don‘t provide any evidence supporting their assertion that they didn‘t hold BZRX tokens. In contrast, the FAC alleges Hashed and AGE were investors in the bZx Protocol and participated in protocol decision making, allowing the reasonable inference they possessed BZRX tokens. (FAC ¶¶ 22-23, 74-75).

At the motion to dismiss stage, the Court is bound by the allegations in the FAC. al-Kidd, 580 F.3d at 956. The Hashed Defendants can‘t defeat those allegations by simply asserting conflicting facts without supporting evidence or affidavits. The Hashed Defendants’ motion to dismiss under Rule 12(b)(4) is DENIED.

The question оf whether the Hashed Defendants held tokens will likely be resolved by discovery. However, if Hashed and AGE didn‘t hold BZRX tokens and are in fact erroneous defendants, the Court might lack jurisdiction over them. See Direct Mail Specialists, Inc. v. Eclat Computerized Techs., Inc., 840 F.2d 685, 688 (9th Cir. 1988) (quoting Benny v. Pipes, 799 F.2d 489, 492 (9th Cir.1986)) (“[W]ithout substantial compliance with Rule 4 ‘neither actual notice nor simply naming the defendant in the complaint will provide personal jurisdiction.‘“); Fed. R. Civ. P. 4(a) (a summons must name the correct defendant). When parties dispute facts bearing on jurisdiction, a court may allow limited jurisdictional discovery to resolve the dispute. See LNS Enterprises LLC v. Cont‘l Motors, Inc., 22 F.4th 852, 864 (9th Cir. 2022) (quoting Laub v. U.S. Dep‘t of Interior, 342 F.3d 1080, 1093 (9th Cir. 2003)) (“Jurisdictional discovery ‘should ordinarily be granted where pertinent facts bearing on the question of jurisdiction are controverted or where a more satisfactory showing of the facts is necessary.‘“). Therefore, the Court will permit either party to file a motion requesting limited jurisdictional discovery to determine whether Hashed and AGE actually held BZRX tokens.

VI. RULE 12(b)(1) MOTION TO DISMISS

The Hashed Defendants move to dismiss the claims against them because Plaintiffs lack of Article III standing. (Dkt. 31-1 аt 6-7). A motion to dismiss for lack of standing is “properly raised in a Rule 12(b)(1) motion to dismiss.” Chandler v. State Farm Mut. Auto. Ins. Co., 598 F.3d 1115, 1122 (9th Cir. 2010) (“[S]tanding . . . pertain[s] to federal courts’ subject matter jurisdiction.“). Although the Hashed Defendants don‘t invoke Rule 12(b)(1), the Court will construe this argument as a motion to dismiss for lack of subject matter jurisdiction.

To establish standing, a plaintiff must show: (1) injury in fact, (2) causation, and (3) redressability. Lujan v. Defenders of Wildlife, 504 U.S. 555, 560-61 (1992). The Hashed Defendants challenge only causation, arguing that the FAC doesn‘t plead a causal nexus between their alleged conduct and Plaintiffs’ injury. (Dkt. 31-1 at 7). To satisfy the causation prong of the standing inquiry, a plaintiff must demonstrate that their injury is fairly traceable to the defendant. Simon v. E. Ky. Welfare Rts. Org., 426 U.S. 16, 41-42 (1976).

Here, the FAC alleges Plaintiffs were injured due to the negligence of the bZx DAO general partnership. (FAC ¶ 99-101). As previously discussed, the FAC‘s allegations support the reasonable inference that the Hashed Defendants held BZRX tokens and were therefore members of the general partnership. Under California partnership law, “all partners are jointly and severally liable for partnership obligations.” Myrick v. Mastagni, 185 Cal. App. 4th 1082, 1091 (2010); see also Cal. Corp. Code § 16306(a) (“[A]ll partners are liable jointly and severally for all obligations of the partnership unless otherwise agreed by the claimant or provided by law.“); § 16307(b) (“[A]n action may be brought against the partnership and any or all of the partners in the same action or in separate actions.“).

The Court finds that Plaintiffs’ injury is fairly traceable to the bXz DAO general partnership and that they have standing to sue the alleged general partners Hashed and AGE. The Hashed Defendants’ motion to dismiss for lack of standing is DENIED.

VII. CONCLUSION

For the forgoing reasons, the Court GRANTS IN PART and DENIES IN PART the Leveragebox Motion, (Dkt. 27), and DENIES WITHOUT PREJUDICE the Hashed Motion, (Dkt. 31). The claims against Tom Bean, bZeroX LLC, and Leveragebox LLC are DISMISSED WITHOUT PREJUDICE. To the extent Plaintiffs wish to amend their claims, they may do so by filing a Second Amended Complaint by April 10, 2023, in accordance with the Southern District‘s Civil Local Rules and this Court‘s Civil Standing Order.

IT IS SO ORDERED.

Dated: March 27, 2023

Hon. Larry Alan Burns

United States District Judge

Notes

The Court takes judicial notice of the Commodity Future Trading Commission‘s (“CFTC“) Order Instituting Proceedings in . In ruling on a Rule 12(b)(6) motion, courts may consider relevant matters subject to judicial notice. . A court may “judicially notice a fact that is not subject to reasonable dispute because it: (1) is genеrally known within the trial court‘s territorial jurisdiction; or (2) can be accurately and readily determined from sources whose accuracy cannot reasonably be questioned.” Fed. R. Evid. 201(b). Proper subjects of judicial notice include administrative materials. . The CFTC Order Instituting Proceedings is an administrative material properly subject to judicial notice.

A phishing attack occurs when a bad actor sends the target a digital message containing malicious content. (FAC ¶ 53). Once opened, a phishing message can allow a bad actor to install malware on the target‘s device or capture sensitive information from the target‘s device. (Id.).

The CFTC Order Instituting Proceedings indicates one way to obtain BZRX tokens was to invest in the bZx Protocol, supporting the reasonable inference that tokenholders made contributions to the DAO. (describing the “bZx Protocol liquidity pool, whose assets were supplied by liquidity providers who, in exchange, had received interest-generating tokens, as well as [BZRX Tokens] conferring voting rights on certain matters relevant to bZx Protocol governance“). Such contributions support treating the DAO as a general partnership. (noting contributions of money, property, or services to the partnership by the purported partners supports the existence of a general partnership).

In .

It appears the Hashed Defendants’ Rule 11 motion didn‘t conform with that Rule‘s procedural requirements. Specifically, Plaintiffs contend the Hashed Defendants didn‘t provide the 21 day period to correct or withdraw the challenged paper. (See Dkt. 38 at 7-8); Fed. R. Civ. P. 11(c)(2). And the Rule 11 motion wasn‘t made separately from all other motions. (See Dkt. 31-1); Fed. R. Civ. P. 11(c)(2). Additionally, the Hashed Defendants now appear to abandon their motion. (Dkt. 42 at 4 (“Age and Hashed intend to move for Rule 11 sanctions because of the frivolous factual and legal basis for which the lawsuit was filed against Age and Hashed including plaintiffs’ persistent ‍‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‍refusal to cure the party defects.“)). The Hashed Defendants’ motion to dismiss is DENIED WITHOUT PREJUDICE to the extent it relies on Rule 11.

Read the detailed case summary