
2023 Global Web3 Virtual Asset Industry Regulatory Policies and Events Overview
TechFlow Selected TechFlow Selected

2023 Global Web3 Virtual Asset Industry Regulatory Policies and Events Overview
This article focuses on regulatory enforcement and judicial cases in the U.S. jurisdiction regarding the virtual asset industry.
Author: Will Awang, Investment and Financing Lawyer
This article is the second part of "2023 Web3 Blockchain Security Landscape, Anti-Money Laundering Analysis, and Summary of Key Regulatory Policies in the Crypto Industry." For the security landscape section, see "2023 Web3 Blockchain Security and Anti-Money Laundering Analysis."
Below is the regulatory policy and event observation section co-authored for Beosin's 2023 annual report. This article covers the 2023 regulatory developments and key events in the Web3 virtual asset industry, with a focus on U.S. jurisdiction’s regulatory enforcement and judicial cases involving the virtual asset sector. These include the U.S. Securities and Exchange Commission (SEC) actions against exchanges Kraken, Coinbase, and Binance; the Ripple litigation; Grayscale’s Bitcoin spot ETF lawsuit; the Commodity Futures Trading Commission (CFTC) enforcement against DeFi protocols; and the class-action lawsuit against Uniswap. These cases carry significant implications for the virtual asset industry and are poised to shape the future U.S. regulatory framework—and potentially influence global virtual asset regulation.
Although the SEC did not receive broad support from the court in its case against Ripple, this single ruling does not deter the SEC from filing lawsuits against the three largest exchanges—Kraken, Coinbase, and Binance. Through these actions, the SEC directly presents the most contentious question in the industry to the U.S. judiciary and legislature: “Which virtual assets qualify as securities?” It is expected that this question will be addressed during the 2024 U.S. election year.
Meanwhile, following prior regulatory exploration, the CFTC has now turned its attention to DeFi. In this context, the SEC targets CeFi, while the CFTC focuses on DeFi. The U.S. Department of Treasury’s FinCEN and OFAC remain focused on KYC/AML/CTF compliance for global virtual asset flows. This likely represents the regulatory landscape for the virtual asset industry leading up to the 2024 U.S. election.
From a traditional finance perspective, increasing market standardization and growing recognition of Bitcoin’s commodity status and value continue to drive institutional capital into the space. Major traditional financial institutions are preparing for entry, and the approval of a spot BTC ETF by the SEC will serve as a critical catalyst—making Grayscale’s legal victory particularly significant.
Before traditional finance can fully enter, the industry must first resolve its greatest uncertainty—Binance and CZ. Thus, the record-breaking settlement between Binance and U.S. authorities—including the Department of Justice (DOJ), CFTC, FinCEN, and OFAC—marks a turning point toward full compliance and integration. “Any entity seeking to operate in the United States and benefit from its robust financial markets must strictly comply with U.S. laws,” stated U.S. Treasury Secretary Janet Yellen, underscoring a firm regulatory stance.
I. The SEC’s Fundamental Question: “What Virtual Assets Are Securities?”
Following the collapse of FTX and numerous other virtual asset platforms in 2022, the U.S. SEC faced criticism from markets and members of Congress for failing to regulate this volatile sector in a timely manner. On February 7, 2023, the SEC’s Division of Enforcement announced that it would prioritize the review of “Emerging Technologies and Crypto-Assets” [1].
Since then, the SEC has launched a new wave of stricter and more aggressive “Regulation by Enforcement” targeting the core unresolved issue: “What virtual assets qualify as securities?”
1.1 Kraken’s Staking Product Settlement and Securities Litigation
The first target of SEC enforcement was exchange Kraken. On February 9, 2023, the SEC announced that Kraken agreed to pay $30 million and cease offering its staking-as-a-service product to U.S. customers to settle charges related to the unregistered offering of securities [2].
The SEC stated, “When investors provide assets to such staking services, they lose control over those assets and bear risks associated with the platform, with little protection.” Once Kraken obtained investors’ assets, it could use them for any purpose (with no disclosure to investors), while promising high returns.
