Token Takedowns

In interactions with the crypto space to date, the Securities and Exchange Commission (SEC) has acted in a measured manner, carefully stepping in to set guidelines when warranted (or, as they have consistently reiterated, to reinforce existing law) and actively tamping down fraud. However, aside from Commissioner Peirce’s recent proposal for a token safe harbor, most of this guidance has come in the form of enforcement actions and non-binding public statements. The SEC has also applied the traditional facts and circumstances test to the market. This facts and circumstances test, while flexible and capable of shifting to cover the technology as it evolves, also involved an incredible administrative burden for an agency with finite resources and a broad mandate. To the extent a regulator (i) tells a market that a facts and circumstances test applies, (ii) that there are no bright line rules, and (iii) that prescriptive guidance would be a waste of time, while inviting token projects to begin a dialogue to help get clarity — all parties involved in that resultant dialogue should expect that it will not be an efficient process. It is instead a significant time commitment on a project-by-project basis and on a more macro level and results in a situation where guidance is privately issued and no precedent or models for compliance are publicly available. In practice this has meant that, absent a robust dialogue with the SEC, token projects that attempted to move forward only have a semblance of certainty on where the line is when they or someone else has stepped over it.  

On the whole, though the SEC’s approach to regulating the crypto market was not without its drawbacks, it was appropriate given the context. To use an often-cited analogy, the ICO craze involved a market in which the overwhelming majority of token issuers were out and about pre-selling tickets (with a surprising degree of success) to rollercoasters. However, not only were the rollercoasters yet-to-be-built or functional, as applicable, but many ultimately became tilt-a-whirls or, less ideally, a private yacht or two for the ticket salesman. The SEC’s approach had the (likely intended) effect of chilling new market entrants in addition to addressing some of the less than ideal practices in the space.

Now, as enforcement slows to a manageable pace, with most effort focused on post-ICO craze cleanup and the occasional injunction against a scam ICO where the promoters used proceeds to buy Ferraris (yes, even in March of 2020), the SEC has the time and space to proactively address the yawning gap in public guidance or other regulatory movement that would help dictate to the market how to (i) satisfactorily comply with securities laws in bringing tokens to market and (ii) bring tokens to market outside of the securities laws, to the extent a project is attempting that path forward. While enforcement actions offer many examples of what not to do, the Turn Key Jet (TKJ) and Pocketful of Quarters (PoQ) no action relief do not offer much of a palatable path forward. In fact, the restrictions imposed on transfer and pricing in both TKJ and PoQ make these models unattractive to pursue from a business perspective for many projects. TKJ’s tokens were so clearly outside the realm of securities law, that Commissioner Peirce worried about overreach and that the no action relief “effectively imposes conditions on a non-security.”

In terms of the market, there has been encouraging recent movement as we work through issues in the space. Blockstack’s Reg A+ offering in 2019 opened a broader dialogue around whether tokens uniformly were covered by 12(g) and thus needed a transfer agent to facilitate transfers, with Blockstack arguing against both points while using securities framework to come to market. Further, firms like Harbor (which was recently acquired by BitGo) and Securitize attained transfer agent licenses in late 2019 with others following, fulfilling a market need. Previously, there were not transfer agents filling those roles in the market to even be able to effect transfers in attempted compliance with existing law.

Now Commissioner Peirce has put forth a proposal for a safe harbor for decentralized projects in the crypto space, which has been widely commented on. While it offers the promise of regulatory movement, it does not address all pain points (and some would argue it creates more). However, with all that is going on in the world with COVID-19, SEC focus has shifted to crisis management and her term is likely to expire before her token safe harbor is taken up by the SEC. However, the proposal did create momentum for a number of counterproposals and renewed discussions around rethinking and/or refining the SEC’s stance to date. In this spirit, this article undertakes a review of SEC enforcement through a sampling of consent orders, a discussion of the policy implications of these enforcement actions, and ends with some thoughts for the future.

