
a16z: Why the Department of Justice's actions against DeFi are a disaster?
TechFlow Selected TechFlow Selected

a16z: Why the Department of Justice's actions against DeFi are a disaster?
The industry and legislators must work together in 2025 to ensure laws accurately reflect the correct concepts of custody and control, and the responsibilities they entail.
Authors: Miller Whitehouse-Levine, Amanda Tuminelli
Translation: 0xjs@Jinse Finance
If someone runs a red light and causes a car accident, who is responsible—the driver or the car manufacturer? Almost certainly the driver. Of course, the car manufacturer has a responsibility to use appropriate materials and install safety features like seat belts and airbags, but their obligations end there. It makes no sense to hold car manufacturers liable for reckless driving by their vehicle users, just as it would make no sense to require drivers themselves to meet manufacturing responsibilities.
Similarly, if someone uses a car maker’s vehicle as an escape car during a bank robbery, you wouldn’t hold the autonomous vehicle developer liable. As one judge noted in a hypothetical scenario: you “would not sue the car company for aiding unlawful conduct; [you] would sue the individual who did wrong.”
In the automotive world, these principles seem obvious, but in the digital realm, they remain highly contested. Determining who exercises control within a given system—and the extent of that control—is the central question around which all other policy and legal issues must revolve. The same intuitive principles that govern our understanding of liability for car manufacturers and drivers should form the foundation of sensible policymaking in the context of decentralized networks and protocols. (In fact, the judge cited in the above hypothetical was discussing whether the decentralized cryptocurrency exchange Uniswap should be held liable for a plaintiff’s purchase of a scam token created by an anonymous person.)
Reasonable cryptocurrency policy should always begin with an analysis of “control” within a given system: if someone controls a system or another person’s assets, who is in control? How do they exercise control? When do they exercise it? Answering this question determines who can or cannot be held accountable for activities within the digital asset ecosystem.
Holding people accountable for systems and activities over which they have no power or control leads to harmful consequences. Unfortunately, the U.S. Department of Justice (DOJ) has ignored this distinction and attempted to hold software developers liable for third-party misuse of neutral tools they initially created but no longer control.
In 2024, the DOJ began bringing prosecutions under Section 1960 against blockchain industry software developers—individuals who, like car manufacturers, build neutral technology—with two known cases: United States v. Storm and United States v. Rodriguez. The broad scope of the charges brought by the DOJ in these indictments suggests many others in the industry could also become targets, effectively advancing a policy equivalent to holding car manufacturers liable for car accidents.
Therefore, as we enter a new era in 2025, the top policy priority for the digital asset industry is codifying a correct and legally sound understanding of “control”—particularly the definition of a “money transmitting” business under Section 1960. Money transmitting businesses are subject to certain registration and information reporting requirements under the Bank Secrecy Act (31 USC § 5312), as well as criminal penalties (18 USC § 1960) for operating without registration. The penalties are severe: Section 1960 allows for fines up to $250,000 and up to five years in prison per violation.
Clarifying and codifying the proper interpretation of money transmission laws necessarily involves embedding concepts of custody and control directly into the law. It also means ensuring government entities consistently interpret the law in ways that incorporate these concepts. We believe this is the most critical issue facing the U.S. crypto industry, because without resolution, the DOJ can continue charging developers of non-custodial software—whether decentralized finance (DeFi) protocols, Bitcoin protocol, or similar neutral protocols—with operating an “unlicensed money transmitting business,” even though such charges are baseless, as these developers lack control over the software or user assets.
The definition of terms related to “money transmission” must be correctly interpreted beyond doubt. The Bank Secrecy Act defines “money transmitting service” as “accepting currency, funds, or the value of funds, and transmitting currency, funds, or the value of funds by any means.” Meanwhile, Section 1960 defines “money transmission” as including “transmitting funds on behalf of the public by any means.” From both the plain text of these definitions and relevant legal analysis, it is clear to everyone except the DOJ that a “money transmission” business must actually exercise control over user funds.
Consider an example to highlight this distinction. Take a person exchanging digital assets: the person can use either a centralized exchange or a DeFi protocol to complete the swap. To use a centralized exchange, the person first transfers their digital assets to the exchange, which then holds and controls those assets. In turn, the exchange executes trades on the person’s behalf according to their instructions. In other words, the exchange “accepts” and “transmits” the user’s funds. The centralized exchange’s control over individual funds introduces certain risks (e.g., loss or misuse)—policy responses targeting what such exchanges can and cannot do with this control can mitigate these risks. If a centralized exchange loses assets it controlled on the person’s behalf, the exchange should be held accountable.
In DeFi, people can achieve similar outcomes without surrendering control of their assets to a third party. When using a decentralized software protocol to exchange digital assets, individuals retain control over their digital assets and never relinquish that control. Instead, individuals use a new type of software tool—a DeFi swap protocol—to unilaterally execute swaps according to their own instructions. Unlike centralized exchanges, the original developers of DeFi protocols do not retain control over the protocol and have no ability to dictate how third parties use it. Only the users of the DeFi protocol can control their own assets. While using DeFi protocols carries risks (e.g., technical complexity and higher user error rates), the risk of third-party loss of user funds is lower, because users never give up custody in the first place. (If you hold your own assets, a bank collapse poses no risk to you.)
A fundamental understanding of control—that is, the actual ability of a third party to transfer user funds—is key. This is why centralized exchange businesses, as described above, are appropriately regulated as “money transmitting” businesses, while developers of immutable, non-custodial smart contract protocols are not. It also highlights the dangers of misinterpreting and misallocating control. On one hand, identifying and mitigating sources of risk requires determining who possesses the necessary control over a system to reduce those risks; on the other, assigning responsibility when problems arise requires identifying who bears the greatest responsibility for actions requiring remedy.
The industry and lawmakers must work together in 2025 to ensure the law accurately reflects the precise concepts of custody and control and the responsibilities they entail—whether in the context of market structure legislation, broker reporting obligations, or reforming Section 1960. Currently, the industry faces a real threat from the DOJ’s overbroad and incorrect interpretation of what constitutes an unlicensed money transmitting business—one of many misunderstandings plaguing the broader crypto policy landscape.
As we see in the analogy above, if car manufacturers were held liable for every collision beyond their control, cars likely would never have succeeded. Such a policy might have stifled automotive innovation and frozen the U.S. auto industry. If policymakers and legislators can reach agreement on the realities of control and regulation in the context of software development, we will establish a clear and fair foundation for crypto entrepreneurs and developers in the United States.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News













