A DAO promises that a community can hold a treasury and steer a protocol without trusting a central operator. When that promise breaks, the failure is rarely the dramatic one people expect. The archetypal disaster — The DAO of 2016, drained of roughly 3.6 million ETH through a reentrancy bug and salvaged only by a contentious Ethereum hard fork — was a smart-contract failure. The deaths that followed are mostly governance and treasury failures: the code worked exactly as written, and that was the problem. This page is a neutral anatomy of how DAOs actually die, each mode illustrated by a documented case, so the structural risks can be told apart from the merely unlucky ones. For the narrower taxonomy of deliberate exploits, see governance attacks.
Most DAOs do not die loudly at all. They go quiet — proposals stop, contributors drift away, and a treasury sits under a multisig that a handful of people still technically control. The louder failures below are worth studying precisely because they expose, in fast-forward, the same weaknesses the quiet ones succumb to slowly.
Governance capture: renting a majority
The purest structural failure is when someone simply buys or rents the votes to pass whatever they like. If voting weight is read live from token balances, an attacker never has to own the tokens — they can borrow them for the length of a single transaction.
The definitive case is the Beanstalk attack of April 2022. An attacker took roughly a billion dollars in flash loans, converted them into the protocol's governance stake within one transaction, instantly commanded a supermajority, and passed a proposal that drained about $182 million from the treasury — all before the loan had to be repaid (CoinDesk). The lesson every serious DAO took from it: voting weight must never be readable by capital that is only briefly present — whether by snapshotting balances at a past block or by weighting on something transient capital cannot acquire in time.
Capture does not require a flash loan when quorum is thin enough. In February 2022 an attacker executed a "hostile governance takeover" of Build Finance DAO by quietly accumulating governance tokens, then passing a proposal — one the community's own Discord bot failed to surface — that handed them the token contract's minting keys and the treasury. They minted 1,107,600 BUILD and drained the liquidity pools, netting around $470,000; the DAO was left with no control over any of its own infrastructure (The Block). No exploit was needed — just an on-chain governance process operating exactly as designed while almost nobody was watching.
When governance ratifies the theft
A subtler variant turns the DAO's own legitimacy against it. In October 2022, Avraham Eisenberg manipulated the price of the MNGO token on Mango Markets to borrow roughly $110 million against inflated collateral, then used the governance tokens he had acquired to vote through a proposal letting him keep about $47 million and shielding him from prosecution — later arguing the on-chain vote made it "legal" (Cointelegraph). A US jury disagreed and convicted him of fraud and market manipulation (The Block). The episode is a warning that a governance vote is not the same thing as legitimacy: a captured process can launder an attack into an "approved" decision.
The phantom quorum: apathy as an attack surface
Capture is cheap because participation is low. Empirical studies of on-chain governance repeatedly find that only a small fraction of eligible holders ever vote — often under 10%, and on some Snapshot spaces below 5% (Blockchain Governance: An Empirical Analysis of User Engagement on DAOs). Layer on the fact that a large share of any token's supply sits inert in cold wallets, lost keys, or exchanges, and a DAO's effective quorum shrinks to a sliver of the nominal supply — a "phantom quorum" in which a holder of a couple of percent of the token can carry a proposal unopposed (ChainScore). Apathy is not merely a health metric; it is the attack surface that makes the takeovers above affordable.
Plutocratic drift and re-centralization
Even absent an attacker, capital-weighted voting (see voting mechanisms) tends to concentrate power over time rather than distribute it. Vitalik Buterin's Moving beyond coin voting governance lays out the core defect: a voter who merely borrows tokens has no lasting exposure to the outcome, so coin voting measures capital-at-hand rather than commitment-to-the-project. The empirical arc bends the same way — a 2026 review of decades of governance research found that DAOs keep re-centralizing, with active control collapsing back onto a small set of whales, delegates, and core contributors. A DAO can be perfectly decentralized on paper and a de-facto oligarchy in practice; the gap between the two is where trust quietly erodes.