A Walk Through of SEC Consent Orders

Starting in December of 2017 with Munchee, the SEC put the crypto space on notice that utility token offerings could constitute securities offerings and that securities laws applied. In the wake of Munchee, many projects and their advisors came up with workarounds in attempts to avoid regulatory scrutiny (i.e., the SAFT model and the swiss foundation model). The SEC then spent the next several years entering into a series of consent orders (separate and apart from those addressing fraud in the market) many involving mandated token registrations. News of these settlements were disseminated by press release, which served to dampen the appetite in the market to embrace these workarounds in the wake of the SAFT. Absent explicit regulatory buy in, many projects declined to move forward. Even with the more recent advent of IEOs, offerings of tokens have slowed to a veritable halt.

Thus, having stemmed the flow of new market entrants, the SEC continued to sweep up token offerings with enforcement actions that continue to this day. Many commentators have noted that, putting to the side those projects that self-reported, the SEC first targeted the “low hanging fruit” in these enforcements. They intentionally picked projects that had clearly stepped over the proverbial line in the sand and where the SEC would likely prevail in court, arguing Section 5 violations had occurred. Kik Interactive and Telegram, the subjects of more recent enforcement actions, are in the minority of projects that have elected to fight the SEC in court. The SEC has made similar arguments in each of these enforcement actions and if you look at the token consent orders to date, you will start to notice a strong trend in the penalties and prescriptions.

In trying to draw lessons from these enforcement actions, there have been discussions of finding a path forward for projects by toggling elements of the Howey analysis, including (i) drawing distinctions between the investment contract wrapper and the underlying digital assets, (ii)  drawing distinctions between projects by looking at functionality of the token at the time of sale, and (iii) drawing distinctions between stated and intended use case vs. actual use cases. Each of these has received push back in the wake of various enforcement actions. More recently, commentators noted that in the enforcement action against SimplyVital Health, the SEC phrased the consent order in such a way as to make it clear they were characterizing the underlying asset as a security, along with the investment contract wrapper. Many see the recent decision by Judge Castel in the Telegram case as supporting the view that, looking at the totality of the circumstances, the GRAMs are securities.

While reading tea leaves from enforcement actions is now a long-cherished pastime of lawyers who follow the blockchain space, its utility does have limits. These enforcement actions that we spend so much of our time dissecting, are necessarily based on the particular facts and circumstances of a case. This includes an analysis of the context and intent of the parties at the time, where decisions were in part predicated on the availability of, and the market appetite for, secondary resales when these projects came to market. Using our earlier analogy, projects that (i) insisted the tickets they sold were for a rollercoaster and (ii) that buyers had purchased for the sole purpose of exchanging them for a ride on said rollercoaster, were met with incredulity as buyers consistently took these tickets and promptly resold them (lather, rinse, repeat).   

However, now that we are not awash in new market entrants, if we step back, we can look at the policy implications of the path we have put ourselves on by declaring all digital rollercoaster tickets to be securities. The chart below contains a sampling of the consent orders to date along with key features of these consent orders, noting that Block.One is an outlier for reasons described below.




Approx. $$ Raised


Register Token under 12(g)

Issuer to Register with SEC & File Periodic Reports

Monetary Penalty

Enigma MPC


ENG Tokens


 check  check  check


Blockchain of Things, Inc.


BCOT Tokens


 check  check  check






 x  x  x


Gladius Network LLC


GLA Tokens


 check  check  check


Paragon Coin, Inc.


Paragon Coin (PRG)


 check  check  check


CarrierEQ Inc. d/b/a Airfox




 check  check  check


** No penalty due to self-reporting/remedial steps taken

Now contrast the above prescriptions with the summary below of the intended functionalities of each of these platforms and tokens. Note that while we can argue the flaws in these models and their implementations, most are intended to have consumptive use. Also note that, with respect to consumptive tokens, that is, tokens intended to facilitate on-platform functions or transactions, a 12(g) registration was for the most part a death sentence. By entering into these consent orders and agreeing to register, these projects for all intents and purposes implicitly agreed to shut down. 




Enigma MPC

Platform to test trading strategies and data marketplace

On-platform currency to purchase data sets

Blockchain of Things, Inc.

Platform on which third-party developers would be able to build applications using the platform’s core functionalities

Converts to credits; powers on-platform functionality


Operating system (EOSIO) designed to support public and private blockchains

ERC-20 with no functionality but transferable for native EOSIO-based blockchain tokens

Gladius Network LLC

Network in which participants could rent spare bandwidth and storage space on their computers and servers to others for use in defense against certain types of cyberattacks and to enhance their content delivery speed

Network currency; used to record on platform transactions, enable the delivery of content 

Paragon Coin, Inc.

