During the past few months, the Securities and Exchange Commission has significantly widened its crackdown on initial coin offerings (ICOs), putting hundreds of cryptocurrency startups at risk.

The SEC sent out a slew of initial information-seeking subpoenas at the start of 2018. Now the agency has returned to many of those companies, and subpoenaed many more—focusing on those that failed to properly ensure they sold their token exclusively to accredited investors.

The agency is exerting pressure on many of those companies to settle their cases. In response, dozens of companies have quietly agreed to refund investor money and pay a fine.


But many startups that have been subpoenaed say they are left in the dark struggling to satisfy the SEC’s demands, and are uncertain of how others are handling it, according to conversations with more than 15 industry sources as part of a joint investigation by Decrypt and Yahoo Finance.

The sources, many of whom are employees of companies that were subpoenaed by the SEC or are attorneys for those companies, requested anonymity because the SEC restricts them from discussing the matter.

ICO funding, which began in 2014, exploded in popularity last year as an alternative method to fund a cryptocurrency startup, rather than the traditional venture capital route. In an ICO, a startup sells its own digital token, typically for later use in the ecosystem the startup plans to build; buyers pay for the token in the cryptocurrencies Bitcoin or Ethereum.

In the majority of cases, companies that do ICOs have not yet launched any product. Think of an ICO as buying chips for use in a casino that hasn’t been built yet.

It is hard to say precisely how many ICOs occurred during the past four years. ICO Alert says it has tracked more than 5,000 but publicly displays only 3,400 “legitimate” ones. CoinDesk lists only 800 in the past two years. More than $20 billion has been raised in ICOs to date, but the ICO boom peaked in January 2018. Concerns over the legality of token sales have had a chilling effect.


The core issue now for every company that did an ICO: Was its token a security? And if it was, did the company register its offering with the SEC, or ensure that it qualified for an exemption?

SEC sees most ICOs as securities offerings—and companies failed to comply

Many of the companies that did ICOs called their offering something else, such as a “utility token” or a “SAFT” (Simple Agreement for Future Tokens, an ICO method in which investors buy a reservation for tokens yet to be launched), but the SEC does not care about those labels. It weighs each ICO on a case-by-case basis.

In July 2017, the SEC announced that it viewed the tokens offered by The DAO, an ICO that raised more than $150 million in 2016, as securities. Then, at a Senate hearing in February, SEC Chairman Jay Clayton went a few steps further when he said, “I believe every ICO I’ve seen is a security.”

William Hinman, the SEC’s director of corporation finance, provided further clarity in June 2018 at Yahoo Finance’s All Markets Summit when he said ETH does not appear to be a security, but suggested that most ICOs are securities offerings, and that, “calling the transaction an initial coin offering, or ‘ICO,’ or a sale of a ‘token,’ will not take it out of the purview of the U.S. securities laws.”

Any U.S. company offering a security must register its offering with the SEC, or qualify for an exemption. Amid the ICO boom, virtually none have registered a security offering. Thus, they must meet an exemption. The SEC exemptions include selling only to investors outside the US, or selling only to accredited investors, which are individuals with income higher than $200,000 in each of the past two years or a minimum net worth of $1 million.

Ensuring that investors are fully accredited requires, as the SEC spells out plainly, “reviewing documentation, such as W-2s, tax returns, bank and brokerage statements, credit reports and the like.” In other words, it involves a lot more than just checking a box.

Many companies that thought they did properly limit their ICO to accredited investors are now finding out that in the eyes of the SEC, they didn’t.


Robert Cohen, chief of the cyber unit in the SEC’s enforcement division, likens it to a spectrum. When the SEC calls up a company that did an ICO and asks how the company limited its ICO to certain investors, “Some companies tell us the name of the law firm that advised them, explain the know-your-customer procedures they followed, and show us an investor list that is limited to accredited investors,” he says. “At the other end of the spectrum, some point to a website statement about limiting the ICO to some investors, and possibly checkboxes, and that’s it.”

"The law was pretty clear"

Aaron Wright

Some of the people particularly surprised to be in trouble are those who did their ICO as a SAFT, a designation that was intended specifically to be more compliant with securities law.

But some onlookers have little sympathy. Cardozo Law School professor Aaron Wright, who co-authored a paper that questioned the legality of the SAFT model, says, “There could have been other ways they could have structured it, like selling a digital good to people who actually wanted to use it, instead of predominately to speculative investors. They could have talked to the SEC first. I think the law was pretty clear that if you sell something to an investor, it’s likely a security—folks just wanted to engage in token sales, so they just kind of flouted it.”

