Ooki Protocol

avoid.net/ooki→5/100·95% conf.

[AI-DRAFTED · AWAITING VERIFICATION][src:defillama]

5/100

[CRITICAL]95% conf.

Summary

Ooki Protocol (formerly bZx Protocol) is a decentralized margin trading and lending protocol on Ethereum that was the subject of the first-ever CFTC enforcement action against a DAO, resulting in a 2023 default judgment ordering the protocol to cease operations and pay $643,542 in penalties. The protocol suffered four separate security incidents between 2020 and 2021 totaling over $64 million in losses, including a $55 million phishing-based hack attributed by Kaspersky to the North Korean state-linked BlueNoroff group. Following the CFTC judgment, the Ooki DAO's website was ordered shut down and the protocol has been effectively defunct.

Connected Entities

2 entities

Organizations

□Ooki

Protocols

⌂Ooki Protocol

Relationships

+ 7 more

Have evidence about Ooki Protocol?

Timeline(14 events)

2017-01-01

bZx Protocol founded by Tom Bean and Kyle Kistner after reading DeFi whitepapers from 0x, Kyber, and Bancor.

2019-06-01

bZeroX, LLC begins operating the bZx Protocol, offering leveraged margin trading and lending without regulatory registration.

2020-02-15

First flash loan attack on bZx Protocol: attacker manipulates WBTC price oracle and nets approximately 1,193 ETH (~$318,000).

2020-02-18

Second flash loan attack on bZx Protocol within four days: attacker manipulates sUSD price feed, netting approximately $633,000.

2020-09-14

Third bZx exploit: iToken duplication bug allows attacker to mint tokens without collateral; approximately $8.1 million in LINK, ETH, and stablecoins stolen. Majority later recovered.

2021-08-23

bZeroX transfers control of the bZx Protocol to the bZx DAO. Founders market the transfer to the community as making operations 'enforcement-proof.'

2021-11-05

Fourth and largest bZx hack: phishing email compromises a developer's private keys; approximately $55 million stolen across Polygon and Binance Smart Chain.

2021-11-12

Kaspersky attributes the November 2021 bZx hack to BlueNoroff, a subgroup of North Korea's state-sponsored Lazarus Group (APT38).

2021-12-01

bZx DAO rebrands as Ooki DAO; BZRX token migrated to OOKI token at a 1:10 ratio.

2022-05-01

Class action lawsuit Sarcuni et al. v. bZx DAO et al. filed in U.S. District Court, S.D. California, alleging negligent security practices caused $55 million hack.

2022-09-22

CFTC simultaneously: (1) files and settles charges against bZeroX LLC and founders Tom Bean and Kyle Kistner for $250,000; and (2) files the first-ever federal charges against a DAO — Ooki DAO — for CEA violations.

2023-03-27

U.S. District Court denies motion to dismiss in Sarcuni class action, finding bZx/Ooki DAO is plausibly a general partnership and token holders are plausibly liable as partners.

2023-06-08

U.S. District Judge William H. Orrick grants CFTC default judgment against Ooki DAO: $643,542 penalty, permanent trading bans, and order to shut down the Ooki DAO website.

2023-06-09

CFTC Division of Enforcement Director Ian McGinley declares ruling demonstrates 'DeFi is not a regulatory-free zone.' Ooki DAO announces shutdown.

Provenance & Audit Trail

Anchored on Solana Verify on-chain src:defillama

Decision Log

#1publish⛓ anchored · slot 4223123305/26/2026, 3:34:19 PM
hash: 23oJZKzc3DcD4gE73T2M2Nd9wikDxkp1ZzxK5RrDiQyC

This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

full audit log →version history →

model: claude-sonnet-4-6

generated: 5/4/2026, 2:55:01 AM

last updated: 5/26/2026, 3:34:19 PM

avoid.net — verified advice for a post-truth world