SEC Chair Gary Gensler personally released a video explaining why products like Kraken’s staking service fall under U.S. securities laws: “When a company or platform offers these types of products and promises returns—whether labeled as Lending, Earn Rewards, APY, or Staking—the act of offering an investment contract in exchange for investor funds should be protected under federal securities law... This enforcement action sends a clear message to the market: providers of staking yield products must register and offer full, fair, and truthful disclosures with investor protections.”
The SEC’s rationale for classifying Kraken’s staking product as a “security” is as follows: First, Kraken received investors’ funds (exercising full control); second, the funds were pooled and used by Kraken for a common enterprise (exact activities undisclosed); third, Kraken promised returns as high as 21% (compared to Ethereum Foundation’s official ETH staking return of ~3%-5%); and fourth, investors merely contributed capital and relied on Kraken’s efforts for returns. This satisfies all conditions of the Howey Test, constituting an “investment contract” and thus a securities transaction.

Further Reading:Ethereum and ETH Staking (Solo Staking) Are Not Securities—Kraken’s ETH Staking Product Is
On November 20, 2023, the SEC extended its securities classification logic to cryptocurrencies listed on Kraken. Because the trading pairs included crypto asset securities, the SEC alleged that Kraken integrated traditional financial services—exchange, broker, and clearing functions—and therefore must register with the SEC [3]. This mirrors the allegations against Coinbase, both centering on the fundamental question: “What virtual assets are securities?”
1.2 The Securities Lawsuit Against Coinbase, the Largest U.S. Publicly Listed and Regulated Exchange
On June 6, the SEC filed a lawsuit against Coinbase, the largest regulated digital asset exchange in the U.S. Coinbase became the first comprehensive crypto financial services provider to go public in the U.S. in April 2021, known for its compliance posture. This lawsuit reflects the regulatory challenges and compliance frameworks all virtual asset exchanges face under SEC scrutiny [4].
According to the SEC’s complaint [5], Coinbase integrates traditional financial services—exchange, brokerage, and clearing—into one platform. Because the traded assets include crypto asset securities, it must legally register with the SEC. Coinbase’s violations include: (1) operating as an unregistered broker-dealer by soliciting investors, handling customer funds and assets, and charging trading fees; (2) operating as an unregistered exchange by providing a marketplace for matching and executing buy/sell orders; and (3) acting as an unregistered clearing agency by holding customer assets in wallets controlled by Coinbase and settling trades via debit entries.
The SEC also accused Coinbase of issuing and selling unregistered securities through its Staking-as-a-Service program. In February, the SEC used similar reasoning to enforce against Kraken, which ultimately agreed to pay $30 million to settle. Coinbase, however, chose to fight back.
Additionally, the SEC identified 13 tokens on Coinbase’s platform as securities: SOL, ADA, MATIC, FIL, SAND, AXS, CHZ, FLOW, ICP, NEAR, VGX, Dash, and NEXO. Notably, the SEC emphasized this is a non-exhaustive list.
Web3 Xiao Law Comments:
The SEC’s grounds for suing Kraken and Coinbase are consistent: because certain tokens on their platforms are deemed “securities,” the platforms are charged with failing to register as exchanges, brokers, and clearing agencies. The classification of virtual assets as “securities” remains the ultimate unresolved issue in U.S. regulation.
Although SEC Chair Gary Gensler has so far avoided directly addressing whether ETH qualifies as a security, Judge Katherine Polk Failla in the Uniswap case explicitly referred to ETH as a commodity (crypto commodity). Given that she is also presiding over SEC v. Coinbase, her statement—“This is not for the courts to decide, but for Congress”—passes the ultimate question to the U.S. legislature. However, congressional legislation will be a lengthy process, especially amid the uncertainties of the 2024 election year.
Precisely due to this regulatory ambiguity, the SEC has ample room to maneuver. The SEC avoids deeply defining what constitutes a “security” (as Gensler demonstrated through evasive testimony during hearings), instead using the classification of individual project tokens as securities to initiate broader investigations into potential money laundering, market manipulation, and investor deception. The Binance and CZ settlement case exemplifies this strategy perfectly.