Blockchain-based ecosystem for cannabis industry

Currency for cannabis industry related services and supplies

CarrierEQ d/b/a Airfox

Platform allowing prepaid mobile phone users to earn free or discounted airtime or data by interacting with ads— also planned new functionalities, including the ability to transfer AirTokens between users, peer-to-peer lending, credit scoring, and, eventually, using AirTokens to buy and sell goods and services other than mobile data

Medium of exchange for mobile data, physical goods, and micro lending

What’s more, all of the projects subject to consent orders mandating registration, with the exception of CarrierEQ (Airfox), did in fact shut down. In this context, it is important to mention that many of the above consent orders were entered into with an inherent power disparity and the uniformly onerous terms are reflective, in part, of that disparity. Putting aside Block.One, these token issuers did not have the pocketbook and likely did not possess the inclination to fight the SEC. As a result, the terms, including scope of the commitments the token issuers undertake to commit (again with the exception of Block.One) are dictated by the SEC. Airfox, by attempting to move forward and comply with the consent order, gives us a view into the policy implications of rubber stamping all products in this space as securities and regulating them as such. What follows is a dystopian walkthrough of (Airfox)’s public filings as they provide disclosures around a business that is wholly separate and apart from the intended audience of these filings, the holders of their zombie tokens.

A Case Study of Policy Implications

I have always viewed the space as an infant industry of sorts, in need of nurturing by regulators as it matures. While I will not argue facts and circumstances of particular projects as many of these did not make it past adolescence in their business life cycle (and prove why well-off parents wait to give children their trust funds), it seems off-kilter for a regulator to look to the particularized facts and circumstances of each case to ultimately apply a rubber stamped, one-size-fits all approach, to the extent they intend to give guidance through enforcement. However, on balance and in fairness to regulators, the presence of secondary markets has also proved problematic for the space. Many of these facts and circumstances were polluted by the sheer availability of an almost immediate exit opportunity, thereby (i) misaligning incentive structures between token projects and early investors in bringing tokens to market and (ii) creating tension between actual and stated use cases. Ultimately, while it is not a hard argument to make that digital assets that are brought to market as investment products traded on secondary markets should be regulated as such and that securities laws should apply, for less clear cut fact patterns, applying these laws (or having them applied by a regulator) preempts the possibility of the product being used for other potential use cases. In essence, by declaring everything to be a security, you erect regulatory barriers that ultimately prevent it from being anything other than a security. 

The view that securities laws apply broadly is often accompanied with a second talking point, that token projects should simply just comply with securities laws and stop arguing about the lack of regulatory clarity. This involves the viewpoint that existing securities laws are appropriately tailored to cover tokens, as is, and without any necessary modifications or further guidance required. I have long found this view to be disingenuous. Absent guidance, and in a landscape where 12(g) has been liberally applied, the path forward is unclear. How does one comply with 12(g), which is intended to register classes of equity securities, in the context of a bearer instrument that is intended to unlock on-platform functionalities? Who is a holder of record? What good does mandating compliance with this disclosure regime serve from a policy perspective? How can one even pretend that a regulatory regime predicated around intermediaries such as transfer agents (which did not exist for the space before 2019) is well-tailored for products that are built around the concept of disintermediation?

Using AirFox as an illustrative example, below is a walk-through of the steps taken as they, against all odds, attempted to soldier on after the consent order.  Airfox managed to successfully file a Form 10 for its tokens. However, these tokens are essentially zombie tokens — they are non-functional, remain locked up and currently have no planned functionalities. There is also no common enterprise with their issuer — they neither contribute to nor benefit from Airfox’s business yet are to be characterized as equity securities per the consent order. Equity securities should, at a minimum, involve an alignment of incentives between the security and the underlying enterprise. AirTokens, as a case study, shows how a one-size-fits all approach is flawed and also illustrates that whether the legislative intent of securities laws is fulfilled by applying them to token projects is context specific. Gabriel Shapiro has written various articles in the space characterizing tokens as “network equity” and, using this analogy, one could see how existing law could pivot to fulfill its stated goals. However, below are some excerpts from Airfox’s exercise in absurdism on its Form 10 that illustrate how this regime can be an itchy and ill-fitting one:

