Law & Crypto: An Oxymoron? 

In August, 2022, Syracuse University College of Law will offer an intensive, 2-credit course in Crypto & Digital Assets. Professor Jack Graves will formally serve as the course instructor but will make liberal use of cameos by a wide range of experts from both the private and public sectors, including SEC Commissioner Hester Peirce. This broad range of perspectives and expertise should be uniquely valuable in providing students with an appropriate analytical framework for taking on a variety of challenging legal issues arising in real time in this rapidly evolving area of commercial law.

This essay by Professor Graves delivers an overview of the course content and a brief survey of the dynamic concepts and features of cryptocurrency and digital assets and their implications.

An Introduction to Bitcoin as the Prototypical and Still Dominant Cryptocurrency

It all began with Bitcoin,1 a “peer-to-peer” version of electronic cash that would operate on a fully decentralized platform, without any need for intermediaries. Instead of relying on trusted intermediaries, the platform itself would supply the requisite trust by distributing copies of the public blockchain ledger to every node (individual computer) on this decentralized network. In effect, the digital chain of blocks on the ledger would function as the currency. This distributed public ledger would be made immutable (and therefore trusted) using cryptographic hashing functions. This would make it effectively impossible to change previous entries to the ledger without a majority of the CPU power of the nodes on the network participating (practically impossible and presumably against the interests of any majority as holders of a sizeable financial stake in the network).2

The idea of “law and crypto” is arguably oxymoronic at its core, as the early individuals who conceptualized, deployed, and nurtured the Bitcoin blockchain had little, if any, regard for any potentially applicable legal or regulatory structure. In fact, they were in large part motivated by dreams of creating an entirely autonomous, decentralized financial system that was independent of, and fully beyond the reach of, any government. Today, however, the newly emerging ecosystem of cryptocurrencies and digital assets has expanded far beyond that described by Satoshi Nakamoto in his famous 2009 white paper. While the Bitcoin protocol has largely remained true to its roots, as originally conceptualized, many of its digital offspring have significantly diverged in both concept and purpose. Virtually all, however, retain the basic idea, at least in principle, of employing digital blockchain technology to provide broader and more efficient accessibility to key elements of the global financial system.

Depending on what week it is, the total market capitalization of cryptocurrency and related digital assets is likely somewhere between 1 and 2 trillion US dollars (and reached closer to 3 trillion during late 2021). Somewhat over half of this total is, at any given time, represented by the two most popular cryptocurrencies—Bitcoin (the original) and Ether (or ETH), the coin of the Ethereum network, which tends to be used in a broader range of decentralized finance (DeFi) platforms beyond simple cryptocurrency trading. Of these two, Bitcoin’s market capitalization is a little more than double that of ETH, though the importance of ETH to DeFi broadly is particularly significant. ETH is also important for its efforts to change the way its blockchain is secured, as more fully addressed later in this essay.

Perhaps it shouldn’t surprise us that Bitcoin and its progeny have developed in somewhat of a legal vacuum. After all, the original Bitcoin idea arguably had deep anti-government (or at least a lack of trust in government) libertarian roots, and its market capitalization was relatively insignificant until about five years ago, only really taking off in the past couple of years. As such, we are presented today with a unique opportunity to examine the development and application of a new and evolving field of law. What follows is a very brief (in the limited space available) survey of some of the major issues.

Crypto Coins
Crypto Coins

A Few Key Concepts and Definitions

We should first set out key concepts and definitions. The value of a Bitcoin is entirely a product of market forces. With no obvious objective value, it is determined solely by supply (which is growing but ultimately limited) and demand (in effect, whatever the market is willing to pay). When first introduced by Nakamoto, it was worth nothing in the absence of the first buyer. Since then, however, the value has risen generally and fluctuated significantly over time, with a high in excess of $65,000 per Bitcoin in late 2021 and a current price as of this writing of about $30,000. To date, Bitcoin has shown a tendency to fluctuate in value over time to an extent much greater than most traditional currencies.

“Altcoins” are cryptocurrencies with floating values other than Bitcoin. These include ETH and a few dozen other coins with significant market caps, as well as hundreds of less financially significant altcoins. In contrast to Bitcoin and Altcoins, “Stablecoins” are pegged to a specific currency (such as the US dollar). Stablecoins are not typically intended as investments themselves (as they should not vary in value) but are instead typically used to facilitate transactions in Bitcoin or Altcoins by removing price uncertainties from one side of the transaction. Perhaps the ultimate stablecoin is one issued by a national central bank.

