
Crypto Legal Experts Discuss WEB3 Regulation: Compliance or Decentralization?
TechFlow Selected TechFlow Selected

Crypto Legal Experts Discuss WEB3 Regulation: Compliance or Decentralization?
A ban shattered the calm of the crypto market, as a regulatory storm triggered by a butterfly's flap left the crypto world on edge.

On August 9, 2022, a single regulatory order shattered the calm of the crypto market—a butterfly flapping its wings triggered a storm that left the crypto world on high alert.
The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against the cryptocurrency mixer Tornado Cash. Shortly afterward, developers of Tornado Cash were arrested in the Netherlands, prompting swift reactions from various institutions.
Circle, the issuer of USDC, officially blacklisted Ethereum addresses included on the U.S. Treasury's sanctions list.
Uniswap blocked 253 crypto addresses linked to stolen funds or sanctions, most due to connections with illicit funds or mixing services like Tornado Cash; lending protocol Aave similarly restricted numerous addresses that had interacted with Tornado Cash…
CeFi and DeFi applications are gradually embracing "regulation." But what about the underlying blockchain protocols? If one day OFAC wanted to censor or sanction Ethereum after its transition to Proof-of-Stake (PoS), would that even be possible?
Samson Mow, former Chief Strategy Officer at Blockstream, believes Ethereum’s shift to PoS makes it easier for regulators to control the network—66% of validators comply with OFAC rules, including major players such as LidoFinance, Coinbase, and Kraken.
In response, Ethereum co-founder Vitalik Buterin tweeted that if regulators attempt to impose censorship at the protocol level through node providers like Lido or Coinbase, he would consider such actions an attack on Ethereum. In such cases, he would support using broad social consensus to remove those nodes.
For CeFi and DeFi projects, how should they balance the ideal of decentralization against the need for compliance, broader adoption, and mainstream user growth? And what long-term impact will regulation have on the future of crypto?
TechFlow invited two legal professionals—Blue Collar, General Counsel at Fenbushi Capital, and Lily King, COO of Cobo—to explore the implications and future of crypto regulation.
Guests:
-
Blue Collar, General Counsel at Fenbushi Capital, senior legal expert and researcher in the blockchain industry.
-
Lily King, COO of Cobo, dual-qualified lawyer in China and the U.S., deeply involved in research on social policy and collaboration mechanisms.
After The Merge, does Ethereum’s transition to PoS pose greater regulatory risks?
Blue Collar: Not significantly. The Merge and the shift to PoS are infrastructure-level changes and do not directly involve financial operations.
However, the change in consensus mechanism may prompt regulators to adjust their approaches. In theory, regulators could impose scrutiny on Ethereum’s validator nodes—just as they could have targeted mining pools during the Proof-of-Work (PoW) era (though never implemented). In the PoS era, oversight would likely focus on node custodial service providers.
Given that most node custodians are based in the U.S., American regulators would find enforcement far more feasible.
Lily King: Currently, both ETH and BTC are classified as “commodities” rather than “securities” in the U.S. Transitioning to PoS might reignite debate over whether ETH qualifies as a security.
Georgetown University law professor Adam Levitin recently argued that staking rewards resemble investment returns, meeting the U.S. “Howey” test for securities—"profits derived solely from the efforts of others"—suggesting PoS tokens carry inherent securities risk.
But Ethereum is sufficiently decentralized, with no centralized issuer akin to traditional securities. Moreover, stakers actively participate in the network rather than being passive investors—factors that weaken the Howey argument. Therefore, I believe this risk remains low.
How will regulation affect DeFi applications?
Blue Collar: Every DeFi project must distinguish between two distinct entities: (1) the smart contract itself; and (2) the project company operated by developers (which often provides centralized services around the DeFi protocol).
For example, Uniswap’s smart contract on Ethereum versus Uniswap Labs—the company. While externally perceived as one project, legally they are separate, facing different regulatory exposures.
Smart contracts deployed on public blockchains are currently not treated as direct regulatory targets, since no jurisdiction recognizes them as legally responsible entities (though future legislation may change this).
Thus, regulators can only indirectly target smart contracts—by restricting individuals or institutions from using them—potentially marginalizing or eliminating their use in mainstream markets. Given the territorial limits of national regulators, the U.S. wields the greatest influence due to its broad jurisdictional reach over global actors. Smaller countries’ bans may carry little practical effect, even if symbolically enforced.
As for DeFi-operating companies (typically founded by developers), they provide centralized internet or financial services and thus fall under existing regulations. Note: offering centralized services isn't inherently contradictory to “decentralized finance”—both can coexist within a single DeFi project, and frequently do.
Most DeFi companies offer web frontends—classic internet information services—so standard regulations naturally apply (e.g., Uniswap Labs must hide trading interfaces for non-compliant securities tokens on its frontend, even though the underlying smart contract remains unchanged).
If a company holds financial licenses, it faces additional compliance requirements when offering enhanced centralized services. Overall, regulating DeFi operating companies falls under conventional frameworks—no special legislation is needed, and blockchain technology doesn’t invalidate existing rules.
