The Light Touch of Caveat Emptor in Crypto’s Wild West

Innovation is the defining feature of the cryptocurrency ecosystem. Crypto-entrepreneurs are leveraging blockchain technology to develop new services (Tezos),1 launch new products (Basic Attention Token),2 harvest dormant economic resources (Cloud Token),3 and seemingly pull value straight from thin air . . . er, ether (CryptoKitty).4  If, as has been suggested, the Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”) are pushing blockchain out of its “Wild West” phase5 just ten years after it started,6 they may be shortchanging it by a couple of decades.7 There are costs to doing this. Having a heavy-handed sheriff around brings costs—like securities registration or anti-money-laundering reporting—that can stymie product development.8 This could put the United States at a competitive disadvantage in an evolving digital marketplace. The Digital Wild West is not limited by the American Frontier. Blockchain innovation will happen somewhere, and U.S. regulation risks pushing it to foreign lands.9

I want to set civil regulation aside and focus on what role, if any, the criminal law should have at this stage of blockchain development. The flip side of innovation is uncertainty. Blockchain is breaking down old legal categories,10 redefining what we thought were the conceptual limits of property,11 and introducing unusually precarious economic opportunities, schemes, and scams.12 While one job of regulation may be to clear up uncertainty, the criminal law has a very different relationship to the unknown. Not every sheriff should carry a gun.13 A fuller understanding of the impact uncertainty has on all participants in the blockchain ecosystem—including coin purchasers, whose share of responsibility to protect themselves is frequently overlooked—could help clarify how the criminal law should come in at this stage.

Two groups must cope with the uncertainties of blockchain technology: issuers and purchasers. For issuers, the basic uncertainty is which legal classification regulators will apply to their product. The two primary categories of concern are securities contracts and commodities. But the broad definitions for both—the Howey test14 and section 1a(9) of the Commodities Exchange Act (“CEA”),15 respectively—seem to overlap and, at the same time, to fall short of exhausting the universe of cryptocurrencies. The failed Munchee utility tokens, for example, would have been redeemable for food and services.16 That seems to fall squarely within the CEA’s definition of commodity as “services, rights, [or] interests . . . in which contracts for future delivery are presently or in the future dealt.”17 We now know, however, that the SEC found Munchee tokens would have been securities.18 The SEC has also determined that virtual currencies like Bitcoin are “money” for purposes satisfying Howey’s “investment of money” requirement.19 While that might have meant they were unlikely to be securities or commodities, the CFTC has held that all virtual currencies are commodities.20 Compounding the uncertainty about which products fit in which buckets is the fact that tokens can swap buckets over time. This might happen, for example, if the balance between human management of a token and algorithmic management shifts.21 Coin issuers are left in the precarious position of trying to predict, on the basis of (what the SEC calls) “particular facts and circumstances” and in light of evolving legal standards, which regulatory agencies will claim jurisdiction at any particular stage of their token’s life-cycle.22

Coin purchasers also face a lot of uncertainty. There are risks associated with investment in cryptocurrency. The CFTC has identified four basic categories:

  • “Operational Risks” arising from issuers’ failure to utilize critical system safeguards
  • “Cybersecurity Risks” from insufficient data protections
  • “Speculative Risks” arising from a volatile and poorly understood marketplace, and
  • “Fraud and Manipulation risks” arising from issuer market abuses, Ponzi schemes, and theft.23

Customers are buying billions of dollars of cryptocurrencies every year, with no real assurance that their investment will pan out as planned or promised.

Like all uncertainty, the kind facing issuers and customers has
significant costs.  The law should eventually intervene with more involved and predictable regulation. However, I believe the optimal time for addressing the new uncertainties of blockchain products through additional regulation (criminal or otherwise) may not have arrived yet. No one is in a position to anticipate the potential of blockchain technologies. Pigeonholing them into pre-existing legal categories could be the greater risk—losing out on future economic innovation for the sake of earlier certainty.24

If that is right, the question for the time being is who should bear the costs of which uncertainties, and what role the criminal law should play in allocating them. Not every interaction between the criminal law and the blockchain marketplace is riddled with uncertainty. There are some schemes whose criminality remains clear regardless of how tokens are characterized. Issuers cannot abscond with customer funds after falsely promising to put them toward product development. While cryptocurrency platforms may make such fraud easier,25 its criminality is not in question.26

With securities fraud, the situation is different. Whether a token qualifies as a security determines the extent to which 10b criminal liability attaches.27 Taking insider trading as emblematic of the criminal law uncertainties at issue, there are two options available.  Should issuers bear the costs of uncertainty by facing potential exposure to criminal sanction? Or should purchasers bear the costs of an increased risk of insider trading that a policy of non-criminal-enforcement will bring?