Therefore, whether a specific token is classified as a security (as in SEC v. Ripple) is less important than the consequences once a project faces SEC enforcement. Beyond paying fines, the SEC often requires companies to implement internal controls. As more projects adopt these internal controls, they effectively become de facto regulations. Gary Gensler previously employed this tactic during his tenure as CFTC chair, and he is applying the same approach at the SEC today.
II. Whether Ripple’s XRP Is a Security Remains Unclear—Court Must Clarify Further
On July 13, 2023, the long-running, $200-million SEC v. Ripple case—lasting three years—briefly concluded. In a 34-page opinion [6], the judge ruled that Ripple’s fundraising from institutional investors constituted an investment contract and thus a securities offering, whereas algorithmic sales of tokens via exchanges did not constitute investment contracts and therefore were not securities offerings.
On December 22, 2020, the SEC sued Ripple and its founders, alleging that since 2013, they repeatedly offered and sold XRP tokens in various ways, raising over $1 billion without registering the offerings with the SEC or qualifying for exemptions—violating Section 5 of the U.S. Securities Act.
The judge skillfully sidestepped the most controversial regulatory question—what makes a virtual asset a security—and instead assessed whether different methods of XRP distribution constituted securities offerings based on their economic substance. The judge noted that many investment contracts are backed by commodities like gold or crude oil, which do not necessarily meet the definition of “securities.” The same applies to Ripple’s XRP token.
For institutional sales of XRP, the judge found the marketing and rational expectations of institutional investors satisfied the Howey Test, making these transactions securities offerings. However, for programmatic sales on exchanges, secondary-market investors may profit based on macroeconomic conditions or trading strategies rather than Ripple’s efforts—thus failing to satisfy the Howey Test and not constituting securities offerings.
For other distributions—including payments to employees and ecosystem participants—the judge found no evidence of “investment of money,” a key element of the Howey Test, as there was no documentation showing monetary or tangible consideration provided to Ripple.
The ruling brought significant positive momentum: exchanges including Coinbase, Kraken, Gemini, and Crypto.com resumed XRP trading. XRP’s price surged nearly 75%, reaching a market cap exceeding $42.8 billion, ranking fourth globally. However, it’s important to note this ruling came from a district court and lacks binding precedent.
On August 18, 2023, the SEC formally filed a motion for interlocutory appeal with the Southern District of New York, seeking appellate review of the summary judgment. The court denied the motion, and further oral arguments on the appeal are scheduled for April 2024.

Further Reading:Interpreting SEC v. Ripple: Further Clarifying the Regulatory Fog
Web3 Xiao Law Comments:
This case reveals a judicial trend: downplaying the intrinsic nature of tokens (since even investment contracts can be based on “commodities”) and instead focusing on how tokens are issued and sold (e.g., solo staking itself isn’t a “security,” but staking financial products might be). This may represent a future regulatory direction.
Moreover, the judge’s interpretation of “other distributions” significantly diverges from the SEC’s revised Framework for Investment Contract Analysis of Digital Assets, published on March 8, 2023 [7].
The SEC argues that “money” includes not only currency but also: (1) crypto rewards earned through bounty programs; and (2) airdropped crypto rewards. This discrepancy will likely be thoroughly debated in the appeal.
Despite appearing as a temporary “victory” for Ripple, the SEC’s broader enforcement actions against major exchanges like Kraken, Coinbase, and Binance show it is no longer limiting itself to evaluating individual tokens. Instead, the SEC seeks a comprehensive, one-size-fits-all answer from Congress.
III. Grayscale Wins Against SEC—How Far Is a Bitcoin Spot ETF?
On August 29, 2023, a U.S. federal court ruled in favor of Grayscale in its lawsuit challenging the SEC’s rejection of its Bitcoin spot ETF application [8]. This decision could accelerate the approval process for spot Bitcoin ETF applications recently filed by traditional finance giants like BlackRock and Fidelity.
In October 2021, Grayscale first applied to convert its closed-end Bitcoin trust fund, GBTC, into a Bitcoin spot ETF. The SEC rejected the application, citing insufficient measures to prevent fraud and market manipulation. Grayscale subsequently sued the SEC last year, requesting judicial review of the agency’s administrative decision.
