Web3 Practitioner's Ethical Legal Compliance Guide: Always Protect Yourself When Working Outside
TechFlow Selected TechFlow Selected
Web3 Practitioner's Ethical Legal Compliance Guide: Always Protect Yourself When Working Outside
This article will outline the compliant operational pathways for Web3 practitioners in the cryptocurrency space from the perspective of virtual currency regulation in China.
Navigating Web3 tides with focused insightsAuthor:
Will Ahwang, LL.M. in International Law, investment and financing lawyer, startup veteran, independent researcher
Chris Chu Yan, crypto lawyer, former senior product manager at a cryptocurrency exchange, on-chain data researcher
Web3 projects built on public blockchains are global from inception, capable of reaching broad international markets. However, from a legal compliance perspective, this brings regulatory challenges across different jurisdictions—such as the ongoing regulatory battles between U.S. authorities and major crypto players, which exemplify the complexities of operating globally.
Web3 practitioners based in Chinese-speaking regions inevitably have multiple connection points with China—a jurisdiction characterized by strict regulation—and thus must understand China’s stance and red lines regarding virtual currencies. Previously, we delivered a session titled “How Web3 Practitioners Can Protect Themselves in the Crypto World” at LXDAO, which received enthusiastic feedback. As San Zhi noted: “I believe this is a talk every Web3 practitioner should attend.”
We felt it essential to transform our discussion into written form. Guided by a sense of integrity, we hope this article helps fellow Web3 practitioners protect themselves while managing overall project risks. This article will focus specifically on China's regulatory framework for virtual currencies, outlining compliant operational pathways for Web3 practitioners—including individuals, developers, and project teams—within the crypto ecosystem.
1. The Status and Regulatory Red Lines of Virtual Currencies in China
1.1 The Legal Status of Virtual Currencies in China
Since Bitcoin entered regulators’ radar, China has maintained a strict and cautious approach. On December 3, 2013, the People’s Bank of China (PBOC) and four other ministries issued the “Notice on Preventing Bitcoin Risks,” which explicitly denied Bitcoin’s status as money—stating that it is not issued by monetary authorities and lacks legal tender status and compulsory acceptance, and therefore is not real currency in the true sense.
In nature, Bitcoin should be regarded as a specific type of virtual commodity, without equivalent legal standing to fiat currency, and cannot and should not circulate or be used as money in the market. This principle has formed the foundation of China’s regulatory stance toward virtual currencies and remains in effect today.
1.2 Regulatory Red Lines for Virtual Currencies
China’s red lines concerning virtual currencies can be derived from the “Notice on Further Preventing and Dealing with the Risks of Virtual Currency Trading and Speculation” issued by ten government departments including the PBOC on September 15, 2021 (“924 Notice”). Its core provisions include:
(1) Virtual currencies do not have legal status equivalent to fiat currency. Cryptocurrencies such as Bitcoin, Ethereum, and Tether (USDT) are not official currencies, lack legal tender status, and cannot be used as money in the marketplace.
Interpretation: This has been a consistent regulatory red line since 2013.
(2) All business activities related to virtual currencies are deemed illegal financial activities and are strictly prohibited; criminal liability will be pursued where applicable. These activities include: exchanging fiat currency for virtual currency, trading between virtual currencies, acting as a central counterparty in buying/selling virtual currencies, providing information intermediation and pricing services for crypto transactions, token issuance financing (e.g., ICOs), and derivatives trading involving virtual currencies.
Interpretation: Building upon the 2017 ban on initial coin offerings (ICOs), this provision further clarifies that any virtual currency-related business constitutes an illegal financial activity within mainland China. Entities involved in facilitating fiat-to-crypto exchanges, spot trading, derivatives, centralized/decentralized exchanges, ICOs, or brokerage services promoting token circulation face strict prohibition.
(3) Overseas exchanges offering services to residents within China constitute illegal financial activities.
Interpretation: This has prompted many exchanges and Web3 projects to relocate their operations overseas and completely cease serving users in China—blocking access based on IP addresses originating from China or passport holders from China—to avoid exposure to domestic regulatory risks.
(4) Residents within China bear full responsibility for investing in virtual currencies. If investment behavior disrupts financial order or endangers financial security, legal liabilities apply. Any legal entity, unincorporated organization, or individual engaging in investments in virtual currencies or related derivatives violates public order and good customs, rendering relevant civil acts invalid, with losses borne entirely by the investor. Cases suspected of disrupting financial order or threatening financial security will be investigated and punished by competent authorities.