I think it clear we cannot ask issuers to bear the burden. The stakes that purchasers and issuers face from enforcement or non-enforcement of insider trading laws are not the same.   Purchasers have only money on the table; issuers have their liberty on the line. Throughout the criminal law, we recognize that the state faces an especially high burden for imposing criminal sanctions. There is a strong argument that insider trading laws would be unconstitutionally void for vagueness as applied to cryptocurrency insiders.28 In a world where the SEC itself cannot provide more concrete guidelines about when a token is a security, the law does not “give . . . fair notice of the conduct it punishes.”29 Even if the government were to apply insider trading laws, the rule of lenity should routinely resolve cases in defendants’ favor.30 Furthermore, enforcement of ambiguous criminal provisions might drive issuers from the U.S. market place, which would end the innovation that prolonging legal uncertainty would foster.

A light-touch approach to crypto enforcement would help U.S. tech innovators keep pace with global competition. Such an approach would, for the time being, treat crypto products just like traditional products. It would impose minimal regulatory standards beyond those ordinarily in place to protect consumers from deception and abuse. It would eschew new criminal law or creative use of existing criminal law. Stealing cryptocurrency still squarely qualifies as theft. Using cryptocurrencies to mask illegal proceeds still squarely qualifies as money laundering. But where the crypto context makes a material difference or inserts some uncertainty, the criminal law should stay its hand.

The light-touch approach will leave customers exposed to an increased risk of harms that may resemble insider trading. While I do not mean to trivialize these harms, there are at least three considerations that should help assuage concerns. First, for many customers, the ideological motivation behind cryptocurrencies is the very absence of centralized regulation (even of the sort that would protect them).31 Second, there is an argument that cryptocurrency customers bear some responsibility should they become victims of trading by people with inside information. The speculative and unregulated nature of the cryptocurrency marketplace is widely known. Many customers are hoping to turn a quick profit that depends on exactly these features of the marketplace.32 For these customers to claim surprise that others were trying to do the same (but more effectively) must be disingenuous. Third, the sorts of interests that insider trading law are meant to protect are not present with the same force for cryptocurrencies. Insider trading law is not concerned with people using information asymmetries about future performance of securities to turn an exceptional profit.33 Rather, on some theories, it is supposed to foster investor confidence in the marketplace.34 To whatever extent that is a legitimate concern where traditional securities are concerned (the data does not support it), it does not seem to be an issue for cryptocurrencies. Despite widespread knowledge of the dangers of cryptocurrencies, the marketplace continues to expand rapidly.35 On other theories, insider trading law seeks to protect the fiduciary relationship between insiders and their shareholders.36 It is far from clear that this sort of relationship exists between token sellers and purchasers.37

This does not necessarily mean that the insider-trading sheriffs should stay away from the Digital Wild West entirely. Sometimes, a sheriff can be most effective by dropping her gun and picking up a sign warning that danger lies ahead. The arguments from the previous paragraph are premised on widespread knowledge that opportunistic trading by insiders is a risk of investing in cryptocurrencies. Some customers may genuinely not know this. Others may genuinely forget it in their excitement for the new Gen0 CryptoKitty. Perhaps for now, the best way for authorities to navigate the Digital Wild West is to remind customers that it is wild and that they tread there at their own risk. This seems to be the approach that many other regulators have taken, at least during these moments of productive uncertainty.38 I would recommend it here too.



  1. [1]. Tezos, [] (describing smart contract services).

  2. [2]. Basic Attention Token, [] (offering access to a new browser focused on digital advertising).

  3. [3]. Cloud Token Wallet FAQ, Cloud 2.0, [] (explaining how it sells access to dormant resources on a decentralized network of millions of computers).