In December 2017, the SEC shut down the $15 million ICO of a startup called Munchee and forced the company to refund the buyers. Munchee had advertised that its token would go up in value; promises of financial returns are a red flag for the SEC.

In January 2018, the SEC shut down the ICO of AriseBank, which had raised $600 million of a $1 billion goal, for falsely stating it had bought an FDIC-insured bank. In April 2018, the SEC shut down the $32 million ICO of Centra, which had been promoted by boxer Floyd Mayweather and rapper DJ Khaled, for using “misleading marketing” and “paid celebrities” to make false claims. Last month, the SEC charged TokenLot, which called itself an “ICO Superstore,” with being an unregistered broker-dealer, and charged Crypto Asset Management (CAM) with false marketing and being an unregistered investment company.

Those are just some examples that the SEC announced publicly.

Behind closed doors, many more negotiations are underway. The SEC has gotten dozens of ICOs to refund buyers and pay a fine, simply by reaching out and asking questions.


When the SEC reaches out to companies that did an ICO, it is usually through the company’s law firm. The SEC requests a vast trove of documents related to the ICO. Decrypt and Yahoo Finance have obtained communication that the law firm Cooley, which represented many ICOs, sent to one client after an SEC subpoena. The attorney letter warns, “The SEC is likely examining whether [client] should be considered a security under the U.S. federal securities laws… For the purposes of this preservation hold, ‘document’ is defined very broadly.”

Such language is leading many companies to refund their ICOs rather than attempt a legal fight. As one source at a company that got subpoenaed says, “The last thing we want is a press release they put out with only our name on it.”

Refunding tokens

The Fan-Controlled Football League (FCFL), the first ICO to be listed on the mainstream crowdfunding platform Indiegogo (through a partnership with MicroVentures), is one example. FCFL raised $5.2 million last year. In August of this year, MicroVentures quietly returned the money to the initial buyers.

There’s just one problem with refunding. If an ICO gathered the proper information on its buyers, and hadn’t yet launched its token, returning the money is doable. But for ICOs that have launched their token, refunding is not so simple.

“It’s not even really possible,” says Jony Levin, CEO of Chainalysis. “In a lot of cases people bought tokens in ICOs through exchange accounts at places like Kraken. So you can’t just send tokens back to the address you got them from, because that’s an exchange address. If ICOs are made to refund buyers, it will have to be similar to the Mt. Gox case: you make a public announcement and people have to prove they were a contributor.”

As a way to pacify the SEC, some ICOs are attempting to convert their utility token to a security token. Iconomi, which raised more than $10 million in an ICO, is one example. In a blog post this month, Iconomi wrote that its token holders, “will be able to exchange their ICN tokens for tokenized shares in a joint-stock company presented as eICN tokens. This new structure brings legal clarity for all stakeholders.”

Filecoin, Blockstack, Props, Origin, and TrustToken, the five ICOs that have listed on the platform CoinList, all sold only to accredited investors, and none have launched their actual token yet. A source close to Blockstack says the company sees its token as a utility, but out of caution, chose to treat it like a security and comply with all the relevant securities laws.

"Right now it feels like a massive canyon."

All of this SEC action may sound like very bad news for ICOs, but many in the industry have a more optimistic take: regulatory clarity will bring growth. In addition, more and more companies considering a token sale are now reaching out to the SEC proactively.


“I do think that businesses on the up-and-up can navigate through it, and that in just two or three years we’ll have clarity, and we’ll look back on this time as a speed bump,” says the CEO of a well-known tech company who has closely watched the ICO space. “Of course, if you’re a company that is dealing with an SEC subpoena, right now it doesn’t feel like a speed bump, right now it feels like a massive canyon.”

The lingering lack of clarity has driven a group of crypto companies, led by Ripple, to hire D.C. lobbyists to push Congress on behalf of the industry.

From the SEC’s perspective, there is no lack of clarity. The sniff tests are the same as they have been for decades. The SEC is applying the same securities laws to ICOs that it always applies.

“Everybody’s holding their breath for the SEC to create some kind of coin rule, and they’re not going to,” says a securities attorney at one high-profile Silicon Valley firm. “They’re applying the same laws, the same statutes, the same rules, to stocks and bonds and everything else.”

In other words, there’s even a lack of clarity around whether there is a lack of regulatory clarity.

This story is a collaboration between Decrypt and Yahoo Finance, with additional reporting by Josh Quittner.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.