Interpretation: While personal investment in virtual currencies is not explicitly labeled illegal under Chinese law, regulators emphasize that investors assume all risks. In judicial practice, numerous contracts involving virtual currency transactions among individuals or between entities and individuals have been ruled invalid due to violating public order and good customs protected by the 924 Notice—particularly those undermining financial stability and market order. For such invalid civil acts, courts often allocate responsibility based on each party’s degree of fault.
2. Cross-Border Structures Under Strict Regulation
2.1 Domestic Development with Overseas Operations and Promotion
Under China’s stringent regulatory environment, Web3 projects typically shift their organizational structure and operations offshore, fully discontinuing services targeting Chinese users—including blocking access based on Chinese IP addresses or holding Chinese passports—to mitigate regulatory risks.
Typically, project teams place management and marketing personnel overseas—for example, in Hong Kong or Singapore—to target international markets. Due to cost considerations and practical realities, however, development work may still be carried out domestically, with developers remaining in mainland China to support technical development, or through outsourcing arrangements with foreign entities.
While these measures help reduce exposure to Chinese regulatory scrutiny, China’s criminal law includes comprehensive extraterritorial application mechanisms. Therefore, even cross-border structures may not fully shield individuals from liability when criminal activities are involved.
2.2 China’s Assertive Jurisdictional Reach
The 924 Notice clearly states: “For staff members inside China working for overseas virtual currency exchanges, and for any legal entity, unincorporated organization, or individual who knowingly or should have known provides marketing, payment settlement, technical support, or other services to such entities engaged in virtual currency-related businesses, relevant responsibilities shall be pursued according to law.”
Although this provision specifically targets overseas exchanges conducting illegal financial activities, we believe it applies equally to other entities offering similar services—such as fiat on/off ramps, spot trading (CEX/DEX), derivatives trading (Prep DEX), token fundraising (ICO), etc. We also consider it applicable to projects involving gambling or fraudulent fundraising schemes.
Once such illegal financial activities constitute crimes, Chinese regulators may assert strong jurisdictional authority over them. This can be understood at three levels:
First, employees within China working for entities conducting illegal financial activities may face charges such as illegal business operations, illegal absorption of public deposits, fundraising fraud, or organizing pyramid schemes, depending on the nature and scope of their involvement.
Second, domestic service providers in China—including third-party tech vendors, PR/media firms, and payment processors—who assist illegal financial operators may be held accountable. In serious cases, they could be treated as accomplices or separately charged with crimes like aiding information network criminal activities (“Helping Information Network Crime Activities,” or “Bangxin Zui”).
Third, even if an illegal financial operator is located outside China but uses the internet to provide virtual currency services to Chinese citizens while violating Chinese laws, it remains subject to Chinese legal jurisdiction. As long as the victim’s information system location, the location where the harm occurred, or the site of financial loss is within China, Chinese authorities possess extraterritorial jurisdiction.
3. Compliance Pathways and Protective Measures for Web3 Practitioners
Despite clear red lines, strong oversight, and expansive jurisdiction, our goal is not to instill fear, but rather to outline viable compliance paths so Web3 practitioners can build legally and sustainably. There remains a bright future ahead—if we proceed with care and awareness.
3.1 Individual-Level Compliance Pathways
3.1.1 Holding and Trading Virtual Currencies
Regarding holding: Although regulatory documents deny virtual currencies legal tender status, they do not deny their nature as virtual commodities. Holders retain property rights associated with these assets, which remain protected under the law. Thus, merely holding virtual currencies as virtual goods is not problematic.
Regarding trading: The 924 Notice states that “any legal entity, unincorporated organization, or individual investing in virtual currencies or related derivatives, in violation of public order and good customs, renders such civil acts invalid, and resulting losses shall be borne by the investor.” However, court rulings across jurisdictions vary significantly in practice.
For instance, after the 924 Notice, the Shanghai First Intermediate People’s Court ruled in case (2021) Hu 01 Min Zhong No. 11624 that “Chinese laws and regulations neither prohibit ownership nor lawful transfer of virtual currencies or tokens, nor ban private individuals from normally trading virtual currencies.”
Unfortunately, many local courts this year have increasingly inclined toward deeming contracts involving virtual currency investments invalid, allocating losses based on parties’ respective faults—reflecting regulators’ emphasis on self-risk assumption for crypto-related civil acts.
3.1.2 Fiat On/Off Ramping (OTC)
One of the most common sources of criminal risk for Web3 practitioners and investors is OTC fiat on/off ramping—converting fiat into BTC, ETH, or other cryptocurrencies, then cashing out profits back into fiat—as part of personal investment decisions.
