‘Code Is Law’ documentary nails the drama of DeFi hacks — despite what it leaves out
Ekin Genç is DL News’ Editor-in-Chief. Opinions expressed are his own.The world was transfixed last week when thieves in construction vests at the Louvre managed to vanish with jewels worth more than $100 million. Yet when hundreds of millions vanish from decentralised finance, nobody outside crypto hears about it; you won’t see headlines of DeFi heists in mainstream media. (The Louvre heist is hefty, of course, but it still wouldn’t make it to the top 25 in crypto.)That dissonance is the starting point of Code Is Law, a new documentary about DeFi exploits:“It’s incredible, you turn on the news and see a $450 theft from a local 7-Eleven, and on the same day someone steals $25 million from a protocol and you’ll never hear about it,” pseudonymous blockchain security specialist Ogle says during the opening credits.Streaming on Amazon Prime Video, Code Is Law is probably the first serious documentary to take the woes of decentralised finance — not centralised crypto exchanges or charismatic crypto fraudsters — as its subject.“It’s done an incredible job of representing people involved as humans rather than fringe lunatics, and I’m proud I was involved in it,” Indexed Finance co-founder Laurence Day told DL News, “even if I now know more about how the sausage is made when it comes to films than I ever cared to!”Given it’s a documentary about a community that’s pretty much exclusively online, you might expect it to be un-cinematic, a story more suited to the podcast format. It does, of course, consist mostly of people explaining things, sitting in front of laptops, typing, skimming code, and wading through Discord logs. Yet the filmmakers have still managed to make the watch genuinely gripping — not just for crypto nerds, but for anyone interested in cybercrime.But those deeply involved in crypto will notice at least two major omissions — for good reasons, as one of the directors tells me.The DAO hack without the hackerYou’ll be familiar with DAOs as the digital co-ops behind DeFi protocols and other crypto projects. But back at Ethereum’s start, there was basically one DAO, and it was literally called The DAO. It functioned like a giant onchain venture fund.The documentary opens with the hack of that project in 2016. Griff Green, Christoph Jentzsch, and Lefteris Karapetsas narrate those sleepless days as they tried to keep the first Ethereum experiment from falling apart in real time. Their recollections give the film its pulse. Code is Law is one of the first accounts in which the people who held Ethereum together tell their story at such length, and for that reason alone, the documentary is a significant contribution to crypto industry’s collective memory.The DAO hack was a big deal for Ethereum because the saga led to a “hard fork” — a blockchain split — to refund depositors who lost their money in the hack. Those who disagreed with the hard-fork kept mining the original chain, which became Ethereum Classic. The other, newer version is what we call Ethereum today. But that monumental event, a consequence of the DAO hack, gets only the briefest mention in Code is Law — and in the closing credits, at that. “In a film with such a wide scope, we had to make difficult choices about what to include,” James Craig, one of the directors, told DL News. Louis Giles is the other director.Another glaring omission is the journalist Laura Shin’s 2022 investigation identifying Austrian programmer Toby Hoenisch as The DAO hacker. (Hoenisch denies the allegations.)“In the case of Hoenisch, the decision was primarily thematic: our film focuses on individuals who actively defended their actions by invoking the idea that ‘code is law.’,” Craig said. “Since Hoenisch has never admitted to the hack — let alone offered a justification based on that idea — including him would have felt tangential to the story we were telling.”For anyone hoping for closure on the DAO hack story, that omission might feel like a letdown. Yet the documentary succeeds where it matters most: capturing the chaos and urgency of those first days of The DAO hack, from the people who were directly involved with it.Andean Medjedovic, the poster boy of ‘code is law’The hacker who gets the most airtime in the documentary is Andean Medjedovic, a Canadian teenager who ended up being a kind of live experiment in whether “code is law” holds up in a court of law. His name is tied to two major DeFi exploits, that of Indexed Finance in 2021 and of KyberSwap in 2023. According to an indictment by prosecutors in the Eastern District of New York, he stole about $49 million and $16 million, respectively.“It’s both cathartic to see it out after all this time, and a reminder of an incredibly rough time in a bunch of our lives, so I’m pretty conflicted,” Day told DL News.As the documentary reminds us, Medjedovic, a maths prodigy, was identified by the Indexed Finance team through a seemingly absurd digital breadcrumb. In a careless moment of vanity, he edited — under a user name associated with him — a Wikipedia page for a Canadian TV show he’d once appeared on and added himself to the list of show’s notable alumni as a “notable mathematician.” That tiny edit was enough to connect the dots between his real identity and the heist. But that wasn’t enough to bring him to justice, as Medjedovic still remains at large. In March 2024, Medjedovic told DL News he was self-exiled on an island somewhere and claimed to have turned a white-hat hacker — someone who hacks lawfully.Medjedovic declined to speak in the documentary, Craig told DL News.Didn’t Avi Eisenberg prove ‘code is law’?Another hacker that gets plenty of screen time is Avi Eisenberg, the Mango Markets exploiter.In October 2022, Eisenberg manipulated Mango Markets, the Solana-based decentralised exchange, by artificially inflating the price of his own collateral token, then borrowing against it to drain roughly $110 million in assets. He was convicted in April 2024.Unlike most hackers who vanish, he went fully public at the time, tweeting that his actions were “a highly profitable trading strategy” conducted entirely within the protocol’s rules (hence “code is law”).Although initially he negotiated with the Mango DAO, returning part of the funds in exchange for a promise that he wouldn’t face legal consequences, that didn’t stop US federal agencies from later charging him with market manipulation and fraud. If you don’t know what later happened, you could be forgiven for thinking as the credits roll that Eisenberg lost the “code is law” defence. “We’re beginning to see the end of the ‘code is law’ defence,” Paul Dylan-Ennis, the author of the book “Absolute Essentials of Ethereum”, says in the documentary.“Filming concluded during the build-up to Eisenberg’s trial, and at the time, the overwhelming expectation among those we spoke to was that he would be found guilty,” Craig said.“The crew had originally intended to end the film with a message saying that Eisenberg’s case had tested the ‘“code is law’” defence in court, and it flopped.”And yet this May a judge said prosecutors didn’t prove Eisenberg defrauded Mango Markets in 2022.Although some in the industry cheered that “code is law” appeared to prevail in court, things were more nuanced than that — as they typically are.While the defence did lean on the idea that Eisenberg’s trades were executed within the logic of the protocol’s code, the judge didn’t conclude that this alone justified acquittal.Instead, the judge’s decision to overturn the most serious conviction — on wire fraud — rested on narrower legal grounds specific to that statute.“While a jury did initially find Eisenberg guilty, as we were preparing to release the film it became clear the judge was seriously considering overturning some of the convictions… which ultimately happened,” Craig said.“The precedent it sets for future cases isn’t clear, but it reinforces the central theme of the film: that we’re in uncharted legal territory where traditional systems are struggling to keep up.”