Treasury mismanagement and mis-custody
The treasury is the thing a DAO exists to steward, and it fails in two characteristic ways. The first is custody risk: the funds are, in practice, controlled by people the community cannot vet. Wonderland (the TIME project) ran a treasury that peaked above $1 billion, until its pseudonymous treasury manager "0xSifu" was revealed to be Michael Patryn, a convicted felon and co-founder of the collapsed QuadrigaCX exchange; assets under management cratered toward $146 million and the project unwound even after the community voted overwhelmingly to remove him (CoinDesk; The Block). The second is concentration risk: treasuries held largely in the DAO's own governance token show enormous paper valuations that evaporate the moment the token is actually sold, leaving little to fund the work the DAO promised. Sound treasury management — diversification, verifiable on-chain custody, and spending tied to enforceable rules — is what separates a durable DAO from a balance sheet waiting to be marked down.
The quiet death: abandonment and trapped stakeholders
The most common ending is the least reported. Contributors move on, proposal flow dries up, and the DAO becomes a dormant contract with a treasury nobody is actively directing. A large part of what drives this is the absence of a clean way out: when a member disagrees with the direction but cannot leave with their fair share of the treasury, the rational move is to disengage rather than fight — which drains exactly the engaged minority a DAO needs to stay alive. This is why exit rights (the "rage-quit" pattern popularized by Moloch DAOs) matter structurally: a credible exit keeps insiders honest and gives dissenters an alternative to quiet abandonment. A DAO with no exit does not resolve its disagreements — it accumulates them until it stops. Not every ending is quiet, though: in June 2025 the ApeCoin DAO took the opposite exit, voting by a reported 99.66% to dissolve itself entirely and transfer its treasury and intellectual property to a founder-controlled company — a formal, near-unanimous surrender of the DAO form rather than a slow fade.
How Caper approaches this
Caper is designed around these failure modes rather than the happy path. Decisions use ranked-choice voting over proposals that carry real on-chain actions, and voting weight is the product of two things: the governance stake a member holds and the participation they have actually shown — the latter earned as non-transferable tokens minted one per vote. Because a member's first vote counts for nothing and those participation tokens cannot be bought or borrowed, capital that has only just arrived — flash-loaned or freshly acquired — carries little to no weight; the flash-loan route that drained Beanstalk simply has nothing to grip. That structurally answers both the rented-majority capture and the phantom quorum, since influence accrues to members who keep showing up rather than to dormant or transient tokens. And because that same earned standing sets each member's pro-rata claim on the treasury at exit, voice and exit are the same number: a member who disagrees can leave with their fair share rather than quietly abandon the DAO, and the treasury math is enforced by contract rather than entrusted to a custodian. The specifics live on the linked governance pages; this article is the map of the failures they are built to avoid.
Sources
- Wikipedia, The DAO.
- CoinDesk, Attacker Drains $182M From Beanstalk Stablecoin Protocol (2022).
- The Block, Build Finance DAO suffers 'hostile governance takeover', loses $470,000 (2022).
- Cointelegraph, Mango Markets exploiter said actions were 'legal', but were they? (2022), and The Block, Eisenberg convicted for $110 million Mango Markets exploit (2024).
- arXiv, Blockchain Governance: An Empirical Analysis of User Engagement on DAOs (2024).
- Vitalik Buterin, Moving beyond coin voting governance (2021).
- Forbes, DAOs Keep Centralizing — Decades Of Governance Research Explain Why (2026).
- CoinDesk, Wonderland Rattled After Co-Founder Tied to QuadrigaCX (2022), and The Block, Wonderland votes out QuadrigaCX co-founder Sifu and is considering shutting down (2022).
Further reading
Two Caper essays pick up where this map ends. They argue the deepest failures above trace to two missing structural rights — an owned treasury and an enforceable way out:
- The Exit Right — why the ability to leave with your fair share is the discipline most DAOs never build in, and what governance looks like when voice and exit are the same number.
- The Personal Caper — the personal-token wave of 2020 and what it was missing: a standing curve counterparty is not the same as an owned treasury with a binding exit.
Related on this wiki: Rage-quit and exit rights · Personal tokens · DAO tokenomics.