However, rampant telecom fraud both domestically and internationally has led criminal groups to use OTC trades to launder illicit funds. Due to their anonymity and decentralized nature, digital assets like BTC, ETH, and USDT have become preferred tools for money laundering by cybercriminals. As a result, many investors unknowingly receive “dirty money” from fraud schemes during transactions, leading to frozen bank accounts.
Additionally, some investors find their exchange accounts frozen—often due to connections with betting platforms via deposit/withdrawal activities. Both scenarios are current enforcement priorities in China, so practitioners and investors must remain vigilant about potential risks arising from their actions.
When conducting on/off ramps, participants are advised to carefully vet counterparties’ identities and sources of funds. Transactions with suspicious parties or unclear fund origins should be terminated promptly to avoid entanglement in criminal investigations. If an account is frozen, individuals should immediately contact banks or law enforcement to explain the situation. The key during communication is proving no connection to the counterparty’s alleged criminal activity. Engaging professional legal counsel is recommended when necessary.
3.2 Developer-Level Compliance Pathways
Having clarified compliance paths for individual holding, trading, and on/off ramping, developers carry an additional role—as builders of Web3 projects. This role exposes them to project-level risks, especially when working with entities classified by regulators as engaging in illegal financial activities.
Developers staying in China under cross-border operational models remain exposed to China’s virtual currency regulations. Therefore, they must constantly monitor risk factors and take appropriate protective measures.
3.2.1 Identifying Projects Engaged in Illegal Financial Activities
The 924 Notice outlines most forms of illegal financial activities, including entities providing fiat exchanges, spot trading, token fundraising (ICO), or derivatives trading—with exchanges being primary targets. Developers building for such projects should recognize that high salaries may partially reflect compensation for assuming Chinese regulatory risk.
It is crucial to assess whether the operating entity implements adequate risk controls toward the Chinese market—such as blocking Chinese IPs/VPNs and enforcing strict KYC/AML/CTF procedures—which can effectively reduce exposure to Chinese jurisdiction.
While most developers may not have full visibility into a project’s overall risk profile, increased attention and dialogue are strongly encouraged.
3.2.2 Defining the Nature of Work
A Web3 practitioner’s level of risk correlates closely with job function and depth of project involvement. Public judicial precedents show that marketing, business development, technical, and finance leads—those playing decisive roles in project operations—face harsher penalties when projects encounter criminal investigations. Decision-makers rarely escape legal consequences once a project faces criminal allegations.
Therefore, practitioners must thoroughly evaluate both their roles and the trajectory of projects during hiring and daily work. Upon identifying potential legal violations, timely disengagement is critical to prevent deeper entanglement.
3.2.3 Risks in Receiving Compensation
Currently, many practitioners receive salaries or fees in stablecoins or project tokens. However, Article 50 of China’s Labor Law and Article 5 of the “Provisional Regulations on Wage Payment” stipulate that wages must be paid in legal tender and cannot be substituted with physical goods or securities. Since virtual currencies are not legal tender in China, paying wages in crypto violates labor law if a formal employment relationship exists under a labor contract.
3.3 Project-Level Compliance Pathways
3.3.1 Effective Internal Controls and Risk Identification
Overseas-facing exchanges and Web3 projects must implement effective risk control and compliance measures toward the Chinese jurisdiction—such as blocking Chinese IP/VPN access and enforcing robust KYC/AML/CTF protocols. These steps help mitigate exposure to Chinese legal jurisdiction.
Moreover, proactive cooperation with Chinese regulatory authorities’ requests for mutual legal assistance is also essential.
3.3.2 Establishing a Sound Cross-Border Legal Structure
There is no need to limit projects solely due to regulatory concerns—we actively assist teams in exploring and evaluating compliant cross-border architectures. By properly decomposing and distributing tasks, projects can leverage the advantages of cross-border setups: tapping into China’s large talent pool and policy incentives while capturing global value through Web3 economic models. However, this requires careful planning. For example:
Establishing a blockchain infrastructure company within China to empower domestic enterprises using blockchain technologies (e.g., DID, zero-knowledge proofs, payments) is welcomed in innovation zones, qualifies for policy subsidies and grants, enables compliant operations, and supports “technology going global.”
Meanwhile, offshore entities can harness Web3’s strengths to capture global value—data, community participation, global collaboration, etc. Take VitaDAO, a decentralized autonomous organization focused on extending human lifespan through biomedical research. It collectively owns and manages scientific intellectual property (IP), leveraging blockchain to democratize funding and decision-making in research. This Web3-driven model lowers barriers to accessing IP data and enables multi-party licensing, empowering multiple organizations, coordinating global resources, and providing economic incentives.
