Web3 is a term with a shifting, amorphous definition. In its current form, Web3 encompasses both decentralized platforms and the metaverse. Decentralized platforms offer services and assets that use distributed ledger technologies (DLTs), while the metaverse is a virtual reality through which persons will access those services and assets. Web3 projects – particularly non-fungible tokens (NFTs) and decentralized finance (DeFi) services – are attracting a lot of attention from investors.
The surge in Web3 interest is also drawing its share of uninformed developers – and informed bad actors. At best, these parties do not understand the legal issues implicated by their projects; at worst, they abuse Web3’s buzz and the accompanying fear of missing out (FOMO) to defraud investors and consumers alike. In today’s post, we’ll explore some recent SEC and U.S. Department of Justice (DOJ) enforcement activity in the Web3 space and analyze some of the legal landmines.
Frosties: Not-so-Cool NFTs
NFTs are an incredibly popular byproduct of the blockchain innovation. The most well-known of these tokens are issued as collections representing unique digital artwork, such as the Bored Ape Yacht Club, and then traded on different exchange platforms designed specifically for creating and transacting NFTs. NFT authors, project developers and exchanges are already profiting from an industry that has exploded in both trading volume and price, with individual NFTs valued anywhere between a few dollars to nearly $70 million.
Ethan Nguyen and Andre Llacuna sought to capitalize on this phenomenon with their digital art project, “Frosties.” The pair of 20-year-olds created a website describing the project and advertised it via social media and online communities. Each Frosties NFT represented a colorful animated character, but the project promised more than the sale of digital artwork. The Frosties team also promised purchasers a host of awards and incentives, and provided future project goals such as “metaverse development.”
Frosties took off. The Frosties team sold all 8,888 NFTs within 48 minutes of the public launch on January 9, 2022, raising $1.1 million in ether – the native cryptocurrency of the Ethereum blockchain.
But within hours of selling out, Nguyen and Llacuna allegedly transferred the proceeds to another cryptocurrency address and deactivated the Frosties website and social media accounts. Frosties purchasers cried foul, with some calling it a “rug pull” – a scam where project developers prematurely terminate a project after raising funds despite promises to continue a project’s development. In a statement published shortly after the fraud, Nguyen acknowledged that he “never intended to keep the project going[.]” Ending the project caused an avalanche of sales on the secondary market, resulting in plummeting prices and significant losses.
On March 24, 2022, a government task force – including the DOJ, Internal Revenue Service, U.S. Department of Homeland Security and U.S. Postal Inspection Service – arrested Nguyen and Llacuna and charged them with conspiracy to commit wire fraud and money laundering. Each count carries a maximum prison sentence of 20 years. In its press release, the DOJ also pointed to another NFT project that Nguyen and Llacuna were allegedly advertising, which was believed to be another fraudulent scheme set for launch just two days after their arrest.
Blockchain Credit Partners: You Cannot DeFi the SEC
DeFi is another blockchain-derived innovation, offering various financial services via purported decentralized platforms. In practice, DeFi projects come in many flavors, and may combine virtual token offerings, smart contracts and decentralized autonomous organizations (DAOs) with conventional centralized databases, agreements and management structures. Interest in DeFi is booming with a total sector value of more than $228 billion, as of March 30, 2022.
Between February 2020 and February 2021, two executives of Blockchain Credit Partners (BCP) offered their own DeFi service: DeFi Money Market (DMM). The pair of BCP executives established smart contracts selling two different virtual tokens: mTokens represented a share of the money market’s asset pool and promised a 6.25 percent annual return, while DMG tokens represented a share in the governance and excess profits of the DeFi project itself. DMM’s website represented that the project would use investor proceeds to purchase real-world (off-chain) assets, the income of which would then be returned to investors.
On August 6, 2021, the SEC charged BCP and the two executives for issuing unregistered securities and defrauding investors. First, the SEC found that not only were both the mTokens and DMG tokens investment contract securities under the test set forth in SEC v. Howey,1 but also that the mTokens were notes (and therefore securities) under the four-part “family resemblance” test established in Reves v. Ernst & Young.2 The SEC’s order, which the respondents settled to without admitting or denying the findings, found that they sold more than $31 million of these tokens in violation of the registration requirements of Section 5 of the Securities Act of 1933.