  4. [4]. CryptoKitties, [] (“Collect and breed furrever friends!”).

  5. [5]. Kelvin Chan, UK Lawmakers: ‘Wild West’ Cryptocurrencies Need Regulation, AP News (Sept. 19, 2018), [
    99W5-Q96X]; NBX Editorial, Wild West No More: Regulation Comes to the Crypto Corral, Medium (Sept. 12, 2019), []; Mari Rogers, The End of Blockchain’s Wild West is on the Horizon—Why STOs are Poised to Take the Lead, Medium (Oct. 1, 2018), []; The Editorial Board, Cryptocurrency Wild West is Crying Out for a Principled Sheriff, Fin. Times (Sept. 25, 2018), [https://].

  6. [6]. Bernard Marr, A Very Brief History of Blockchain Technology Everyone Should Read, Forbes (Feb. 16, 2018, 12:28 AM), [
    EH7Y-8EYC] (noting that blockchain was invented in 2008).

  7. [7]. E.L. Hamilton, The Wild West Era, a Period of Myth-Making Cowboys, Gunslingers, and Saloon Madames, Actually Lasted Only 30 Years, Vintage News (Dec. 31, 2017), https://www.thevintage []; Jeffrey Tucker, Despite What You Hear, the ICO is Not Over, Forbes (Apr. 18, 2018, 1:42 PM), https://www.forbes.
    com/sites/jeffreytucker/2018/08/18/despite-what-you-hear-the-ico-is-not-rip [

  8. [8]. John Eatwell & Lance Taylor, Global Finance at Risk: The Case for International Regulation19 (2000) (“Overly fastidiousregulationmay result in risks beingoverpriced, and hence willstifleenterprise.”); Neil Tiwari, Note, The Commodification of Cryptocurrency, 117 Mich. L. Rev. 611, 619 (2018) (describing how regulation and uncertainty can stifle innovation in cryptocurrency); see also Daniel J. Solove & Woodrow Hartzog,The FTC and the New Common Law of Privacy, 114 Colum. L. Rev. 583, 598 (2014) (“At the urging of Congress in 1995, the FTC became involved with consumer privacy issues.The FTC initially encouraged self-regulation, which was justified by a fear thatregulationwouldstiflethe growth of online activity.”).

  9. [9]. See generally Julianna Debler, Note, Foreign Initial Offering Issuers Beware: The Securities and Exchange Commission is Watching, 51 Cornell Int’l L.J. 245 (2018) (discussing how SEC enforcement can extend abroad).

  10. [10]. See, e.g., Joshua Fairfield,Smart Contracts, Bitcoin Bots, and Consumer Protection, 71 Wash. & Lee L. Rev. Online 35, 42–44, 49 (2014) (explaining that cryptocurrency operates outside black letter law).

  11. [11]. Hugo Nguyen, How Cryptography Redefines Private Property, Medium (Nov. 26, 2018), [].

  12. [12]. Jay Adkisson, The Great Cryptocurrency Scam, Forbes (Nov. 20, 2018, 11:59 PM), https:// [https://].

  13. [13]. Marshall Trimble, Did Most Old West Lawmen Always Carry Guns?, TrueWest Magazine (Sept. 8, 2016), [] (answering “no” to the titular question).

  14. [14]. SEC v. W.J. Howey Co., 328 U.S. 293, 298–99 (1946) (“[A]n investment contract for purposes of the Securities Act means a contract, transactionor scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party ... .”).

  15. [15]. 7 U.S.C. § 1a(9) (2018).

  16. [16]. Dr. Sanjeev Verma, Nghi Bui and Chelsea Lam, Munchee Token: A Decentralized Blockchain Based Food Review/Rating Social Media Platform, (last updated Oct. 16, 2017), https:// [].

  17. [17]. 7 U.S.C. § 1a(9).

  18. [18]. Munchee Inc., Exchange Act Release No. 10445, 2017 WL 10605969 (Dec. 11, 2017).

  19. [19]. 328 U.S. at 300–01.

  20. [20]. See In re Coinflip, Inc., CFTC No. 15-29, at 3, 2015 WL 5535736 (Sept. 17, 2015).

  21. [21]. Tiwari, supra note 8, at 624–25.

