How can laws and regulations address insider trading in DeFi?
TechFlow Selected TechFlow Selected
How can laws and regulations address insider trading in DeFi?
The DeFi industry needs to take proactive actions, engage in discussions, and establish standards for future compliance.
Navigating Web3 tides with focused insights
Written by Sabina Beleuz
Translated by TechFlow
This article is from the Stanford Blockchain Review. TechFlow is an official partner of the Stanford Blockchain Review and has been exclusively authorized to translate and republish this content.
Introduction
In this DeFi winter, the crypto market has clearly become tougher—and even more vulnerable to internal damage.
In January 2022, the first charges for insider trading in cryptocurrency were filed: Coinbase product manager Ishan Wahi leaked information about upcoming token listings on Coinbase—including dates and other material non-public details—to his brother Nikhil Wahi and friend Sameer Ramani. According to the indictment, from June 2021 to April 2022, this allowed defendants Nikhil Wahi and Ramani to profit approximately $1.1 million by capitalizing on price surges following the token listings.
While the Wahi case marks the first formal charge related to token insider trading, it will neither be the first nor the last such incident. Beyond amateur sleuthing on crypto Twitter, academic research has demonstrated the extent of this phenomenon. For example, using on-chain data to track wallets that systematically exhibit statistically significant trading patterns prior to Coinbase listings—and ruling out alternative explanations—researchers Ester Félez-Viñas, Luke Johnson, and Talis Putniņš estimate that 10–25% of cryptocurrency listings involve insider trading, with insiders earning at least $1.5 million in profits.
One thing is certain: insider trading in crypto assets is real, and the legal measures taken so far represent only the tip of the iceberg. The most challenging aspect of the Wahi case is whether insider trading doctrine applies to tokens that may or may not be securities—but ultimately, it remains a conventional insider trading case. In fact, Wahi resembles a typical traditional financial insider trader: although the traded assets are tokens, the informant was clearly a corporate insider with a duty to safeguard material non-public information. The issue becomes murkier when considering decentralized finance (DeFi), where fiduciary duties to protect information are far less defined than in traditional corporate environments.
The question is whether the existing securities fraud regime underpinning insider trading laws can adapt to DeFi—or whether it might instead serve as a policy lever for overregulating the space?
Understanding Insider Trading Liability Theories
The Wahi case provides a clear illustration of insider trading liability theories in action. First, there's the broad "wire fraud" charge: when charging Wahi and his co-conspirators, the U.S. Department of Justice invoked wire fraud—a statute covering criminal activities conducted via electronic communications, which includes insider trading.
On the other hand, the Securities and Exchange Commission (SEC) pursued the insider trading route under Section 10(b) of the Securities Exchange Act and its implementing rule, Rule 10b-5. Under this framework, two primary theories of insider trading liability exist: the classical theory and the misappropriation theory.
Before either liability theory applies, fraud or deception must occur "in connection with the purchase or sale of any security." This adds another layer of complexity, especially when assessing liability related to insider trading involving specific crypto assets. While commodities also have insider trading rules, they are largely modeled after Rule 10b-5 and the misappropriation theory, leading us into the same dilemma described below.
1. Classical Theory: Corporate Insider Relationships
The classical theory applies to traditional corporate insiders, where "(i) a relationship exists that gives access to inside information intended solely for corporate purposes, and (ii) it would be unfair to allow the corporate insider to exploit that information for personal trading without disclosure." Under this theory, Wahi was an employee of Coinbase, meaning he had a fiduciary obligation to act primarily in his employer’s interest. As stated in the indictment, Coinbase’s policies required “corporate insiders to maintain the confidentiality of material, non-public company information and prohibited them from trading on such information for their own accounts or disclosing it to others.”
While this is the most straightforward path to insider trading liability, it is also the most vulnerable in decentralized finance contexts. To clarify: for assets designated as equity securities, insider trading by managers or directors follows the same logic as in traditional settings.
However, for decentralized protocols governed by DAOs (decentralized autonomous organizations), the situation becomes ambiguous. Decentralization weakens the theoretical basis for fiduciary duties—for instance, the typical relationship between developers and token holders in traditional finance. Suppose a DeFi protocol is managed by a DAO, and an individual insider trader is merely a DAO contributor (not an employee) who obtained material non-public information through their role as a contributor. To whom do they owe fiduciary duties? Some scholars argue that developers may owe classical theory duties to holders of the crypto assets they develop, but this argument has yet to be advanced in any legal case. Under current interpretations, decentralization undermines the type of relationship required to bring claims under the classical theory.
