James Craig and Louis Giles’ Code Is Law lands at a time when the phrase is both cultural shorthand and contested legal terrain. The film, released today, discusses the concept using several case studies: The DAO hack in 2016, and exploits of Indexed Finance and Mango Markets in 2021 and 2022 respectively.
The DAO hack feels like ancient history at this point (it predates Blockworks News by 5 years), but in addition to being a novel smart contract exploit, it also resulted in Ethereum’s only real contentious hard fork (“Eth PoW” notwithstanding). So it’s natural that any honest reckoning with “code is law” begins there.
The filmmakers foreground those who lived through the fracture. Griff Green frames the DAO as an attempt to encode a new legal structure, while Fabian Vogelsteller warns of the potential accountability problem.
“There’s the strong idea of ‘code is law,’ or, once the rules are set, they aren’t changeable anymore,” says Vogelsteller. “The downside is: If you build something truly decentralized, that means truly unowned, then that also means that there’s no one who can fix it if something is broken.”
Within days of its launch on April 30, 2016, millions of dollars of ether flowed in, governed by new smart contract primitives that were being tested in the wild.
“We had everyone looking at these contracts,” Green says. “But no one had any formal training in smart contract audits because there were no smart contracts to audit.”
It was the moment crypto’s first grand experiment in immutability collided with the messy world it was supposed to transcend.
Courts aren’t buying it
“Code is law” has always been a slogan in search of a sovereign. As protocols amassed TVL and users racked up losses, courts tended to treat the phrase as legally meaningless.
In 2022, Blockworks asked Timothy Spangler, at Dechert LLP, who dismissed the idea.
“Code isn’t law, code is code. Law applies to any sort of transaction, and the purpose of law is about shifting losses from where they fall to some other party,” Spangler told Blockworks. And when large sums disappear, litigation follows.
That shift comes through in the film’s second act, tracing Indexed Finance’s 2021 exploit and the identification of Canadian math prodigy Andean Medjedovic as the culprit.
Indexed co-founder Laurence Day is in the camp squarely rejecting the ethos outright, calling the idea dystopian in the film. Ontario courts responded in kind, granting extraordinary relief and treating on-chain manipulation as theft. US prosecutors followed, charging Medjedovic over Indexed and Kyber exploits worth roughly $65 million.
Medjedovic, through his online personas, has tried to rally support among “code is law” diehards, revealing that the notion still animates hacker culture, but it generally doesn’t hold up in court. He remains on the run from authorities, and ironically, he won’t be able to benefit from the heist, according to Day, thanks to a subsequent hacker.
“He had the Indexed funds stolen from him in turn by the Profanity breach about a year later,” Day told Blockworks. Unfortunately for users, that means — even if he’s eventually caught and tried — funds from the original theft are likely out of bounds for recovery.
 Laurence Day | Source: Code is Law
Laurence Day | Source: Code is Law
One of the film’s strongest threads explores the moral triangle between exploiters, users and white-hat responders. A brief detour through the 2023 Euler hack shows how pressure and negotiation enticed the attacker to return almost all stolen funds. Recovery teams have clawed back hundreds of millions through similar interventions, revealing the reality that trust and coordination remain decisive in crisis.
The Mango Markets saga, which rounds out the film, complicates things further. Avraham Eisenberg’s 2022 exploit was prosecuted as fraud. But in May of this year, a federal judge vacated his criminal convictions, ruling the evidence didn’t support the jury’s findings.
Advocates for “code is law” as a slogan celebrated, but the ruling turned on evidence of intent presented, and doesn’t serve to legalise extractive strategies, just because code allows them.
Still, the line between “aggressive trading” and criminal fraud remains muddied.
Whitehats versus hackers’ creed
In a way, every exploit since the DAO — from flash loans to oracle manipulation — echoes that first contact between economic design and adversarial innovation. Courts lean on familiar concepts like property, fraud and breach, while Dr. Paul Dylan-Ennis, analogizes black- and whitehat hackers to outlaws in the wild west. They fight against each other, but both hate the sheriff.
In practice, the rise of white-hat war rooms has boosted DeFi security, and exploits have dropped in frequency and severity in recent years. But permissionless systems invite edge-testing, and as long as it pays, nefarious actors will try and break them.
“Code is law” can be an engineering demand for precision and defense-in-depth — just don’t count on it to be a promise the courts will honor.
Code Is Law (dir. James Craig; Louis Giles) screened on the festival circuit and is now streaming worldwide.
Updated 10/21/2025 at 2:30 p.m. with the correct dates in the second paragraph.
Get the news in your inbox. Explore Blockworks newsletters:
- The Breakdown: Decoding crypto and the markets. Daily.
- 0xResearch: Alpha in your inbox. Think like an analyst.
- Empire: Crypto news and analysis to start your day.
- Forward Guidance: The intersection of crypto, macro and policy.
- The Drop: Apps, games, memes and more.
- Lightspeed: All things Solana.
- Supply Shock: Bitcoin, bitcoin, bitcoin.