  • AirTokens should not be viewed as analogous to more traditional securities (i.e., capital stock, debt securities, warrants, etc.), as the AirTokens currently lack the traditional features of such securities. For example, the AirTokens do not currently convey any dividend, distribution, voting, liquidation, or preemption rights to their holders.
  • Similarly, AirToken holders have no property, license, or other right whatsoever with respect to any software that now exists or may ever be developed by Airfox.  
  • Since the date of the SEC Settlement Order, the AirToken smart contract has been “locked,” meaning AirTokens cannot be transferred on the blockchain.
  • Due to the rapidly evolving regulatory climate regarding cryptocurrencies that are securities, we cannot estimate when (or if) AirTokens may be listed on any securities or cryptocurrency exchange or other established public trading market within the U.S. or elsewhere. Currently, there are no registered or approved third-party exchanges or other platforms to support the trading of AirTokens on the secondary market.
  • Since we never registered for sale or resale any AirTokens as a security pursuant to the Securities Act, AirTokens are restricted securities, and we have no agreement with any AirToken holder to register under the Securities Act for sale of any of our AirTokens. Therefore, AirTokens may only be transferred pursuant to an exemption under the Securities Act, and holders of AirTokens may not be able to transfer the AirTokens or otherwise exchange them for fiat or cryptocurrency for the foreseeable future.

In the most recent 10-K, it is a surreal out-of-body experience to read about the Company’s plans for its business, which is entirely separate and apart from the intended audience for the periodic reporting, the AirToken holders (or at least those that remain after the rescission offering is completed). Their exercise in reporting illustrates the consequences of when ill-fitting laws are applied in an arbitrary way. This was ultimately a costly exercise for Airfox, one that they had not matured enough as a company to take on and, most importantly, one that ultimately offered little upside in terms of providing token holders meaningful disclosure with which they could use to make decisions about their investment.

Closing Points

In closing, though most of the projects in this article (among many others) did not take the best path to market, we can take lessons from them while, at the same time, not overemphasizing the implications of particular enforcement actions. While I have never been particularly interested in being right or wrong about how particular enforcement actions or litigation in the space will turn, I do look to the high-level policy implications of the outcome of litigation or such regulatory actions or inaction. Airfox can give us a lesson in how the blanket application of securities laws to the underlying digital assets as well as any investment contract wrapper may have potentially problematic consequences. It makes the path many took to market an incurable and insurmountable flaw. What is more, given the state of prescriptive guidance, we don’t have all of the tools needed to avoid potentially stepping in the same quicksand. From a high level, further guidance that builds upon TKJ and PoQ could give projects more breathing room as they try to come to market outside of the context of securities laws, which are undoubtedly narrower in their application than the picture painted by no-action letters to date.   

We can also use the benefit of hindsight and the efforts of projects that have come to market within a securities framework and attempted compliance with securities laws to evaluate the tensions and ambiguities created by fitting an industry built around disintermediation into existing securities law frameworks. We should do so through the lens of co-authoring a path forward. Ultimately, whether or not Commissioner Peirce’s proposal (or any variation thereof) moves forward, the openness of the dialogue she created in attempting to shape prescriptive guidance is commendable. It is through dialogue that pain points will continue to be identified, as well as corresponding solutions. As a concrete first step forward, I would echo the argument here that the SEC provide relief from 12(g) in certain contexts or otherwise clarify the outer limits of its application.

If you would like more information, please contact a member of Harter Secrest & Emery LLP’s Digital Assets and Disruptive Technologies group at 716.853.1616 or 585.232.6500.

Attorney Advertising. Prior results do not guarantee a similar outcome. This publication is provided as a service to clients and friends of Harter Secrest & Emery LLP. It is intended for general information purposes only and should not be considered as legal advice. The contents are neither an exhaustive discussion nor do they purport to cover all developments in the area. The reader should consult with legal counsel to determine how applicable laws relate to specific situations. ©2020 Harter Secrest & Emery LLP