The SEC had previously approved Bitcoin futures ETFs in 2021, arguing that futures products are harder to manipulate because they’re priced off the Chicago Mercantile Exchange (CME), which is regulated by the CFTC.
In the ruling, the judge stated that administrative agencies must treat similar cases consistently—a fundamental principle of administrative law. The SEC had recently approved two Bitcoin futures ETFs for trading while rejecting Grayscale’s spot ETF. The judge found the SEC’s denial arbitrary and unjustified, as the agency failed to explain its differential treatment of similar ETF products. Therefore, the court concluded this disparate treatment violated administrative law, granted Grayscale’s petition, and vacated the SEC’s rejection.

Further Reading:Grayscale Wins a Victory for the Future—How Far Is the SEC’s Bitcoin Spot ETF Approval?
Web3 Xiao Law Comments:
The court did not order the SEC to approve Grayscale’s ETF application. The ruling simply states that the SEC’s analysis of “fraud and manipulation” concerns was flawed. So, what will the SEC do?
One possibility: the SEC may fabricate another justification to reject Grayscale’s application, forcing prolonged and costly litigation. This is plausible, depending on whether the SEC can accept this defeat and whether Gary Gensler remains determined to oppose spot Bitcoin ETFs. Another possibility: the SEC uses the court’s ruling as a graceful exit from its opposition. Its press release could state: “While we disagree with the court’s decision, we must uphold the law and respect judicial independence.”
Although we’ve seen repeated delays in approving spot Bitcoin ETFs alongside signs of positive coordination between the SEC and applicants, in a CNBC interview on December 15 [9], Gary Gensler made his first direct comment: “Given the court’s different view on the SEC’s rejection of Bitcoin spot ETFs, the SEC will reevaluate ETF approvals.” This at least signals a shift in Gensler’s stance. The next potential ETF approval window is January 10, 2024.
IV. The Story Behind Binance and CZ’s Record-Breaking Settlement
U.S. regulators have long scrutinized Binance. The enforcement actions against Binance involve nearly every major U.S. regulatory body—NYDFS focusing on stablecoin regulation, the SEC on securities compliance, the CFTC on derivatives compliance, FinCEN on KYC/AML, OFAC on CTF, and the DOJ on criminal conduct—making it a textbook case of comprehensive regulatory oversight.
4.1 New York Regulator Orders Paxos to Halt Issuance of Stablecoin BUSD
On February 13, 2023, Binance CEO CZ announced that the New York State Department of Financial Services (NYDFS) instructed stablecoin issuer Paxos to stop minting new BUSD tokens. Paxos confirmed it had received notice from the SEC regarding potential charges related to its BUSD product.
Paxos, a New York-registered stablecoin issuer holding a BitLicense, operates under direct NYDFS supervision. BUSD is built on the Ethereum blockchain and, per NYDFS’ June 2022 Guidance on USD Stablecoin Issuance [10], must maintain full 1:1 U.S. dollar reserves.
NYDFS can require Paxos to halt BUSD issuance—or revoke its BitLicense—for failing to conduct periodic risk assessments and due diligence to prevent misconduct like money laundering. NYDFS stated this action aims to clarify unresolved complexities between Paxos and Binance. Paxos responded via its website, confirming it would cease issuing new BUSD tokens starting February 21, in close cooperation with NYDFS, and terminate its partnership with Binance regarding BUSD.
4.2 CFTC Accuses Binance and CZ of Evading U.S. Law and Illegally Operating Virtual Asset Derivatives Business
On March 27, 2023, the CFTC announced it filed a civil lawsuit in U.S. court accusing CZ and three Binance-operating entities of repeatedly violating the Commodity Exchange Act (CEA) and CFTC regulations [11]. According to the complaint, from July 2019 to present, Binance offered and executed virtual asset derivatives trading to U.S. citizens (despite IP blocking), and under CZ’s direction, instructed employees and clients to evade compliance controls—including via VPNs and shell companies—intentionally circumventing U.S. laws and conducting opaque operations in violation of the CEA and CFTC rules, while systematically engaging in regulatory arbitrage for commercial gain [12].
