DAOs Got More Centralized in 2025: Did Decentralized Governance Fail?

General
1

DAOs Got More Centralized in 2025: Did Decentralized Governance Fail?

Let’s talk about the elephant in the room: 2025 was the year major DAOs admitted they couldn’t govern themselves—or at least, not the way we thought they would.

The Evidence Is Everywhere

Arbitrum launched OpCo (Operating Company) in 2025, a Cayman Islands foundation company funded with 30M ARB over 30 months. OpCo now handles hiring, contracts, and operational execution—basically everything that requires a legal entity and can’t be voted on by thousands of token holders scattered across the globe.

Uniswap created DUNI (Decentralized Unincorporated Nonprofit Association), a Wyoming-registered legal wrapper that lets the DAO sign contracts, retain service providers, and handle tax obligations. The UNIfication proposal, passed in December 2025, formalizes deep operational alignment between Uniswap Labs, the Foundation, and on-chain governance—essentially creating a centralized operational layer beneath the decentralized voting layer.

Scroll went even further. After leadership resignations and governance chaos in September 2025, they announced a complete restructuring for January 2026 with an Execution Council running daily operations while the Scroll Foundation retains veto power. They literally said they needed “CEO-mode operation” to keep pace with the market.

The Participation Crisis

Here’s the uncomfortable truth behind these changes: most DAOs saw participation rates drop below 18% in 2025. Proposal volumes declined. Voter turnout hit new lows. Governance became dominated by a small group of professional delegates, large liquidity providers, and protocol-aligned funds.

Turns out, most token holders don’t want to spend 10 hours a week reading governance proposals. They just want the protocol to work and their tokens to have value.

So… Did We Fail?

I’ve been thinking about this a lot. Is this “progressive decentralization” or are we just giving up on the core premise of DAOs?

On one hand, I get it. Pure direct democracy doesn’t scale. You can’t negotiate a partnership contract via forum post and Snapshot vote. You can’t hire a head of business development through token-weighted voting. Legal systems around the world require legal entities, and “we’re a DAO” isn’t a recognized corporate form.

On the other hand… if the largest, most well-funded DAOs with the most engaged communities all concluded they need traditional organizational structures to function, what does that say about decentralized governance? Are we just building corporate hierarchies with extra steps and token voting?

Maybe It’s Not Binary

Here’s what I’m wrestling with: decentralization is a spectrum, not a binary. Code is law, but community is the constitution.

Maybe the question isn’t “did we fail?” but rather “what level of centralization enables the right balance of efficiency and community control?”

OpCo can execute, but the DAO can still fire OpCo. DUNI can sign contracts, but token holders still vote on treasury allocation. The Execution Council can make operational decisions, but the Foundation (theoretically accountable to the community) retains veto power.

Is that enough? I honestly don’t know.

What I Do Know

We learned some hard lessons in 2025:

  1. Governance fatigue is real. If every decision requires a vote, people stop voting.

  2. Legal clarity matters. You can’t interface with the traditional world without legal structures.

  3. Operational velocity matters. In competitive markets, 3-week governance cycles mean you lose to centralized competitors.

  4. Not all decentralization is equal. What matters more: decentralized decision-making or decentralized value capture?

Questions for the Community

I’m curious what you all think:

  • Have you been active in any DAOs that found a better balance?
  • What governance mechanisms actually work for sustaining participation?
  • Where’s the line between “efficient delegation” and “we just rebuilt a corporation”?
  • Are there examples of DAOs that resisted this trend? Why did they succeed where others struggled?

Governance is a marathon, not a sprint. Maybe 2025 wasn’t the year we failed—maybe it was the year we started learning what actually works.

What do you think? Did we fail, or are we just iterating toward something better?

2

@dao_david I appreciate this thoughtful post. As someone who spent years in government watching crypto from the regulatory side, I have to say: this shift toward structures like OpCo and DUNI wasn’t just predictable—it was inevitable.

Legal Reality Check

Here’s what people often miss: you can’t operate in the real world without legal personality.

Pure DAOs can’t:

  • Sign partnership agreements or vendor contracts
  • Hire employees or contractors under labor law
  • File tax returns or handle regulatory compliance
  • Hold intellectual property rights
  • Be sued (or sue) in court
  • Open bank accounts or maintain business licenses

This isn’t about centralization versus decentralization—it’s about interfacing with legal systems that have existed for centuries and aren’t going away anytime soon.