  22. [22]. Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Exchange Act Release No. 81207, 2017 WL 7184670, at *7 (July 25, 2017).

  23. [23]. CFTC, A CFTC Primer on Virtual Currencies 16–20 (Oct. 17, 2017).

  24. [24]. Joshua S. Morgan, Note, What I Learned Trading Cryptocurrencies While Studying the Law, 25 U. Miami Int’l & Comp. L. Rev. 159, 221 (2017) (“[W]e must also consider the potential unintended consequences that squeezing more token sales into the securities framework may have on the U.S. ICO market and U.S. investors generally.”).

  25. [25]. Jay Clayton, Statement on Cryptocurrencies and Initial Coin Offerings, SEC (Dec. 11, 2017), [

  26. [26]. See, e.g., Complaint at 2, SEC v. REcoin Group Found., LLC. No. 1:17-cv-05725, available at [
    KN5P-YAA5] (E.D.N.Y. Sept. 29, 2017).

  27. [27]. 15 U.S.C. § 78j(b) (2012); 17 C.F.R. § 240.10b–5 (2019).

  28. [28]. U.S. Const. amend. V; Connally v. Gen. Const. Co., 269 U.S. 385, 391 (1926) (“[A] statute which either forbids or requires the doing of an act in terms so vague that men of common intelligence must necessarily guess at its meaning and differ as to its application violates the first essential of due process of law.”). Some scholars believe all of insider trading law suffers from unconstitutional vagueness. See generally Miriam H. Baer,Insider Trading’s Legality Problem, 127 Yale L.J. Forum 129, 138 (2017) (explaining issues of insider trading law); David Kwok,Is Vagueness Choking the White-Collar Statute?, 53 Ga. L. Rev. 495, 498 (2019) (discussing overbreadth in insider trading case law).

  29. [29]. Beckles v. United States, 137 S. Ct. 886, 892 (2017).

  30. [30]. Bell v. United States, 349 U.S. 81, 83 (1955) (“When Congress leaves to the Judiciary the task of imputing to Congress an undeclared will [in a criminal statute], the ambiguity should be resolved in favor of lenity.”); see also, e.g., United States v. O’Hagan, 521 U.S. 642, 679 (1997) (Scalia, J., dissenting) (“While the Court’s explanation of the scope of [insider trading law] would be entirely reasonable in some other context, it does not seem to accord with the principle of lenity we apply to criminal statutes ... .”).

  31. [31]. François R. Velde, Bitcoin: A Primer, Chi. Fed. Letter (The Fed. Reserve Bank of Chi.), Dec. 2013 at 3.

  32. [32]. See generally Nathan J. Sherman, A Behavioral Economics Approach to Regulating Initial Coin Offerings, 107 Geo. L.J. Online 17 (2018) (discussing how behavioral economics theory affect investors).

  33. [33]. Chiarella v. United States, 445 U.S. 222, 235 (1980) (“We hold that a duty to disclose under [insider trading law] does not arise from the mere possession of nonpublic market information.”).

  34. [34]. O’Hagan, 521 U.S. at 658 (“The [misappropriation] theory [of insider trading] is also well tuned to an animating purpose of the Exchange Act: to insure honest securities markets and thereby promote investor confidence.”).

  35. [35]. Sebastian Wurst, A Macro-Economic Growth Model for the Cryptocurrency Market: When Will Bitcoin Hit $100,000?, Medium (June 3, 2019), [] (“Put simply, there’s a 10x increase [in cryptocurrency market capitalization] every 2.5 years.”).

  36. [36]. Chiarella, 445 U.S. at 227 (“That the relationship between a corporate insider and the stockholders of his corporation gives rise to a disclosure obligation is not a novel twist of the law.”).

  37. [37]. Raina S. Haque et al., Blockchain Development and Fiduciary Duty, 2 Stan. J. Blockchain L. & Pol’y 139, 140–41 (2019) (“Withrespect to the incentives and operations of prominent public blockchains, the role played by core developers in the governance of these networks does not exhibit the structural dynamics that warrant the imposition offiduciaryobligations for the benefit of cryptoasset holders.”).

  38. [38]. Morgan, supra note 24, at 221–24.


Associate Professor, University of Iowa, College of Law.