The CFTC asserts that entities like Binance offering virtual asset derivatives in the U.S. must register with the CFTC and fulfill KYC obligations, implementing basic compliance measures to prevent terrorist financing and money laundering. Binance never registered with the CFTC.
Therefore, the CFTC seeks civil penalties and permanent trading and registration bans against CZ and affiliates through civil litigation, citing violations of futures trading laws, lack of oversight, failure to implement KYC or AML procedures, and inadequate compliance programs.

(from CFTC v. Zhao et al, Legal opinion by former Binance Chief Compliance Officer Samuel Lim)
CFTC Chair Rostin Behnam stated: “Today’s enforcement action shows that no region—or claim of no jurisdiction—can shield entities from CFTC oversight. The CFTC will continue using all its tools to detect and stop misconduct in the volatile and high-risk virtual asset sector… For years, Binance knowingly violated CFTC rules yet actively worked to keep funds flowing and avoid compliance. This should serve as a warning to everyone in the virtual asset industry: the CFTC will not tolerate deliberate evasion of U.S. laws.”
4.3 SEC Files 13 Charges Against Binance, Affiliated Entities, and Founder CZ
On June 5, 2023, the SEC filed 13 charges against Binance, affiliated entities, and founder CZ, including operating unregistered exchanges, broker-dealers, and clearing agencies; conducting fraudulent trading and ineffective oversight of Binance US; and issuing and selling unregistered securities [13].
In a 136-page complaint [14], the SEC leveled multiple allegations: Binance illegally solicited U.S. investors to buy, sell, and trade cryptocurrencies without restricting access to Binance.com; Binance issued and sold unregistered securities, including BNB, BUSD, lending products (“Simple Earn” and “BNB Vault”), and staking investment plans, with the SEC noting Binance secretly controlled assets staked by U.S. users in the BAM staking program; Binance and affiliated entities repeatedly misled investors, allowing arbitrary commingling or transfer of customer assets—including to Merit Peak Limited, controlled by CZ—mirroring allegations against FTX and Sam Bankman-Fried; Binance and affiliates should have registered as securities exchanges, broker-dealers, and clearing agencies but did not; Binance.US lied about preventing market manipulation and allowed an undisclosed market-making firm, Sigma Chain (also owned by CZ), to conduct wash trading.
SEC Chair Gary Gensler criticized CZ and Binance for “building a network rife with deception, conflicts of interest, lack of disclosure, and intentional evasion of laws.” “As alleged, CZ and Binance misled investors about risk controls and fake trading volumes, actively concealed platform operations, manipulated affiliated market makers, and even used investor custodial funds,” Gensler said in a press release. “They attempted to evade U.S. securities laws through false controls to retain valuable U.S. customers on their platform. The public should beware of investing hard-earned assets in these illegal platforms.”
4.4 Binance and CZ’s Record-Breaking Settlement
On November 22, 2023, Binance admitted to violating anti-money laundering and business compliance provisions under the Bank Secrecy Act and economic sanctions laws, announcing a historic $4.3 billion settlement with the U.S. Department of Justice (DOJ), the Commodity Futures Trading Commission (CFTC), the Office of Foreign Assets Control (OFAC), and the Financial Crimes Enforcement Network (FinCEN) [15].
The press release highlighted that Binance’s core failure was its early-stage neglect of KYC/AML/CTF requirements. This prioritization of profits over compliance allowed vast sums to flow into the hands of terrorists, hackers, and other criminals.
Although Binance blocked U.S. users due to lack of U.S. compliance registration, CFTC allegations revealed it still provided U.S. clients with means to bypass KYC/AML/CTF checks, violating U.S. operational requirements. This enabled sanctioned individuals to access U.S. financial markets through Binance, posing serious threats to financial stability and national security—which explains OFAC’s deep involvement.
U.S. Treasury Secretary Janet Yellen stated: “This historic settlement marks a pivotal moment for the virtual asset market. Any entity seeking to operate in the U.S. and benefit from its strong financial system must strictly adhere to U.S. laws.” According to the Treasury Department, as part of the settlement, Binance will fully withdraw from the U.S. market and appoint a five-year monitor to oversee its sanctions compliance program. During this period, the U.S. Treasury will have access to Binance’s records and systems.