This Is Maturation, Not Failure

Think about Bitcoin. Even Bitcoin has the Bitcoin Foundation to handle conferences, developer grants, educational initiatives, and legal advocacy. Nobody says Bitcoin “failed at decentralization” because of this.

What Arbitrum, Uniswap, and Scroll are doing is creating legal scaffolding around decentralized governance, not replacing it. OpCo doesn’t control the Arbitrum protocol—the DAO does. OpCo executes what the DAO votes to fund. If OpCo goes rogue or underperforms, the DAO can defund it or replace it.

Similarly, DUNI doesn’t override Uniswap governance—it enables Uniswap governance to engage with regulators, sign contracts with service providers, and ensure the protocol can operate legally in multiple jurisdictions.

Institutional Participation Requires This

Here’s the part that matters for long-term sustainability: institutional capital needs legal clarity.

When I advise DeFi projects, the first question institutional investors ask is: “Who can we talk to if something goes wrong? Who’s responsible for compliance? Where’s the legal entity?” Answering “we’re a DAO, there’s no entity” is a conversation-ender for most institutions.

Structures like OpCo and DUNI provide:

  • Clear points of contact for regulators
  • Legal vehicles for institutional partnerships
  • Tax compliance mechanisms
  • Accountability frameworks that satisfy fiduciary duties

This doesn’t mean giving up on decentralization—it means making decentralization sustainable in a world with laws, taxes, and regulators.

The Real Question

The real question isn’t “did we fail?” It’s: “Are the accountability mechanisms sufficient?”

  • Can the community actually fire OpCo if needed, or is that just theoretical?
  • Does the Foundation’s veto power in Scroll’s model serve the community or entrench power?
  • Are DUNI’s operational decisions transparent enough for token holders to monitor?
  • What prevents OpCo or Execution Councils from regulatory capture?

Those are the hard questions. But needing legal entities to operate in the traditional world? That’s not failure. That’s reality.

Compliance enables innovation—it doesn’t replace it.

3

Okay, I’m going to be real here because I think we need some honest developer perspective on this.

Governance Was Blocking Real Work

Last year, I was working on a DeFi protocol that used DAO governance for basically everything. Want to add a new feature? Governance proposal. Want to fix a critical bug? Governance proposal. Want to hire someone who could actually help us ship faster? You guessed it—governance proposal.

Each proposal took minimum 3 weeks: 1 week for discussion, 1 week for voting, 1 week for timelock. That’s if everything went smoothly. If someone raised concerns or the vote barely missed quorum, add another cycle.

Meanwhile, our competitors—centralized teams—were shipping features every week. They were iterating based on user feedback in real-time while we were stuck in governance theater.

The Relief Was Real

When our protocol started talking about an OpCo-style structure, honestly? I was relieved.

Not because I don’t believe in decentralization. I do! But because I wanted to build things that users actually need instead of spending half my time writing governance proposals and lobbying token holders.

With OpCo (or similar structures), here’s what changed:

  • Product roadmap gets decided by people who actually use the product
  • Security patches don’t require forum debates
  • We can hire specialists without 3-week delays
  • The DAO still controls treasury and can veto anything major
  • But day-to-day execution actually… executes

The Trade-Off Is Real Too

@regulatory_rachel is right that this is maturation, not failure. But @dao_david is also right that we need to be honest about what we’re trading away.

What we kept:

  • Community can defund OpCo if it underperforms
  • Major protocol changes still require DAO votes
  • Treasury remains under token holder control
  • Anyone can still fork if they hate the direction

What we lost (or at least weakened):

  • Day-to-day transparency into operational decisions
  • Community input on tactical choices (hiring, partnerships, feature prioritization)
  • The ideal of “everything is voted on by everyone”

It’s Still Way Better Than TradFi

Here’s my take: even with OpCo/DUNI/Execution Councils, we’re still way more decentralized than traditional companies.

Traditional company:

  • Shareholders vote once a year, maybe
  • Board can do basically whatever between meetings
  • C-suite has enormous discretionary power
  • You can’t fork the company if you disagree

DAO with operational layer:

  • Community can vote to change direction any time
  • OpCo/Council reports to the community constantly
  • Budgets are transparent and renewed regularly
  • Anyone can fork if they don’t like it

We didn’t “become corporations.” We just stopped pretending that voting on everything is efficient or even desirable.

The Real Test

The real test isn’t whether we have OpCo or DUNI. It’s whether those structures actually serve the community or just capture power.

