‘Code is law’ revisited in new feature doc

James Craig and Louis Giles’ Code Is Law lands at a time when the phrase is both cultural shorthand and contested legal terrain. The film, released on Oct. 21, discusses the concept using several case studies: The DAO hack in 2016, and exploits of Indexed Finance and Mango Markets in 2021 and 2022, respectively.

The DAO hack feels like ancient history at this point (it predates Blockworks News by four years), but in addition to being a novel smart contract exploit, it also resulted in Ethereum’s only real contentious hard fork (“Eth PoW” notwithstanding). So it’s natural that any honest reckoning with “code is law” begins there.

The filmmakers foreground those who lived through the fracture. Griff Green frames the DAO as an attempt to encode a new legal structure, while Fabian Vogelsteller warns of the potential accountability problem.

"There’s the strong idea of ‘code is law,’ or, once the rules are set, they aren’t changeable anymore,” says Vogelsteller. “The downside is: If you build something truly decentralized, that means truly unowned, then that also means that there’s no one who can fix it if something is broken.”

Within days of its launch on April 30, 2016, millions of dollars worth of ETH flowed in, governed by new smart contract primitives that were being tested in the wild.

"We had everyone looking at these contracts,” Green says. “But no one had any formal training in smart contract audits because there were no smart contracts to audit."

It was the moment crypto’s first grand experiment in immutability collided with the messy world it was supposed to transcend.

Courts aren’t buying it

“Code is law” has always been a slogan in search of a sovereign. As protocols amassed TVL and users racked up losses, courts tended to treat the phrase as legally meaningless.

In 2022, Blockworks asked Timothy Spangler at Dechert LLP, who dismissed the idea.

“Code isn’t law, code is code. Law applies to any sort of transaction, and the purpose of law is about shifting losses from where they fall to some other party,” Spangler told Blockworks. And when large sums disappear, litigation follows.

That shift comes through in the film’s second act, which traces Indexed Finance’s 2021 exploit and the identification of Canadian math prodigy Andean Medjedovic as the culprit.

Indexed co-founder Laurence Day is in the camp squarely rejecting the ethos outright, calling the idea dystopian in the film. Ontario courts responded in kind, granting extraordinary relief and treating onchain manipulation as theft. US prosecutors followed, charging Medjedovic over Indexed and Kyber exploits worth roughly $65 million. 

Medjedovic, through his online personas, has tried to rally support among “code is law” diehards, revealing that the notion still animates hacker culture, but it generally doesn’t hold up in court. He remains on the run from authorities, and ironically, according to Day, he won’t be able to benefit from the heist, thanks to a subsequent hacker.

“He had the Indexed funds stolen from him in turn by the Profanity breach about a year later,” Day told Blockworks. Unfortunately for users, that means — even if he’s eventually caught and tried — funds from the original theft are likely out of bounds for recovery.”

One of the film’s strongest threads explores the moral triangle between exploiters, users and white hat responders. A brief detour through the 2023 Euler hack shows how pressure and negotiation enticed the attacker to return almost all stolen funds. Recovery teams have clawed back hundreds of millions through similar interventions, revealing the reality that trust and coordination remain decisive in crisis.

The Mango Markets saga, which rounds out the film, complicates things further. Avraham Eisenberg’s 2022 exploit was prosecuted as fraud. But in May of this year, a federal judge vacated his criminal convictions, ruling the evidence didn’t support the jury’s findings.

Advocates for “code is law” as a slogan celebrated, but the ruling turned on evidence of intent presented and doesn’t serve to legalize extractive strategies just because code allows them.

Still, the line between “aggressive trading” and criminal fraud remains muddied.

White hats vs. hackers’ creed

In a way, every exploit since the DAO — from flash loans to oracle manipulation — echoes that first contact between economic design and adversarial innovation. Courts lean on familiar concepts like property, fraud and breach, while Dr. Paul Dylan-Ennis analogizes black and white hat hackers to outlaws in the Wild West. They fight against each other, but both hate the sheriff.

In practice, the rise of white hat war rooms has boosted DeFi security, and exploits have dropped in frequency and severity in recent years. But permissionless systems invite edge-testing, and as long as it pays, nefarious actors will try and break them. 

“Code is law” can be an engineering demand for precision and defense-in-depth — just don’t count on it to be a promise the courts will honor.

Code Is Law (dir. James Craig; Louis Giles) screened on the festival circuit and is now streaming worldwide.

— Macauley Peterson

_{Brought to you by:}

Grayscale is excited to announce the launch of Grayscale CoinDesk Crypto 5 ETF (ticker: GDLC) — the first crypto exchange-traded product in the U.S offering investors access to the market cap-weighted performance of the five largest and most liquid crypto assets¹ , covering 90% of the crypto market’s capitalization² .

Grayscale CoinDesk Crypto 5 ETF (“GDLC” or the “Fund”), an exchange traded product, is not registered under the Investment Company Act of 1940 (or the ’40 Act) and therefore is not subject to the same regulations and protections as 1940 Act registered ETFs and mutual funds. Investing involves risk, including possible loss of principal. An investment in GDLC is subject to a high degree of risk and volatility. GDLC is not suitable for an investor that cannot afford the loss of the entire investment. An investment in the Fund is not a direct investment in any cryptocurrency.

Grayscale CoinDesk Crypto 5 ETF has filed a registration statement (including a prospectus) with the SEC for the offering to which this communication relates. Before you invest, you should read the prospectus in that registration statement and other documents GDLC has filed with the SEC for more complete information about GDLC and this offering. You may get these documents for free by visiting EDGAR on the SEC Web site at www.sec.gov. Alternatively, GDLC or any authorized participant will arrange to send you the prospectus after filing if you request it by calling (833)903-2211 or by contacting Foreside Fund Services, LLC, Three Canal Plaza, Suite 100, Portland, Maine 04101.

Foreside Fund Services, LLC is the Marketing Agent and Grayscale Investments Sponsors, LLC is the sponsor of GDLC. 

The Roundup

Empire: Valve crashed parts of the Counter-Strike 2 skin market, but spoiler: The fix is crypto. 

Forward Guidance: Big financial firms continue to wade into crypto. Ben unpacks some major players’ visions in the space. 

Lightspeed: Solana’s latest P2E game is…addicting. Donovan explains how to earn WEED tokens in the viral Addicted.fun game. 

0xResearch: Meteora’s TGE finally came after three years in the making. The Blockworks Research analysts explored where fair value may lie.

The Drop: TGEs are like first impressions…you only get one. Kate delves into OpenSea’s comeback.

_{Brought to you by:}

peaq, the Machine Economy Computer, proudly sponsors The Breakdown newsletter. The robots are here — and they’re coming onchain. With peaq, you earn while the robots work.

Recent highlights include: World’s first Machine Economy Free Zone in the UAE, World’s first tokenized robo-farm in Hong Kong, World’s first Web3 Robotics SDK, World’s first onchain robot.

New peaq app: Get early access to tokenized robots. Be the world’s first to benefit from the rise of the robots: https://www.peaq.xyz/

1  Grayscale and CoinDesk, as of 8/29/2025. Largest and most liquid assets reflect eligibility for U.S. exchange and custody accessibility and U.S. dollar or U.S. dollar-related trading pairs. Exclusions include stablecoins, memecoins, gas tokens, privacy tokens, wrapped tokens, staked assets, or pegged assets. Largest is defined by circulating supply market capitalization, and most liquid is defined by 90-day median daily valued traded.

2  CoinDesk as of 08/31/2025, based on the crypto market ’s total investable universe.