Detection, investigation and asset recovery in digital asset fraud cases.
Criminals have been leveraging vulnerabilities in blockchain-based decentralised autonomous organisations (DAOs) to defraud unsuspecting participants and then seemingly disappear. The good news is that techniques are emerging to help identify wrongdoing and establish claims to recover value from stolen assets. What are the common mechanisms used in these scams? How can investigators respond?
DAOs are increasing in popularity, with wide adoption across investment, gaming and governance applications, and Cayman Islands Foundation Companies have been a favourable legal ‘wrapper’ for DAO’s choosing to incorporate a legal form.
The defining feature of a DAO is that it operates on the blockchain, enabling decentralised governance and decision-making without the need for centralised leadership. Instead, members typically vote on decisions determining the DAO’s assets, allocation of resources and overall strategy.
Funds are typically raised through token sales or member contributions and are held in decentralised wallets. DAOs maintain treasuries of digital assets, which members control collectively through voting mechanisms.
Proposals are submitted to investors and, if passed, decisions are enacted using smart contracts. For example, a smart contract might automatically transfer cryptocurrency once a certain voting threshold is met. All transactions and governance decisions are recorded on the blockchain.
DAO scams
If functioning appropriately, DAOs allow like-minded members to pursue common investment goals under a transparent and democratic system of direction and control. However decentralised and often opaque governance structures can create vulnerabilities that bad actors may be keen to exploit.
Rug pulls
The creators of a DAO lure in investors by promising high returns or building up hype around a project, only to suddenly disappear with the DAO’s funds once enough capital has been raised.How it works: After raising a significant amount of cryptocurrency through token sales or other fundraising mechanisms, the creators, who retain majority control of the DAO’s voting rights, withdraw the assets, often using decentralised exchanges to launder funds [link through to article one]. This was the case in the instance of the ETHTrustFund DAO, when $2 million of treasury assets were withdrawn and then laundered on the blockchain.
Exit scams by core developers
The developers who manage the project ‘legitimately’ for a period of time suddenly vanish, taking with them the DAO’s assets.How it works: This is similar to a rug pull but often involves a longer-term scam where developers first build trust with the DAOs investors by delivering updates and developing the project, only to drain the DAO’s funds or tokens once they have access to a significant amount. Combined, some estimates allege that rug pulls and exit scams account for more than a third of crypto scams, draining USD 2.8 billion in funds in 2021 alone.1
Misleading tokenomics
The creators may design the DAO's governance tokens to disproportionately benefit insiders while misleading the wider investor community about the true value or distribution of tokens.How it works: The creators retain a large share of the tokens without disclosing this. They could also manipulate token prices by creating artificial demand through market-making activities. When the price is inflated, they can sell their tokens, leaving other holders with depreciated assets.
Smart contract vulnerabilities
DAOs actions are executed through smart contracts, which are often written by developers with varying degrees of competence. Exploiting vulnerabilities in these contracts can allow fraudsters to manipulate or drain the DAO’s funds.How it works: If there is a flaw in the code (e.g. an unchecked function), attackers can exploit it to steal funds. Even internal members of the DAO could introduce malicious code disguised as an upgrade or governance proposal.
False proposals for fund allocation
Fraudulent members can submit deceptive proposals to allocate the DAO’s funds for projects that don't exist or are intentionally misrepresented.How it works: Once a fraudulent proposal is approved, the funds are transferred to the scammer’s control.
Ponzi or pyramid scheme
There is various speculation in the crypto-world alleging that some DAOs could be structured to resemble a Ponzi or pyramid scheme, where early investors are paid returns at excessive annual percentage yields using the funds from new investors, or even through minting new tokens, rather than actual profits generated by the DAO.How it works: The DAO may promise high returns or incentives to recruit new members, but there is no actual underlying business or product. As new funds dry up, the scheme collapses and investors lose their money.
- Manipulation of governance votes
Governance in DAOs often relies on voting power tied to token holdings, which can be manipulated by bad actors.
How it works: A malicious individual or group can accumulate enough tokens to control the governance process. They might pass proposals that benefit themselves at the expense of the broader DAO community, such as redirecting treasury funds or changing rules to entrench their control.
- Impersonation or phishing attacks
Attackers can impersonate key members of the DAO, or create fake DAOs to trick users into contributing funds or sharing sensitive information.
How it works: By creating a fake proposal that mirrors a legitimate one, fraudsters can convince members to send funds or private keys, resulting in financial loss.
- Exploitation of insider information
Insiders with privileged access to sensitive DAO data may use that information to engage in fraud.
How it works: If insiders know about pending proposals or investments that would affect the price of tokens, they can exploit this information by buying or selling tokens before this news is publicly available, effectively committing insider trading on a decentralised level.
- Decentralised financial product scams
DAOs can be set up to offer complex financial products or decentralised finance (DeFi) services, which can be difficult for average investors to fully understand.
How it works: Fraudsters can use the complexity of these products to mislead users about risks, terms or the nature of returns. For example, a DAO might claim to offer yield farming or staking returns, but fail to deliver or lock up users' funds in perpetuity.
Emerging investigative techniques
While tackling the DAO scammers is challenging, forensic investigators are not only developing innovative techniques to trace stolen cryptocurrency assets, but also identify perpetrators and provide evidence for successful recovery.
Step one
Determine the DAO structure and participants
In an investigation, we would begin by mapping the DAO’s structure, looking into founders, developers and key wallet holders. Understanding the distribution of power helps pinpoint vulnerabilities. We would then review how decisions have been made, such as voting thresholds, evaluating proposals that led to asset misappropriation, and seek to identify the pseudonymous entities with control or influence.
Step two
Trace digital asset flows
Using blockchain explorer tools, we can track the flow of funds from the DAO’s treasury. Investigating whether vulnerabilities exist in the DAO’s smart contracts can also reveal pathways for how a fraud could have been perpetrated.
Step three
Follow the tokens
Drawing on transaction analysis, we can examine patterns in token movements, like large withdrawals or transactions through DeFi protocols. Where DAOs interface with centralised exchanges, investigators may need subpoenas for KYC records or IP information from exchanges.
Step four
Unmasking perpetrators
While blockchain transactions are transparent, wallet addresses often don’t immediately link to ‘real-world’ or off-chain identities. To reveal the real identities behind the pseudonyms, we can look for overlaps between wallet activity and off-blockchain identity markers like IP addresses, emails or social media activity, as well as information gathered through disclosure
Step five
Seizing or freezing assets
Investigation teams collaborate with lawyers, exchanges and blockchain platforms to freeze assets linked to fraud. Strategic coordination that utilises intelligence gathered from investigations may be necessary to pursue civil or law enforcement collaboration, helping to secure information or cooperation from resistant parties.
Step six
Evidence gathering and reporting
For recovery action to be successful, we need to ensure that all evidence, especially digital, maintains an unbroken chain of custody. To help support asset recovery, we would also prepare detailed reports outlining how the fraud was conducted, the parties involved and the movement of assets.
Here to help
As investigators and Cross-Border Asset Recovery specialists, we work directly with victims of high-value fraud to investigate and determine a strategy to seek the recovery of misappropriated assets. If you would like to discuss any of the issues raised in this article or how we could help establish claims against potential fraudsters, please get in touch.

Jamie Roberts
Associate Director
Investigations & Cross-Border Asset Recovery
jamie.roberts@quantuma.com