Some questions I’d ask:

  • Does OpCo publish transparent reports on what they’re doing?
  • Can the community actually fire them, or is defunding just theoretical?
  • Are there term limits or renewal processes to prevent entrenchment?
  • Do community members have meaningful input channels beyond just votes?

If the answers are yes, then this is progressive decentralization—decentralize what matters, centralize what doesn’t.

If the answers are no, then yeah, we just rebuilt TradCo with extra steps.

I don’t know which it is yet. But I do know that pure DAO governance wasn’t working, and something had to change. Maybe this is the iteration we needed to actually build things people use.

4

I appreciate everyone’s perspectives here, but I want to raise some security concerns that I don’t think have gotten enough attention in this conversation.

Single Points of Failure

From a security perspective, centralization—even “operational” centralization—creates attack surfaces that pure on-chain governance doesn’t have.

With OpCo/DUNI/Execution Councils, we now have:

  • Human decision-makers who can be compromised, coerced, or corrupted
  • Off-chain processes that lack blockchain transparency
  • Centralized upgrade authority in fewer hands
  • Legal entities that can be subpoenaed or compelled by governments

@ethereum_emma I totally get the frustration with slow governance. But “fast” can also mean “fast to exploit” if the wrong people gain control.

What Happens When OpCo Is Compromised?

Let’s think through some scenarios:

Scenario 1: OpCo team is hacked

  • Attackers gain access to OpCo multisig
  • They push malicious contract upgrades under the guise of “routine maintenance”
  • By the time the community notices, funds are drained
  • Question: Do we have killswitches? Timelocks? Emergency pause mechanisms?

Scenario 2: Regulatory pressure

  • Government subpoenas OpCo for user data
  • OpCo (as a legal entity) must comply or face penalties
  • Privacy promises mean nothing if a Cayman/Wyoming entity can be compelled
  • Question: Is there even user data that OpCo can access?

Scenario 3: Insider capture

  • OpCo hires someone aligned with a competitor
  • Subtle sabotage: delayed features, worse UX, steering toward less optimal designs
  • Community notices performance decline, but can they prove intentional sabotage?
  • Question: How do we audit OpCo’s decision quality, not just financial spending?

We Need Technical Safeguards

I’m not saying OpCo/DUNI is wrong. I’m saying we need to architect these systems with security-first thinking:

1. Timelocks on Everything

Any action OpCo takes that touches smart contracts should have minimum 48-72 hour timelocks, giving the community time to veto if something looks wrong.

2. Transparent Multisigs

OpCo control should be distributed across multiple signers from different jurisdictions. Public transparency about who holds keys and when they sign.

3. Emergency Pause Mechanisms

Community should retain ability to immediately freeze OpCo’s permissions if something suspicious happens. Better to pause operations than lose funds.

4. Regular Security Audits

Independent auditors should review OpCo’s processes, not just code. Are their operational security practices sound? Who has access to what?

5. Open-Source Everything

OpCo might be a legal entity, but its processes, decisions, and code should be as transparent as possible. If they’re doing something they can’t explain publicly, that’s a red flag.

Historical Lessons

We’ve seen what happens when centralized entities control decentralized systems:

  • The DAO hack (2016): Centralized response led to Ethereum fork controversy
  • BitGo multisig vulnerabilities: Trusted entities had security holes
  • Mt. Gox, FTX, BlockFi: Centralized control, catastrophic failures

Every time we centralize control—even for “operational efficiency”—we create honey pots for attackers.

What I’d Want to See

Before I’m comfortable with OpCo-style structures, I’d want to see:

:white_check_mark: Clear separation of powers: OpCo handles operations, but cannot unilaterally upgrade contracts or control treasury beyond allocated budgets

:white_check_mark: Transparent reporting: Monthly audits of OpCo actions, accessible to all token holders

:white_check_mark: Technical constraints: Smart contract timelocks, multisig requirements, community veto powers enforced at the code level, not just social layer

:white_check_mark: Incident response plans: What happens if OpCo is compromised? Who can act? How fast can the community respond?

:white_check_mark: Security incentives: Bug bounties for discovering vulnerabilities in OpCo processes, not just smart contracts

Bottom Line

@regulatory_rachel is right that legal structures are necessary. @ethereum_emma is right that pure governance doesn’t scale. But if we’re going to centralize operational authority, we need security guarantees that prevent that centralization from becoming an exploit vector.

Test twice, deploy once—and the same should apply to governance structures. Let’s architect these systems defensively, not optimistically.

Has anyone looked at Arbitrum’s OpCo security setup in detail? I’d be curious to audit their multisig structure and timelock configurations.