2. Misappropriation Theory: Breach of Trust and Confidence
Alternatively, under Rule 10b-5, liability based on the misappropriation theory hinges on a duty of trust and confidence between the source of the information (here, Wahi) and the person to whom it is disclosed. This theory does not require a breach of explicit fiduciary duty (e.g., to an employer or shareholders); rather, the core issue is deceiving the source of the information.
This form of liability arises when (i) someone agrees to keep confidential information secret; (ii) there is a pattern of sharing such information between two parties, creating an implicit or reasonable expectation of confidentiality; or (iii) someone receives information from their spouse, parent, child, or sibling—unless they can prove no duty of trust and confidence existed within that relationship. Applied to the Wahi case, Ishan “breached Coinbase’s policies and violated the duty of trust and confidence he owed to Coinbase as the source of the information by disclosing material, non-public details about planned listings to Nikhil and Ramani.”
Applying this theory in DeFi environments becomes unclear. Recall that under the misappropriation theory, the source’s trust and confidence in the recipient are considered essential to liability. However, inside information in crypto is often not used under false pretenses. Protocols rarely establish compliance practices regarding material non-public information, and arguably, crypto assets without clearly defined issuers lack counterparties to whom agents could owe fiduciary obligations.
Returning to the DAO example: if a DAO contributor receives material non-public information once from another DAO contributor, is that sufficient to establish a relationship of trust and confidence triggering misappropriation liability? Moreover, given that vast amounts of crypto data are publicly accessible, can we even expect that the information held is truly non-public?
Again, here, scholars familiar with crypto, such as Andrew Verstein, suggest possible solutions by delineating strict liability boundaries for certain types of crypto insiders. For example, miners in mining pools could be explicitly designated as possessing non-public information due to their concentrated control over computational power and early knowledge (slightly ahead of the market) of which transactions will be executed. However, it remains unclear how courts would handle such cases or any of the above edge cases—leaving market participants not only potentially unprotected but also confused when insider trading occurs.
Insider Trading as a Policy Basis for Classifying Tokens as Securities
From a regulatory standpoint, the indirect effect of insider trading enforcement creates another opportunity for enforcement-driven regulation—favoring litigation to stop violations rather than establishing clear boundaries through forward-looking legislation. It remains uncertain how native DeFi participants (e.g., DAO contributors) could be held liable for insider trading. Yet, from the regulators’ perspective, drawing this line and defining liability may be the most advantageous approach to deter bad actors from skirting close to illegal behavior.
Arguably, the SEC has done exactly this by labeling all nine contested tokens in its complaint as “securities,” without relying on any precedent affirming that they actually are securities. Coy Garrison, Alan Cohn, and Jacob M. Weinstein of Steptoe & Johnson LLP agree with this view, suggesting: “The SEC’s characterization of these investment contracts is a jurisdictional necessity—that is, the SEC must secure a ruling that at least one token qualifies as a security in order to justify requiring advance disclosure of token listings under U.S. securities law and thereby succeed in an insider trading case. This gives the SEC strong incentives to push the case toward concluding that all involved tokens are securities, leaving relevant projects or the broader industry with little chance to effectively challenge the SEC’s allegations or question its methodology.”
Combating insider trading is legitimate and serves as a widely accepted rationale for securities regulation. Undoubtedly, insider trading is objectively seen as unethical in nearly all circumstances because it fosters unfairness and injustice. Therefore, enforcing and mitigating insider trading in crypto provides regulators with a policy justification to broadly classify tokens as securities.
The teams behind these tokens, however, have no voice in the matter. Since the creators of the involved tokens were not named as parties in the litigation, they have no opportunity in court to argue that their tokens are not securities. As the Blockchain Association noted in its amicus brief in the Wahi case: “Overall, these allegations attempt to impose new rules on diverse tokens with different use cases (some vastly different from others), asserting they remain securities even when traded on secondary markets, far removed from their original issuance.”
With the rise of decentralization, relational models have fundamentally changed—some of which may trigger legal liability if individuals violate duties of trust and confidence toward others. Without clearly defining these relationships and responsibilities upfront, and without including DeFi stakeholders in the conversation, ex post enforcement against morally objectionable acts like insider trading risks creating a chilling effect—and could ultimately lead to regulatory distrust, from which recovery may be difficult.
Therefore, clear rules and standards must be established early to ensure DeFi participants understand their legal obligations when acting. Doing so can prevent regulators from abusing their authority in ways that negatively impact the entire industry. The DeFi sector must take proactive steps—engaging in dialogue and helping shape future compliance standards. Developers of DeFi protocols, DAO contributors, and other participants should communicate more closely with regulators to ensure their perspectives are heard and to promote a more transparent market.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
Stanford Blockchain Club