Looking ahead, new laws—especially in the U.S.—may introduce specific provisions for DeFi smart contracts, possibly treating qualifying contracts as distinct commercial entities bearing legal responsibility, particularly DAO-based DeFi projects. Additionally, KYC requirements may be imposed on DeFi users, or un-KYC’d users may face transaction restrictions.
What does increased regulation mean for Ethereum validators? How should they respond?
Blue Collar: For now, not much. Since ETH is permissionless, potential future regulation may target node custodial service providers—requiring them to implement KYC and similar measures. Individual validators acting alone face no immediate regulatory risk.
The fundamental reason is that Ethereum’s mainnet doesn’t directly process financial transactions—this occurs at the application layer via individual DeFi protocols (i.e., DeFi smart contracts and the ETH blockchain are decoupled). Hence, DeFi—not the base layer—is the primary regulatory focus.
Of course, if new laws extend regulatory reach directly into the ETH blockchain—imposing restrictions on validators (though unlikely)—that would threaten ETH’s vision as a permissionless ledger. In such a case, the Ethereum Foundation would almost certainly deploy technical countermeasures. Such regulation wouldn’t target ETH alone but would apply broadly across all public blockchains.
How will stricter regulation affect the relationship between DeFi and traditional finance?
LilyKing: In the short term, it may cause capital to hesitate. But as regulatory clarity emerges, institutional capital will flow more smoothly into DeFi. DeFi’s immense potential lies in becoming next-generation financial infrastructure. To achieve this, it must break out of niche circles and integrate trillions in assets from traditional finance and the real economy—an evolution where navigating regulation is unavoidable.
Yet complying with regulation doesn’t mean total surrender. Crypto firms must preserve their decentralized essence within regulatory boundaries—it’s not a binary choice. Even within U.S. politics, many officials recognize the innovative power of crypto and oppose excessive government intervention. Ultimately, a balance may emerge: regulators feel they’ve achieved goals like preventing financial crime and protecting retail investors, while the crypto ecosystem retains far greater openness and freedom than the legacy financial system.
The future crypto world will be pluralistic. At the protocol layer—like Ethereum—strong decentralization will likely persist, preserving blockchain’s core value. This is where the crypto community stands most united—even Coinbase’s CEO has said he’d rather shut down staking than accept protocol-level censorship.
At the application layer, however, divergence will occur. Some teams will prioritize maximum freedom and privacy, refusing any cooperation with regulators or censorship. They’ll retain niche viability, but must contend with limitations of purely virtual assets and potentially forfeit access to certain national markets.
Projects aiming for mass adoption must strike a balance between regulation and anti-censorship. Most users lack the ability to survive in the “Wild West” of crypto—they genuinely need protection. At the same time, engaging with off-chain people and assets inevitably involves legal systems and traditional financial institutions, requiring alignment with societal norms.
What does stronger regulation mean for crypto investors?
Blue Collar: Distinguish between traditional institutions and crypto-native investors. The latter dislike regulation and may shift toward less-regulated projects and markets. For the former, regulated DeFi environments are familiar and advantageous battlegrounds.
Given that institutional capital vastly outweighs native crypto capital, regulated DeFi platforms will enjoy far greater liquidity. DeFi projects deliberately designed to evade regulation will gradually become marginalized—remaining viable only in niche segments, yet still retaining some space. Crypto-native investors must prepare for this shift (gradual, then sudden), eventually facing difficult choices.
Innovation driven by technology cannot ultimately escape governmental authority (unless governments vanish from human society altogether)—it merely alters how power is exercised.
What does stronger regulation mean for crypto enterprises and DAOs?
LilyKing: Both crypto enterprises and DAOs must strengthen their regulation intelligence—understanding policies across jurisdictions, analyzing optimal registration locations, tax strategies, KYC implementation, required licenses—and make strategic decisions accordingly. Recent aggressive moves by the U.S. SEC may trigger a wave of U.S.-based teams going offshore. However, South Korea, Singapore, Japan, Europe, and India are also rolling out crypto-specific regulations.
Even crypto-native DAOs need deep understanding of regulatory frameworks to secure favorable environments. We’re seeing many projects publish decentralization roadmaps—gradually reducing central team involvement and minimizing centralized infrastructure. For example, dYdX plans to move its current off-chain centralized order book to a decentralized node-run system, and protocol profits will no longer be collected by a centralized entity. Beyond their publicized goal of “handing control to the community,” these changes help avoid the intense regulatory scrutiny faced by traditional companies.
For token-issuing DAOs, the biggest upcoming challenge is whether they’ll be seen as securities issuers. If so, they’ll face scrutiny from bodies like the SEC. To avoid having their tokens classified as securities, they must deeply understand securities laws and carefully design their tokenomics and governance structures.
Decentralization is the DAO’s strongest shield. Regulators excel at targeting centralized entities but struggle with genuine peer-to-peer networks. Regulatory legitimacy rests on protecting ordinary users from exploitation via information asymmetry—but this rationale doesn’t apply to transparent, highly participatory DAOs.
