The principle “Code is law” has returned to the center of discussions in the crypto sector after the recent verdict of a French court. Two legal experts share their opinions on the matter.
The debate has become particularly relevant after a French court acquitted the perpetrators of the exploit on the automated market maker Platypus Finance. The court argues that hackers are not responsible for the theft of funds since they interacted with freely accessible smart contracts, following the rules of the code.
According to this principle, anyone interacting or transacting on blockchain protocols would be obliged to respect the outcomes of self-executing smart contracts.
Gabriel Shapiro, General Counsel at Delphi Digital, argues in favor of the principle, while Preston Byrne of the law firm Brown Rudnick asserts the opposite.
The Platypus Finance exploit details
The hackers, later identified as Mohammed and his brother Benamar M., were accused of being responsible for the $8.5 million cyber attack on Platypus Finance, an automated market maker protocol on the Avalanche blockchain in February 2023.
Following the cyber attack, the efforts of investigator ZachXBT, along with the support of Binance, enabled French authorities to trace the two brothers. Subsequently, twenty-two-year-old Mohammed had to face numerous charges related to the attack. His brother, Benamar M., was also charged with receiving stolen goods.
Initially, prosecutors sought a five-year prison sentence for Mohammed on criminal charges. However, the defense, based on their recognition as “ethical hackers,” led to the acquittal of the defendants.
During the flash loan-based attack, an error made by Mohammed inadvertently led to the locking of millions of dollars in stolen funds, with only $270,000 recovered. In response, Platypus Finance executed a counter-hack, reclaiming $2.4 million in USDC.
The court judges concluded that, given the fact that Mohammed used a publicly accessible smart contract, charges related to unauthorized access to a computer system were not valid. Furthermore, the court deemed that Mohammed’s use of Platypus’s “emergency withdrawal” smart contract, which contained the vulnerability he exploited, did not constitute an act of fraud.
Larry Lessig’s position
According to Larry Lessig, a well-known lawyer and advocate for open-source software who originated this concept, no external arbiter should intervene in the digital world. Lessig argues that any regulation poses a threat to the freedom offered by cyberspace and that in the digital context, there exists a different type of regulation – code – that determines the terms on which ‘one lives in cyberspace.’
Byrne’s response
Byrne argues that Lessig’s statements are misleading. ‘Code may not be sufficient to counter every eventuality, reinforcing the need to adopt remedial measures outside of the Internet,’ Byrne states. However, he acknowledges that code is a form of law and asserts that smart contracts will influence and transform legal systems.
Shapiro’s position
Shapiro partially agrees with Byrne, adding further details. He argues that ‘code must be law for DeFi to function,’ but emphasizes that the current problem is that systems are still insecure. Therefore, when something goes unexpectedly wrong, those benefiting from the ‘code is law’ principle are no longer willing to accept its negative aspects.