Web3 Xiao Law Comments:
Notably, after years of investigation, U.S. regulators did not allege that Binance misappropriated customer funds or committed severe fraud akin to FTX—this is positive. More importantly, this settlement clears the path for Binance’s future U.S. operations, effectively “whitewashing” its past misconduct. In the long run, this is favorable for Binance.
However, rebuilding a presence in the U.S. through the shell entity Binance US will not be easy. Establishing compliant operations, legal entities, and obtaining licenses will take time—perhaps acquisition is a more suitable route for well-funded Binance.
Crucially, this settlement involves no resolution with the SEC—the SEC’s prior lawsuit against Binance remains active.
V. U.S. Regulators Actively Explore Regulatory Pathways for DeFi
On April 6, 2023, the U.S. Treasury released the 2023 DeFi Illicit Finance Risk Assessment Report [16]—the world’s first assessment of illicit finance risks in DeFi, responding to the White House’s March 2022 executive order on virtual asset regulation.
Guided by this report, U.S. regulators have gradually established a DeFi oversight framework: the CFTC provides compliance guidance for DeFi protocols; FinCEN combats domestic and international money laundering, terrorism financing, and other financial crimes by analyzing mandatory financial disclosures; OFAC administers economic and trade sanctions based on national security and foreign policy; and the DOJ prosecutes criminal actors.
DeFi’s financial stability, data anonymity, lack of transparency, market integrity issues, and cybersecurity vulnerabilities challenge existing regulatory frameworks. Determining liability for DeFi projects, preventing misuse, and addressing regulatory arbitrage remain urgent regulatory priorities.
Since OFAC imposed sanctions on the mixer protocol Tornado Cash in August 2022 for AML/CTF reasons, the CFTC has further expanded its regulatory reach over on-chain DeFi projects through its victory in the Ooki DAO case [17]. The CFTC directly classified the on-chain DAO as an unincorporated association, setting a precedent for holding DAOs liable in court. Even more alarming, all governance participants may face joint liability. With DAOs now subject to legal action, on-chain spaces are no longer beyond the law—regulators can now target DAOs, DeFi, and DEX projects.
5.1 U.S. DOJ Files Criminal Charges Against Tornado Cash Founders
On August 23, 2023, the DOJ filed criminal charges against Tornado Cash founders Roman Storm and Roman Semenov, accusing them of conspiracy to commit money laundering, violate sanctions, and operate an unlicensed money transmitting business [18].
Tornado Cash was a prominent Ethereum-based mixing application designed to enhance transaction privacy by obscuring the source, destination, and counterparties of crypto transactions. On August 8, 2022, OFAC sanctioned Tornado Cash, adding related on-chain addresses to the SDN list—making any interaction with these addresses illegal.
OFAC stated that since 2019, over $7 billion in illicit funds flowed through Tornado Cash, providing substantial assistance, sponsorship, or financial/technical support to illegal online activities within and outside the U.S., posing significant threats to U.S. national security, foreign policy, economic health, and financial stability.
In its August 23 press release, the DOJ stated: “The defendants and their co-conspirators created Tornado Cash’s core functionality, paid for critical infrastructure to promote the service, and profited millions—all while knowingly failing to implement required KYC/AML compliance measures.”
Web3 Xiao Law Comments:
Sanctions by the DOJ and OFAC against DeFi protocols and developers threatening national security are understandable. But in cases without national security implications, whether decentralized protocol developers should be held liable for malicious third-party actions—or for decisions made through decentralized community voting—remains an open question.
Courts have offered differing answers in the Uniswap case and the CFTC’s settlements with three DeFi protocols.
Further Reading:DeFi’s Regulatory Dilemma: Uniswap in Heaven, Tornado Cash in Hell
5.2 Uniswap Wins Investor Lawsuit—First Ruling in Decentralized Smart Contract Context
In April 2022, a group of investors filed a class-action lawsuit against Uniswap’s developers and investors, alleging they violated federal securities laws by listing “scam tokens” without registration, causing investor losses and demanding compensation [19].