Regulation isn’t entirely bad for users. After all, smart contracts can’t fully prevent harmful actions by DAO members. Beyond countless rug pulls, consider the recent Tribe shutdown—Tribe DAO’s voting decision left many partners and users feeling betrayed, with some threatening to file complaints with the SEC.
For crypto firms with traditional equity structures or ambitions of going public, compliance costs are indeed high—as evidenced by Coinbase’s expenditures. Yet these costs enable integration with trillion-dollar traditional financial markets. The crypto world needs such bridge-building enterprises.
As legal professionals, how do you view “Code is Law”?
Blue Collar: The phrase emerged because “code” and “law” share meanings in English (e.g., “code” as in “legal code”), but in Chinese, “代码” (code) and “法律” (law) have little semantic overlap, losing the wordplay.
Smart contract code is unilaterally written by developers without consensus. Treating such unilateral output as universally binding law is clearly absurd. Code reflects only the developer’s intent and capability—it lacks universality, enforceability (users aren’t forced to run it), and may even contain unreasonable logic. Thus, it lacks essential attributes of law.
However, interpreting smart contract code as a form of agreement holds some merit—either between developers and users, or among users themselves. One could argue that “using a smart contract implies acceptance of its automated outcomes,” since users voluntarily choose to interact with it—aligning broadly with contract law principles worldwide.
But crucially, treating code as a contract doesn’t mean all execution results must be accepted unconditionally. In reality, many contracts can be deemed invalid, unenforceable, voidable, or of uncertain validity under various circumstances—including illegality, lack of authority, fraud, unconscionability, force majeure, or frustration of purpose (specifics vary by jurisdiction). Even if a smart contract executes automatically, legal systems may require rollbacks or corrective actions where technically feasible.
Therefore, “Code is Law” is at best a value statement held by certain tech enthusiasts—not societal consensus nor legal reality. Even those who personally believe in it must acknowledge that reality operates differently.
LilyKing: When Harvard Law Professor Lawrence Lessig first coined “Code is Law” in 1999, he didn’t mean code replaces law. Rather, he emphasized that code wields near-legal power in cyberspace—thus we should design code with constitutional principles, ensuring transparency, fairness, and protection of user rights.
Today in crypto, “Code is Law” is widely interpreted as meaning code alone suffices—no law needed. It represents an ideology limiting government power and defending personal freedom and privacy.
But offline, code cannot guarantee asset transfers. You can represent property ownership with a token, but if the seller refuses to vacate post-sale, you’ll still need law enforcement. Much human activity remains off-chain—code cannot prevent money laundering or terrorist financing. That’s where law becomes essential.
Even online, after rug pulls, hacks, or disputes, crypto users often turn to legal authorities—and frequently find them effective.
The next phase of crypto must transform the real world. The deeper the integration with off-chain people and assets, the greater the need for a symbiotic Code+Law framework.
How can Distributed, Cobo help institutions and DAOs navigate evolving regulatory landscapes?
Blue Collar: This depends heavily on how regulations evolve. Currently, DAOs’ legal status and regulatory treatment remain unclear globally. Even in the U.S., where some states allow DAO registration as legal entities, such registered DAOs differ fundamentally from those envisioned in the blockchain space (semantic pollution). Under such uncertainty, providing clear compliance pathways for DAOs is challenging.
Still, several foundational legal principles can be proactively adopted:
(1) Treasury management is critical—DAOs need governance structures akin to public companies or nonprofits: properly constituted governing bodies, formal voting procedures for expenditures, and ongoing oversight of fund usage. Future DAO legislation will likely first address treasury controls;
(2) Membership admission mechanisms should include safeguards—not remain fully permissionless (automatic membership upon token holding). KYC may be necessary, along with formal exit processes beyond simply selling tokens;
(3) DAOs need mature, stable constitutions or charters (beyond just code), explicitly binding to all members—an essential condition for organizational independence;
(4) Clear scope definition—specifying which on-chain smart contracts and real-world entities/assets belong to the DAO. The future lies in multi-faceted, multi-dimensional DAOs—not just smart contracts and tokens.
LilyKing: Cobo places strong emphasis on Regulation Intelligence, closely tracking policy developments worldwide.
While the current regulatory storm has shaken the crypto community, the reality isn’t all bleak. Even in the U.S., novel innovations often benefit from regulatory leniency. Tokenization is as powerful a financial tool as securitization, yet as a newer phenomenon, it faces significantly lighter oversight. Regulators like the SEC don’t appear intent on crushing crypto innovation—SEC Chair Gary Gensler likened blockchain to automobiles in the 20th century: his aim is simply to add seatbelts. While managing regulatory risk, we must also recognize legitimate regulatory advantages.
Cobo’s smart contract custody platform Argus enables institutions and DAOs to generate auditable reports. We are also developing Cobo Chain, a next-generation decentralized custody blockchain. These decentralized technological solutions and asset management approaches help our institutional and DAO clients reduce exposure to regulatory scrutiny.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














