And that continues today.

Over the past few months, we've seen the collapse of a stablecoin, bankruptcy of a crypto hedge fund, insider trading of NFTs, and, most recently, insider trading of what the SEC has termed "crypto asset securities."

This post focuses on the regulatory framework around digital assets as securities.

Why does it matter?

All securities offered and sold in the US must be registered with the SEC or qualify for an exemption from registration.

The purpose of securities laws is to protect investors through the application of disclosure obligations intended to limit information asymmetry (e.g., disclosing material information about the issuer and investment).

Given the arduous registration process, only a few digital assets have been registered.

Similarly, any person or entity engaged in the activities of an exchange must register as a national securities exchange or operate according to an exemption from registration.

If a digital asset is a security, the legality of the offering or the exchange may be in question.

When do digital assets qualify as securities?

Four primary laws apply to the securities industry:

  1. Securities Act of 1933
  2. Securities Exchange Act of 1934
  3. Investment Company Act of 1940
  4. Investment Advisors Act of 1940

These laws generally define "security" as:

means any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, fractional undivided interest in oil, gas, or other mineral rights, any put, call, straddle, option, or privilege on any security, certificate of deposit, or group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or, in general, any interest or instrument commonly known as a “security”, or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing.

With legislation enacted in the '30s and '40s, we don't see terms like "utility tokens," "governance tokens," or "non-fungible tokens."

However, digital assets may be considered securities under "investment contract" or "debenture."

The Howey Test

The primary framework for determining whether a digital asset is a security comes from SEC v. W.J., Howey Co.

In Howey, the Supreme Court defined an investment contract as a "contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party."

Under the Howey test, an investment contract exists when:

1.  There is an investment of money
2. In a common enterprise
3. With a reasonable expectation of profit
4. Primarily based on the mangerial efforts of others

Notably, in SEC v. Glenn W. Turner Enterprises Inc., the court removed "solely" from the fourth prong of Howey.

The application of the Howey test to digital assets was reiterated in The DAO Report.

The DAO Report

The DAO Report featured "The DAO," a for-profit Decentralized Autonomous Organization ("DAO") created to hold assets obtained through the sale of DAO Tokens to investors, which would then be used to fund other projects.

In applying the Howey test, the DAO Tokens were securities because:

  1. Ether exchanged for DAO Tokens constituted money;
  2. The DAO was a for-profit entity whose objective was to fund projects in exchange for a return on investment; and
  3. The DAO's investors relied on the entrepreneurial efforts of the founders and the DAO Curators to manage the DAO and submit project proposals that could generate profits.

Ironically, despite being a Decentralized Autonomous Organization, the SEC found the governance rights of the DAO Token holders were largely perfunctory because (i) they could only vote on proposals cleared by the Curators (who were chosen by the founders), and (ii) the pseudonymity and dispersion of the token holders made it difficult for them to effect change or exercise meaningful control.

Despite being the champion for decentralized governance, The DAO Report shows that DAO governance tokens are not immune to classification as a security when a centralized authority controls the actions of the DAO (here, the founders and curators).  

Utility Tokens v. Security Tokens

Following The DAO Report, the SEC brought enforcement actions against several token issuers issuing "utility tokens," which were said to be different from the "security tokens" in The DAO Report.

Utility tokens have some useful or consumptive purpose, such as allowing users to access a protocol or network (e.g., using ETH on Ethereum).

Although consumptive digital assets may be less likely to be classified as a security, the SEC has rejected a determinative distinction between utility and security tokens for securities law purposes.

The Munchee Order

Munchee Inc. attempted to create an ecosystem around its iPhone app, which connected restaurants, customers, and reviewers.

Munchee hoped to raise $15 million by selling MUN Tokens to fund this business and ecosystem by promoting the offering on its website and social media accounts.

At the time of the offering, the app could not accept tokens, and there was no good or service to be purchased.

Despite Munchee's claim that its "utility" tokens were not securities, the SEC disregarded the distinction and stated:

Determining whether a transaction involves a security does not turn on labeling–such as characterizing an ICO as involving a 'utility token'–but instead requires an assessment of the 'economic realities of the underlying transaction.

In evaluating the "economic realities," the SEC determined that the MUN Tokens were securities because they were developed to build an ecosystem that would create demand for the token, thereby making the token more valuable due to the efforts of Munchee.

What about airdrops?

The DAO Report and Munchee each included a sale of tokens to investors; however, airdrops have become an increasingly popular way to distribute tokens and raise project awareness.

According to the SEC, an issuer may receive "value in the creation of a public trading market for its securities even in an airdrop." See In the Matter of Tomahawk Exploration LLC.

Simply put, a transfer of digital assets that advance the issuer's economic interests is likely considered a "sale."

Even if that is the case, the first prong of Howey requires an "investment of money."

Arguably, in the case of an airdrop, the recipient receives the digital asset for free without giving up anything of value.

So, even if the transaction could be categorized as a "sale" based on the value received by the issuer, the sale would not involve an investment contract if the recipient were not investing money.

So, are all digital assets securities?

The SEC has issued several no-action letters indicating that the digital assets presented were not securities. See Turnkey Jet, Inc. (closed blockchain tokens only redeemable for private jet usage) and Pocket Full of Quarters, Inc. (a video game token only usable in-game).

However, these assets are so clearly not securities that they fail to provide meaningful guidance.