(How VitaDAO Works)
4. Legal Dilemmas of Decentralized Projects — Who Bears Responsibility?
Unlike traditional projects, the defining feature of Web3 is decentralization—an attribute that unlocks immense potential, such as DAOs enabling large-scale global collaboration through innovative incentive models. Yet, Web3 projects cannot blindly charge forward under ideals of decentralization. New regulatory and compliance challenges pose direct obstacles to ongoing operations—challenges that not only trouble project teams but may also implicate developers.
The most immediate regulatory question is: After decentralization, who bears responsibility?
4.1 CFTC Enforcement Action — Developers Held Liable
Some say “the decentralized on-chain world is a lawless zone where no one bears responsibility”—but the U.S. Commodity Futures Trading Commission (CFTC) disagrees, asserting that developers remain liable.
In *CFTC v. Ooki DAO*, a DAO governing an on-chain protocol was held legally accountable for violating CFTC rules on commodity futures. More alarmingly, because Ooki DAO existed purely on-chain without legal personality, liability shifted directly to its governance participants.
Furthermore, in three September enforcement settlements involving DeFi protocols, the CFTC targeted protocol developers. Despite the protocols being open, permissionless, and accessible to anyone, the CFTC attributed third-party misconduct directly to developers—even though developers had no control over how others used the code.
4.2 Uniswap Ruling — Developers Not Liable, Technology Is Neutral
In contrast, the outcome in the Uniswap case was markedly different. The judge ruled that a DEX (Uniswap protocol) is not responsible for user losses caused by malicious third-party tokens—affirming that technology itself is neutral and blameless; culpability lies with those misusing the tool. This ruling is a major win for decentralized projects.
This favorable outcome likely stems from Uniswap being incorporated in the U.S., proactively cooperating with regulators, and having a single-purpose governance token. Regardless, Uniswap sets a valuable precedent for how other decentralized projects can navigate regulatory scrutiny.
4.3 A Regulatory-Friendly Decentralization Roadmap — The Uniswap Playbook
As the most successful decentralized exchange, Uniswap’s growth path offers valuable lessons—especially given its sensitive business (crypto trading) and operation under uncertain U.S. regulation. As previously highlighted by DaoVoice: “Uniswap—the most successful American fintech company riding the Web3 wave”—its success hinges largely on regulatory compliance.
We’ve mapped out Uniswap Labs’ post-protocol spin-off compliance strategy, which serves as a model for regulatory-friendly decentralization. This structural separation aims to achieve progressive decentralization while gaining greater flexibility in regulatory compliance.
Decentralization + Non-Security Token: The Uniswap protocol runs autonomously on-chain and is governed by Uniswap DAO, achieving decentralization. Its sole-purpose governance token UNI avoids classification as a security by the SEC, contributing to its favorable court ruling;
Legal Wrapper for DAO + Limited Liability for Members: Uniswap DAO established the Uniswap Foundation as a legal entity to serve as a legal wrapper—protecting members from personal liability and enabling interaction with Web2 institutions to expand influence;
Labs Operates Independently + Flexible Frontend Development: The original development team, Uniswap Labs, became a separate legal entity and transitioned into a primary contributor. Freed from direct protocol obligations, it can now maintain and enhance frontend products (e.g., introducing fee models on the Uniswap app) via API calls to the backend protocol;
Regulate Applications, Not Protocols: Echoing a16z’s advocacy, decentralized on-chain protocols are inherently incompatible with regulation, whereas frontend applications can readily comply. Teams and products can thus insulate themselves from regulatory risk. Like any mobile app, frontends can implement KYC/AML/CTF checks, delist tokens flagged by regulators, and pursue required licenses.
By contrast, Tornado Cash faced severe sanctions because its protocol lacked compatibility with regulation—no KYC/AML/CTF measures were implemented, and it refused to cooperate—leading to criminal charges against its developers in the absence of a legal wrapper.
5. Final Thoughts
From a legal professional’s standpoint, virtual currencies should not be viewed merely through the lens of “whether you’ll get prosecuted.” While important, we should instead adopt a FinTech perspective—supporting the sustainable development of both finance and technology in the crypto space.
Sharing these insights reflects LXDAO’s ethos of “integrity.” We do not intend to discourage Web3 practitioners with cautionary tales, but rather to contribute these materials as sustainable “public goods” that generate positive externalities for the industry. With a long-term mindset, we aim to help Web3 practitioners operate legally and ethically—protecting themselves while better building the ideal world we envision.
We welcome your outreach—let’s build together!
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
0xWillmfer