Second, the SEC found that the respondents misrepresented how they operated DMM, including misrepresenting the true ownership of the purported income generating assets. The SEC alleged that the respondents realized that their investment scheme could not work in practice and misled investors about this fact. BCP and the two executives nevertheless maintained the scheme by using their own funds in a high-risk financial shell game doomed to fail. The SEC’s order found that such conduct violated the antifraud provisions of the Securities Act and the Securities Exchange Act of 1934 (Exchange Act).
As part of the remedies, the respondents agreed to cease-and-desist orders and payment of more than $13 million in disgorgement plus prejudgment interest and a total of $250,000 in civil penalties. Notably, the respondents also agreed to certain undertakings that limited future participation in the offering of a “digital asset security” and obligated them to provide assistance to mToken holders in redeeming their tokens.
Everything New Is Old Again
NFTs and DeFi offer fascinating new opportunities to turn a profit in a rapidly developing area. But innovative new technologies are also introducing new people to old scams. Nguyen and Llacuna allegedly used the hype regarding NFTs to perform a relatively common fraud: making false promises about a business opportunity, absconding with people’s money afterward and laundering the illicit proceeds through several accounts. Similarly, BCP and its executives made material misrepresentations about DMM’s business operations and profitability. As Daniel Michael, former chief of the SEC Enforcement Division’s Complex Financial Instruments Unit explained, “federal securities laws apply with equal force to age-old frauds wrapped in today’s latest technology[.]”
However, the level of government focus in the space and the expanded enforcement mechanisms suggest this is not the same enforcement playbook. For example, on Feb. 17, 2022, the Federal Bureau of Investigation announced the creation of its new Virtual Asset Exploitation Unit, which will work with the DOJ’s National Cryptocurrency Enforcement Team to investigate and prosecute digital asset crimes. When combined with the efforts of the SEC’s Division of Enforcement Cyber Unit and the DOJ’s Market Integrity and Major Frauds Unit, it’s clear that both federal civil and criminal law enforcement are making concerted, focused efforts to crack down.
As entrepreneurs and companies in the space continue to grapple with the evolving legal landscape, it is important to remember that applying labels such as “decentralized,” “governance token” or “utility token” will not categorically exempt a project from enforcement. Rather, the SEC has demonstrated that, consistent with U.S. Supreme Court precedent, it will analyze the “economic reality” of each situation without regard to labels.3 The SEC’s application of the Reves test to the De-Fi space will be a particularly interesting area to follow, as it provides another possible securities hook for the Division of Enforcement in addition to the more well-known Howey test.
Moreover, as the NFT space continues to explode, questions abound on how active SEC enforcement will be. Notably, SEC Commissioner Hester Peirce – a frequent critic of the agency’s enforcement activity in the space – commented in December 2021 that “[p]eople need to be thinking about potential places where NFTs might run into the securities regulatory regime.” Of particular interest to Peirce is the fractionalization of NFTs, which involve tokenizing the ownership interests in a particular NFT across numerous token holders. Indeed, the tea leaves suggest NFT creators and marketplace developers could be subject to SEC scrutiny in certain instances.
Additionally, as previously covered on the SECond Opinions Blog, the prevalence of exchanges in the Web3 space creates significant enforcement risks for digital asset marketplaces. If NFTs and/or DeFi products qualify as securities, any exchanges of those assets could be subject to certain rules under the Exchange Act. The SEC’s Division of Enforcement has demonstrated an increased willingness to bring unregistered exchange charges in the digital asset space, and we expect this will continue as NFT and DeFi exchanges grow.
The SECond Opinions Blog, along with Holland & Knight’s SEC Enforcement Defense and Virtual Currency, Digital Assets and Blockchain Technology teams, will continue to monitor enforcement activity relating to Web3’s array of technologies.
1 328 U.S. 292, 301 (1946).
2 494 U.S. 56, 64-66 (1990).
3 United Housing Foundation, Inc. v. Forman, 421 U.S. 837, 848-49 (1975).