5

This is such a rich discussion! I want to reframe the question slightly from a product and user perspective.

Most Users Don’t Want to Govern

Here’s an uncomfortable truth from my time in both non-profit work and Web3: the vast majority of users don’t want to participate in governance.

They want:

  • The protocol to work reliably
  • Their funds to be secure
  • The product to improve over time
  • The ability to exit if things go wrong

What they don’t want:

  • To read 50-page governance proposals
  • To research delegate voting records
  • To understand the nuances of quadratic funding
  • To vote on operational minutiae

We built DAOs assuming everyone would participate. Instead, we discovered most people just want good products that serve their needs.

Meaningful Decentralization vs. Maximum Decentralization

@solidity_sarah’s security concerns are valid and important. But I think we’re conflating two different things: meaningful decentralization and maximum decentralization.

Maximum decentralization: Everyone votes on everything, all decisions are on-chain, pure direct democracy.

Meaningful decentralization: Users retain sovereignty over their assets, the system is permissionless, no single party can censor or confiscate, and there’s credible exit.

OpCo/DUNI structures can still provide meaningful decentralization even if they don’t provide maximum decentralization.

The User Sovereignty Test

Instead of asking “did we fail at decentralization?” let’s ask: Do users still have meaningful control over their participation?

Here’s my proposed framework:

:white_check_mark: Meaningful Decentralization If:

  • Exit rights: Users can withdraw funds at any time without permission
  • Permissionless access: Anyone can use the protocol without KYC/approval
  • Censorship resistance: No single party can block transactions
  • Fork rights: Community can fork the protocol if they disagree with direction
  • Treasury oversight: Major fund allocations still require token holder approval
  • Veto power: Community can remove OpCo/Council if performance is poor

:cross_mark: Lost Decentralization If:

  • Users’ funds can be frozen without their consent
  • Protocol access requires gatekeepers
  • OpCo can change core rules unilaterally
  • Forking is legally prohibited
  • Community has no real power to replace OpCo

Precedents from Traditional Organizations

Having worked in non-profits for years, I’ve seen this pattern before. Successful organizations delegate execution but retain community oversight.

Example: Community Land Trusts

  • Day-to-day operations run by professional staff
  • Major decisions (selling land, changing mission) require member votes
  • Members elect board that can fire staff if needed
  • Staff reports transparently to the community

Nobody says community land trusts “failed at community governance” because they hire professional managers. They’re governance hybrids that work.

What Matters: Outcomes, Not Purity

@dao_david’s original question was “did we fail?” I’d answer: We’re learning what works.

Here’s what I care about as someone who wants Web3 to actually help people:

  1. Is the protocol improving? Are features shipping? Are bugs getting fixed? Are users satisfied?

  2. Are funds secure? Has treasury management improved? Are assets properly protected?

  3. Can users exit? If someone disagrees with the direction, can they leave with their assets?

  4. Is there accountability? Can the community actually replace OpCo if needed, or is it just theater?

If the answers are yes, then OpCo/DUNI structures are progressive decentralization—figuring out what needs to be decentralized (user sovereignty, permissionless access, censorship resistance) versus what can be centralized (operational execution).

If the answers are no, then yeah, we just replaced one set of gatekeepers with another.

Real Questions to Track

Rather than asking “how decentralized are we?” let’s track:

:bar_chart: User Impact Metrics

  • Are transaction fees improving or worsening?
  • Is protocol uptime better under OpCo management?
  • Are security incidents decreasing?
  • Are users actually using the protocol more?

:bar_chart: Governance Health Metrics

  • Can the community actually fire OpCo, or is defunding just theoretical?
  • How transparent is OpCo reporting?
  • How long does it take the community to veto bad decisions?
  • What percentage of users could exit if they wanted to?

:bar_chart: Sustainability Metrics

  • Is treasury management improving?
  • Are resources being allocated efficiently?
  • Is the protocol attracting long-term contributors?

My Take

@regulatory_rachel is right that legal structures enable sustainability. @ethereum_emma is right that governance was blocking shipping. @solidity_sarah is right that we need security safeguards.

All three perspectives are valid. The real question is: Can we build systems that satisfy all three requirements?

  • Legal clarity for institutional participation
  • Operational velocity for competitive execution
  • Security guarantees for user protection
  • Community oversight for accountability

That’s not failure. That’s just hard design work.

Let’s measure success by whether these systems actually serve users better than what came before—not by whether they match some theoretical ideal of “pure decentralization” that never worked in practice anyway.