Digital assets also include what are called non-fungible tokens, or “NFTs” (unlike “fungible” currencies, each NFT is unique). The potential use of NFTs to represent specific property interests is arguably limitless, but we’ll address a few examples a little later below. With these basic concepts in hand, we now turn to some of the legal issues presented.


From the outset, one of the key features of cryptocurrency has been the anonymity of its owner (much like physical cash). Such ownership is reflected in the public blockchain ledger by a public cryptographic key visible to anyone. However, a corresponding private key is necessary to access and transfer ownership of the cryptocurrency at issue. The visible public key itself provides no information linking it to the holder of the private key (as a practical matter, the owner). For example, the original Bitcoin mined by Nakamoto is identifiable in the earliest blocks of the Bitcoin chain. However, this public information provides no help in identifying the real Nakamoto, as these blocks remain untouched today (leaving many to wonder if Nakamoto is still alive, has lost the private key, or simply has chosen, at least to date, not to try to cash in on a rather sizeable fortune).

This feature made Bitcoin particularly attractive for illegal activity in which the anonymity of a sender or receiver of funds was crucial. Perhaps the most famous was the modern-day version of “Silk Road,” which operated on the dark net during the early Bitcoin years. Ransomware attacks also frequently demanded payment in Bitcoin based on its perceived lack of traceability.

Many anonymous users of crypto are ultimately identified when they attempt to transfer or exchange anonymous cryptocurrency for other assets where the owner is identifiable on the other side of the transaction (much as the holder of “dirty” cash may be identified when attempting to deposit it into a bank account). The U.S. Department of Treasury Financial Crimes Enforcement Network (FinCEN) has been active in recent years in seeking to apply Anti-Money Laundering (AML) and Know Your Customer (KYC) laws to cryptocurrency transactions, with at least some degree of success.

FinCEN’s effectiveness has been challenged in at least two ways—one jurisdictional and one practical. Many cryptocurrency exchanges operate outside of the U.S. or operate only smaller more limited subsidiaries within the U.S., specifically to avoid U.S. regulation. Moreover, cryptocurrencies do not necessarily require institutional exchanges, as individuals can engage in transactions on the blockchain directly with “hard” wallets, or hardware that directly accesses the public blockchain ledger (the original anonymous means envisioned by Nakamoto). Regulatory oversight of these sorts of transactions is far more difficult until and unless the cryptocurrency is exchanged for assets through some sort of institution subject to AML or KYC rules. While institutional exchanges unquestionably facilitate the work of FinCEN, they also raise a variety of additional issues.

Cryptocurrency Exchanges

While the original developers of Bitcoin had no need for institutional “exchanges,” most subsequent investors in Bitcoin were far more comfortable buying and selling coins through a trusted intermediary. Unfortunately, the first such major exchange, Mt. Gox, rather spectacularly failed in 2014, through some combination of theft, fraud, and/or mismanagement, highlighting at this very early stage the potential risks associated with third-party intermediaries in transferring and custodying digital assets.

In the U.S., these exchanges are potentially subject to the full range of securities laws, as broker-dealers of securities governed by the 1933 Securities Act and 1934 Exchange Act, as well as the 1940 Investment Company Act and Investment Advisors Act. However, cryptocurrency exchanges also raise additional issues. While a traditional securities trading institution is required to segregate client shares, thereby protecting them from claims by creditors of the institution, a cryptocurrency exchange does not do so. As a result, if an institutional exchange fails, its customers are essentially treated just like general creditors in bankruptcy. In effect, a typical cryptocurrency exchange is in some ways more like a bank than a stockbroker—but unlike a bank, the customer’s assets are not federally insured.

Today’s crypto investor can choose from a variety of exchanges, most of which have come a long way since the days of the Mt. Gox fiasco. Nevertheless, the means and methods for regulating cryptocurrency exchanges appear very much in their infancy and will undoubtedly evolve along with broader regulatory issues, including one of the most fundamental questions—is cryptocurrency a security?

Is Cryptocurrency a Security?

Ethereum coin (ETH)
Ethereum coin (ETH)

As originally envisioned, Bitcoin was arguably intended as a form of electronic currency—first and foremost intended as a form of payment or medium of exchange. Over time, however, Bitcoin has gained little traction in this respect (outside of its use in illicit transactions), at least in part because of its continuing fluctuation in value. While a variety of altcoins are specifically linked to transactional uses in an associated digital ecosystem, most buyers and sellers of Bitcoin today are almost certainly engaged in investment activities with a reasonable expectation of profit, thereby likely satisfying at least two out of three elements of the traditional Howey test used to identify a security. The more difficult question, at least as applied to Bitcoin and ETH (the cryptocurrency used on the Ethereum blockchain), is whether they meet the third element—in effect, whether such reasonably expected profits will arise “solely from the efforts of the promoter or a third party.”