Moreover, William Hinman, former Director of the Division of Corporation Finance, has stated that Bitcoin or Ether are not securities and that digital assets may mutate in and out of status as securities:

But this also points the way to when a digital asset transaction may no longer represent a security offering. If the network on which the token or coin is to function is sufficiently decentralized – where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts – the assets may not represent an investment contract.
When I look at Bitcoin today, I do not see a central third party whose efforts are a key determining factor in the enterprise .  . . . based on my understanding of the present state of Ether, the Ethereum network and its decentralized structure, current offers and sales of Ether are not securities transactions.

Hinman's speech listed factors to consider in determining whether a digital asset is “sufficient decentralized” such that a digital asset has "mutated" from a security to a non-security–commonly known as the mutation doctrine.

Concerning our discussions on airdrops and whether a digital asset is distributed without the recipient giving up anything of value, the mutation doctrine could result in the digital asset mutating from a non-security to a security upon the subsequent transfer from the original recipient to a third party (i.e., now there has been an investment of money, albeit not from the issuer).

Despite the issuer not being party to the subsequent sale, the SEC would likely find the issuer calpable due to the issuer's creation of a "scheme" involving the sale of securities.

Hinman's speech and subsequent guidance entitled "Framework for 'Investment Contract' Analysis of Digital Assets" from the Strategic Hub for Innovation and Financial Technology (FinHub) division of the SEC opened the door for digital asset characterization as "non-securities" when a network is "sufficiently decentralized" such that participants are not relying on the managerial efforts of others (i.e., legal decentralization is outside the scope of Howey, as participants are not substantially relying on the efforts of a centralized controller).

A project's (often through a DAO) ability to be sufficiently decentralized is beyond the scope of this post (and probably a post for another day), but for more information check out Gabriel Shapiro's early work on sufficient decentralization.

Where are we now?

Despite the statements by Mr. Hinman, the SEC has broadly labeled digital assets as securities and has failed to provide meaningful guidance on the achievement of sufficient decentralization.

In fact, in an insider trading case against an employee of Coinbase, the SEC posits that nine tokens listed or considered for listing by Coinbase are securities (i.e., AMP, RLY, DDX, XYO, RGT, LCX, POWR, DFX, and KROM).

This could mean big problems for Coinbase and other exchanges that are not registered exchanges under the Exchange Act.

Under the SEC's current interpretation, it's hard to see how many digital assets would not be securities (at least at the time of the initial distribution).

Achieving sufficient decentralization is a chicken and egg problem, as decentralization largely necessitates the distribution of digital assets to users, but projects are unable to distribute those assets if they are securities (which necessitates sufficient decentralization to be non-securities).

At the time of the initial distribution, the digital assets (and thus, control of the underlying protocol/project) will likely be concentrated in the hands of the initial developers.

Even when ownership of digital assets is largely dispersed, the SEC has characterized such a wide dispersion of ownership and communication through pseudonymous channels as "akin to those of a corporate shareholder."

Given that most of the SEC's most recent enforcement actions stem from the ICO boom of 2017-18, it is unlikely that we won't see further actions taken against more recent projects and distribution efforts.

For instance, 2021 was the year of the NFT.

Many NFT projects have evolved well beyond the sale of digital art by wrapping the value of the token to its future utility and potentially a share of future profits.

Like any other token, an NFT may include governance rights (e.g., membership in a DAO), and the context of the distribution may result in the NFT being characterized as an investment contract.

These projects often include whitepapers stating how the sale proceeds will be used to develop the project (e.g., selling NFTs to be used in a yet-developed digital metaverse).

If we've learned anything from the SEC, an issuer's categorization of a digital asset will not control.

So, avoiding being categorized as a security isn't as simple as including a picture of an ape.

As we've seen from previous enforcement actions, without further legislation around digital assets, the SEC will label digital assets as securities when the purchasers expect profit and rely on the acts of a promoter (even partly).


Digital assets need a regulatory framework designed to promote innovation and incentivize compliance, which has not escaped the biggest crypto proponents.

For instance, SEC Commissioner Hester Peirce proposed a three-year safe harbor period for crypto projects to build and launch before complying with federal securities laws.

Under this proposal, a project's outside counsel can evaluate the project and draft an "exit report" assessing whether the project is sufficiently  “decentralized” or “functional.”

If a project is sufficiently decentralized or functional, it can continue operating without registration.

If the project is not, it has a sunset period to comply with securities laws.

Ultimately, if a company creates a decentralized or functional network, the tokens involved would not be securities, which would be outside the purview of the SEC.

Similarly, LeXpunK has proposed a securities law exemption and safe harbor named Reg X, which proposes a disclosure framework akin to those contemplated under Reg A+ and Reg CF offerings.


The innovation and growth in the digital asset space are compelling, but so is the number of projects that blatantly ignore existing SEC guidance (whether or not proper from a policy perspective).

Projects in the digital asset space would be wise to proceed cautiously before distributing digital assets (even for "free").

About Me

Hey, if you like this article, you should follow me on Twitter, check out what I am building, and set a time to chat.

Disclaimer: While I am a lawyer who enjoys operating outside the traditional lawyer and law firm “box,” I am not your lawyer.  Nothing in this post should be construed as legal advice, nor does it create an attorney-client relationship.  The material published above is intended for informational, educational, and entertainment purposes only.  Please seek the advice of counsel, and do not apply any of the generalized material above to your individual facts or circumstances without speaking to an attorney.

Share this post