Deregulation: Good for Crypto-Bros & Crypto Hackers

by Daniel Rub

Cryptocurrency is undergoing a major regulatory shift. The incoming Trump Administration is changing up the Securities Exchange Commission’s (SEC) approach to crypto regulation.[1] The SEC, under President Biden, brought suit against the crypto platform Coinbase for “running an unregistered exchange, brokerage and clearing agency.”[2] The SEC sued in the U.S. District Court for the Southern District of New York, arguing that cryptocurrency qualifies as a security under the Supreme Court precedent in SEC v. W. J. Howey Co.,[3] also known as the Howey test.[4]

Whether crypto qualifies as a security is a matter of deep controversy, with lasting implications for the quickly growing industry.[5] There are several reasons why crypto companies do not consider crypto to be securities. If crypto was considered a security: firstly, a crypto exchange would need the necessary license to trade it, which is expensive; and secondly, crypto’s main appeal is its decentralized character – no one person or group can be identified as being responsible for trading the coin at a given price, which is appealing to parties that wish to have their finances remain private.[6] Under the Biden Administration, the SEC declined Coinbase’s rulemaking petition on the subject of crypto and securities, choosing instead to fit crypto within the current statutory framework of federal securities law.[7]

Returning to the lawsuit, the SEC argued that crypto assets qualify as an “investment contract,” which is regulated as a security under Howey, because it is: “(i) an investment of money (ii) in a common enterprise (iii) with profits to be derived solely from the efforts of others.”[8] Coinbase’s counterargument developed a “formalistic” argument about contractual undertakings–arguing that, because the issuer of a crypto has no contractual obligations to its buyer, the exchange cannot be characterized as an investment contract under Howey.[9] The court ruled against Coinbase’s motion for summary judgment, concluding that the SEC made valid arguments that Coinbase qualifies as an exchange, broker, and clearing agency under federal securities law and therefore engages in the unlawful practice of offering and selling unregistered securities.[10] However, as these decisions were awaiting appeal in the U.S. Court of Appeals for the Second Circuit, the SEC announced it filed a joint stipulation for dismissal with prejudice of its enforcement action at the trial level.[11]

The SEC is now taking major steps back in multiple enforcement actions–closing investigations into OpenSea, the largest NFT marketplace, as well as Robinhood’s crypto trading branch.[12] These actions demonstrate the new path the SEC is taking under the new Acting Chair, Mark Uyeda, after the exodus of former Chair Gary Gensler.[13] Acting Chair Uyeda was appointed by President Trump as a crypto-friendly advocate within the SEC, who was oftentimes at odds with, and took more business-friendly positions than, the former Chair.[14] He is shifting gears within the SEC, and will likely revisit the agency’s previous decision to decline formal rulemaking procedures to promulgate clearer crypto regulations.[15] He stated in no uncertain terms that he intends to “develop crypto policy” and focus on increasing transparency and clarity in crypto rules, as well as incorporating public commentary.[16] The SEC also announced the formation of the Crypto Task Force, whose pending work in developing a comprehensive regulatory framework for crypto assets is cited as another reason the SEC dismissed its suit against Coinbase.[17]

Although this rapid change of approach has crypto-fans in a sense of victory, there is still the prevailing need to have consumer protections in place for when disaster strikes–such as large-scale hacks on crypto exchanges. A massive hacking operation this past month targeted Dubai-based crypto exchange Bybit in what is being called “crypto’s biggest hack.”[18] North Korean hackers stole $1.5 billion in crypto assets from Bybit, on top of which Bybit suffered a “massive bank run,” which resulted in the exchange losing 9% of its total assets.[19] Shockingly, this hack makes 2025 the fourth year in a row where global losses due to crypto hacks have cost exchanges over one billion dollars.[20]

Herein lies the issue – Acting Chair Uyeda is likely to promulgate favorable regulatory standards that employ a “light touch” approach that may be helpless to support consumers when similar hacks happen in the future.[21] As such, a “light-touch” approach position may be untenable to the American consumer. Shuyao Kong, cofounder of blockchain startup MegaETH, agrees that crypto has “major systematic risks” that hacking operations like the one against Bybit can exploit.[22] With Coinbase arguing that a crypto issuer has no contractual obligations to its buyers, while at the same time crypto hackers steal billions of dollars every year, it seems like it is only a matter of time before the American crypto investor gets burned by hackers–and bad.[23]

So crypto businesses may escape the specter of legal challenge for today – at least in the federal space under the Trump Administration–but they may want to count their blessings. The rise of the Consumer Financial Protection Bureau (CFPB) is a prime example where a deregulated market (real estate) suffered from rampant fraud to the detriment of the consumer, which led to the government correcting (or perhaps overcorrecting) from its free market approach.[24] The CFPB should be a warning to Acting Chair Uyeda: maintain deregulation at your own risk, but be prepared for the backlash when Americans lose billions due to hacking exploitation because you thought a “light touch” approach was enough.[25]

[1] See Christopher Bosch & Maxwell Earp-Thomas, SEC Withdraws from Prominent Crypto Enforcement amid Regulatory Shift, Sheppard, Mullin, Richter, & Hampton LLP (Feb. 27, 2025), https://www.corporatesecuritieslawblog.com/2025/02/sec-withdraws-from-prominent-crypto-enforcement-amid-regulatory-shift/.