To understand this issue better, we need to consider the nature of a “decentralized” blockchain. Rather than sitting on a centralized server, the public blockchain ledger sits on thousands of individual computer nodes within a broad network. Everyone is responsible for it, but no one owns it. So, who is responsible for generating expected investment profits on a truly decentralized blockchain?

Everyone? No one? And how should we apply the third element of Howey in this context? This is but one of the challenging questions presented in determining whether, how, or when to treat cryptocurrencies as securities—a subject on which there is a broad range of views within the SEC itself.

While Bitcoin and ETH arguably continue to adhere to the original decentralized model, many altcoins and other digital assets do not. Instead, they involve some sort of initial or ongoing promoter, whose efforts at least arguably drive any expected investment profits. In one of the earliest published opinions on the issue, the SEC found “The DAO,” an unincorporated organization, to have offered a security when selling DAO Tokens to its investors. Put simply, a generic “decentralized autonomous organization,” or DAO, is an organizational entity that functions entirely on a blockchain.4 This specific DAO (“The DAO”) was organized by a German corporation to run on the Ethereum blockchain, with investors spending ETH to purchase DAO Tokens. In this specific context, the SEC published a detailed report in which it had little difficulty finding DAO tokens to be securities based on reliance by investors on the efforts of the promoter and third parties to meet their profit expectations, thereby satisfying all three elements of the Howey test.5

Should any cryptocurrency that is not fully decentralized be deemed a security? Should a cryptocurrency be deemed a security even if it is fully decentralized? These are questions without clear and consistent answers from the SEC today (though we certainly have some thoughts from various Commissioners). Moreover, the idea of decentralization, in its purest sense, raises some additional interesting questions.

Other Issues with Decentralization

The above-discussed SEC DAO report addressed an event that is better known by many as the “DAO hack.” Once The DAO had been fully funded (with ETH valued at about $10 million), an unknown “attacker” managed to divert $3.6 million worth of this ETH to a blockchain address controlled by the attacker. Because of the way The DAO was structured, however, these funds could not be moved on from this new address for 27 days. In deciding what to do about this “hack,” the Ethereum blockchain faced a fundamental question. One of the most basic concepts underlying Bitcoin and its progeny was the idea that transactions on the blockchain were to be immutable and non-reversible. In effect, the code was to be law. Should the decentralized Ethereum blockchain violate this basic principle and essentially wipe clean the blocks containing the attack, thereby returning the blockchain to its pre-attack state? Ultimately, the majority of nodes on the network (remember, with decentralization, the majority at any given time rules absolutely) decided to wipe out all the blocks funding the DAO, thereby eliminating the effect of the attack and returning the ETH spent to the investors. However, the issue was sufficiently contentious to result in what is called a “hard fork,” effectively splitting the previously single chain into two independent forks— today called Ethereum or ETH (the majority) and Ethereum Classic or ETC (a minority adhering to basic principles and keeping the immutable original chain intact).

While the Ethereum hard fork is now ancient history in crypto terms, the issue is very much alive today in an arguably even more extreme form. When dealing with a blockchain, should the chain in fact be “irreversible,” as initially recognized by a majority of nodes on the decentralized network? If not, who, if anyone, should have the right to reverse a transaction, thereby arguably depriving someone with rights reflected in the blockchain, without due process? The decentralized Juno blockchain community recently voted to deprive a very large user of tokens (worth millions of dollars) that the community believed the user should not have received but had been conveyed to the user based on the blockchain code, as written. Should code be law as to the blockchain record? If not, should a majority be allowed to rewrite the record without due process? And if a community member is deprived of property, who is legally liable?

In theory, a decentralized autonomous organization (a DAO, here used generically) is an unincorporated organization. To the extent the purpose of the DAO is in some fashion to make and share profits, this likely means the DAO is a general partnership under most U.S. state law—a result with which most DAO members would likely be quite unhappy upon realizing the extent of their individual liability. In fact, most DAO members likely assume their unincorporated autonomous organization operates beyond state laws governing entity formation. Again, the law is just beginning to grapple with the issue. Vermont and Wyoming have each enacted legislation allowing a DAO to register as an LLC, which could help address a variety of the existing challenges. However, many DAO’s remain unregistered, and most states have yet to address the issue.