Judge Katherine Polk Failla stated the real defendants should be the issuers of the scam tokens, not Uniswap’s developers or investors. Due to the protocol’s decentralized nature, the identity of the token issuers is unknown to plaintiffs (and equally unknown to defendants). Plaintiffs sued the developers hoping the court would extend liability to them, arguing developers facilitated the issuance and trading of scam tokens in exchange for transaction fees.
Ultimately, the judge concluded the current regulatory framework does not support the plaintiffs’ claims. Under existing U.S. securities law, Uniswap’s developers and investors are not liable for damages caused by third-party use of the protocol. The lawsuit was dismissed.
Web3 Xiao Law Comments:
This marks the first judicial ruling in the context of decentralized smart contracts. The judge acknowledged the absence of precedent involving DeFi protocols and noted no prior court has ruled on liability under securities law for decentralized smart contracts.
Section 12(a)(1) of the Securities Act grants investors the right to sue for damages when sellers violate Section 5 (registration or exemption). Since this hinges on the unresolved question of whether a virtual asset is a “security,” the judge stated: “This is not for the court to decide, but for Congress.” The court declined to extend securities law to the conduct alleged, concluding that “investor concerns are better directed to Congress than to this Court.”
Regardless, while laws governing DeFi are still evolving, regulators may eventually address this gray area. Nevertheless, the Uniswap ruling sets a crucial precedent for the industry: decentralized exchanges (DEXs) cannot be held liable for user losses stemming from third-party-issued tokens. This impact surpasses even the Ripple case and is profoundly beneficial for the industry.
5.3 CFTC Turns Its Attention to DeFi—Possibly a Scarier Regulator Than the SEC
On September 7, 2023, the CFTC again focused its enforcement on DeFi, penalizing three U.S.-based blockchain firms—Opyn, Inc., ZeroEx, Inc., and Deridex, Inc.—which ultimately settled [20].
According to the press release: Opyn and Deridex developed and deployed DeFi protocols offering token derivatives and perpetual contracts; ZeroEx developed the 0x Protocol and a DEX app where third parties deployed leveraged/margin tokens for trading. Such services can only be offered to retail customers through registered exchanges complying with the Commodity Exchange Act (CEA) and CFTC rules. None of the three firms registered, and none implemented KYC as required by the Bank Secrecy Act.
The CFTC ordered Opyn, ZeroEx, and Deridex to pay civil penalties and cease their unlawful activities. CFTC Enforcement Director Ian McGinley stated: “There was once a belief among DeFi operators that on-chain activity exists beyond the law. That is not true. The DeFi space may be innovative, complex, and rapidly evolving—but so too will enforcement keep pace, and we will hold accountable unregistered platforms enabling U.S. users to trade derivatives.”
Further Reading:CFTC Enforces Against Three DeFi Protocols—A Wake-Up Call for All Derivatives Platforms
Web3 Xiao Law Comments:
In dissenting statements, CFTC commissioners raised questions: If a DeFi protocol is developed for legitimate purposes but later used by unrelated third parties to violate the CEA and CFTC rules, who bears responsibility? Should DeFi developers be perpetually liable? These questions were already answered in the Uniswap precedent: judicially, Uniswap’s developers and investors are not liable for harms caused by third-party use of the protocol, because the underlying smart contracts and third-party token contracts are entirely separate.
These issues demand extensive debate. Most legal experts share the Uniswap judge’s view: liability should rest with the malicious third party, not developers who cannot control such actions—developers merely publish code.
Yet, considering the DOJ’s criminal charges against Tornado Cash’s founders, the CFTC v. Ooki DAO case, and this latest enforcement, regulators clearly disagree. The CFTC continues to assign liability to developers—even when they cannot control third-party misuse. For example, in the ZeroEx enforcement, regulators ignored whether the protocol developers were linked to the derivative tokens or had control over their listing.
Previously, the CFTC used the Ooki DAO precedent to establish liability for DeFi violations and responsibility for on-chain DAOs and their voting members. With DAOs now actionable, on-chain spaces are no longer lawless. This case further expands the CFTC’s DeFi enforcement footprint.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