[2] Press Release, U.S. Sec. & Exch. Comm’n, SEC Charges Coinbase for Operating as an Unregistered Sec. Exch., Broker, and Clearing Agency (June 6, 2023), https://www.sec.gov/newsroom/press-releases/2023-102; Olga Kharif et al., Crypto’s Biggest Hack Ever Spoils Coinbase’s SEC Victory Party, Bloomberg L. (Feb. 21, 2025, 7:02 PM), https://www.bloomberglaw.com/bloomberglawnews/crypto/BNA%20000001952b03d474ad957f4bc39e0005.

[3] 328 U.S. 293, 301 (1946).

[4] Id.; SEC v. Coinbase, Inc., 726 F. Supp. 3d 260, 279 (S.D.N.Y. 2024), motion to certify appeal granted, No. 23 CIV. 4738 (KPF), 2025 WL 40782 (S.D.N.Y. Jan. 7, 2025).

[5] See, e.g., Jai Massari, Why Cryptoassets Are Not Securities, Harvard L. Sch. F. on Corp. Governance (Dec. 6, 2022), https://corpgov.law.harvard.edu/2022/12/06/why-cryptoassets-are-not-securities/.

[6] See Robert Stevens, Securities vs. Commodities: Why It Matters for Crypto, CoinDesk, Inc. (Mar. 9, 2024, 1:58 AM), https://www.coindesk.com/learn/securities-vs-commodities-why-it-matters-for-crypto.

[7] See Jay Dubow et. al., The SEC’s New Cryptocurrency Task Force: A Step Toward Regulatory Clarity, The Legal Intelligencer (Feb. 25, 2025, 10:21 AM), https://www.law.com/thelegalintelligencer/2025/02/25/the-secs-new-cryptocurrency-task-force-a-step-toward-regulatory-clarity/; Coinbase, Inc., 726 F. Supp. 3d at 279.

[8] Coinbase, Inc., 726 F. Supp. 3d at 279.

[9] Id. at 282.

[10] Id. at 300.

[11] Press Release, U.S. Sec. & Exch. Comm’n, SEC Announces Dismissal of Civil Enforcement Action Against Coinbase (Feb. 27, 2025), https://www.sec.gov/newsroom/press-releases/2025-47; see Bosch & Earp-Thomas, supra note 1.

[12] Bosch & Earp-Thomas, supra note 1.

[13] See id.; Grace Noto, Trump Taps Crypto-Friendly Mark Uyeda as Acting SEC Chair, CFO Dive (Jan. 21, 2025), https://www.cfodive.com/news/trump-taps-crypto-friendly-markuyeda-acting-sec-chair/737878/.

[14] See Noto, supra note 13.

[15] Dubow et al., supra note 7.

[16] U.S. Sec. & Exch. Comm’n, supra note 11.

[17] See id.

[18] See Wilkes et al., Crypto’s Biggest Hacks and Heists After $1.5 Billion Theft From Bybit, Reuters, Feb. 24, 2025, https://www.reuters.com/technology/cybersecurity/cryptos-biggest-hacks-heists-after-15-billion-theft-bybit-2025-02-24/.

[19] Kharif et al., supra note 2.

[20] Wilkes et al., supra note 18.

[21] Kharif et al., supra note 2 (quoting Benjamin Schiffrin, Director of Securities Policy at the advocacy group Better Markets).

[22] Id.

[23] SEC v. Coinbase, Inc., 726 F. Supp. 3d 260, 279 (S.D.N.Y. 2024), motion to certify appeal granted, No. 23 CIV. 4738 (KPF), 2025 WL 40782 (S.D.N.Y. Jan. 7, 2025); Wilkes et al., supra note 18.

[24] Jeanne Sahadi, CFPB: What It Does and Why Its Future Is in Question, CNN (Mar. 3, 2023, 4:24 PM), https://www.cnn.com/2023/03/03/success/cfpb-consumer-financial-protection-bureau/index.html.

[25] Kharif et al., supra note 2.