Is Cryptocurrency a Commodity— In Effect, Digital Gold?

Many within the trade have argued that cryptocurrency should be regulated as a commodity, rather than a security, analogizing it to “digital gold.” In fact, the analogies to gold, as a stable store of value and hedge against the inflation-driven devaluation of fiat currencies can be traced to Bitcoin’s earliest days. While attractive on its face, the approach is not without challenges.

The Commodities Futures Trading Commission (CFTC) regulates the sale of commodity futures (derivatives of the commodities themselves), rather than current sales of commodities. As such, the CFTC would provide little, if any, regulatory oversight with respect to current sales of cryptocurrency. Of course, this may be part of the attraction for the crypto trade, as market regulation would be far more limited under the CFTC than the SEC. However, there are also practical conceptual challenges in analogizing cryptocurrency to digital gold.

To date, the values of Bitcoin, specifically, and cryptocurrencies, generally, have behaved very little like gold or silver, often thought of as stable stores of value. Whatever one may think of the value of a cryptocurrency—and these views range from worthless to almost infinite—market values have demonstrated extraordinary fluctuation and have tended, generally, to track the most speculative of traditional equity investments, thereby lending little if any stability to the broader financial market. The “digital gold” concept also raises additional issues related to its mining.

Mining as the Basis for Crypto Security and Its Environmental Achilles Heel


While Bitcoin remains the most significant cryptocurrency, by far, it arguably has a serious problem with its basic security mechanism—mining. New blocks are added to the blockchain containing new transactions (about 1 block every 10 minutes on the Bitcoin blockchain) when a digital miner solves a very difficult iterative math problem (it gets harder as miners’ computers get faster). Once solved, published, and accepted by a majority of the network, the blockchain record is essentially immutable, and the miner is rewarded with Bitcoins (the basic model is very much driven by libertarian financial incentives). However, because the financial incentives motivate the use of more and faster computer power in the quest for new coins, and the iterative math problem gets harder as the computers trying to solve it get faster, the Bitcoin carbon footprint is enormous and will keep growing indefinitely.

China has banned cryptocurrency, at least in part due to the mining issue, and many other countries have expressed concerns over its growing environmental impact. As a result, numerous new altcoins have moved from using “proof of work,” or PoW (the original Bitcoin mining concept) to “proof of stake,” or PoS (an alternative means of securing the content of the blockchain that uses far less energy). While Bitcoin and the Ethereum chain still rely on PoW, the Ethereum chain is attempting to move to PoS, but the success of this move remains unclear at this time. There is no indication to date of any intent to modify the Bitcoin blockchain to move it away from the original PoW model.

Stablecoins That Are Not

So far, we’ve largely focused on Bitcoin and altcoins that also fluctuate in value (arguably making them better potential candidates for investment than for payment mechanisms). Stablecoins are fundamentally different in that they are primarily intended as a means of exchange to facilitate payment. For this purpose, fluctuations in value are generally detrimental, so stablecoins are “pegged” to a fiat, or government-issued, currency, such as the US dollar. Of course, a stablecoin could be issued directly by a national government.

While China has banned private cryptocurrencies, it was one of the first countries to institute a national digital currency (a Central Bank Digital Currency, or CBDC) with the adoption of the “digital yuan.” The U.S. government has also suggested, in various statements and official publications, the potential for a government-issued CBDC. Potential options for use of a U.S.- issued CBDC might include large wholesale (e.g., central bank) transactions, retail (e.g., business-to-consumer) transactions, or both. In any event, a government-issued CBDC would be supported in much the same manner as any other government-issued fiat currency.

Privately issued stablecoins present additional opportunities and additional potential risks. In the absence of any current U.S.-issued CBDC, multiple private stablecoins have been issued and pegged to the US dollar. In theory, each of these is supported by sufficient assets (often including some combination of crypto and government currencies) to maintain the value of the currency at $1 U.S. per coin. While a handful of coins have emerged with sufficient market capitalization to be useful in fulfilling the role of a stable medium of exchanging more volatile digital assets, regulators have expressed concerns over the stability of the coins in the event of significant market stress. Indeed, we recently witnessed the spectacular crash of one of these preeminent stablecoins, the TerraUSD.

The stress of broader financial market downturns in May 2022 caused the TerraUSD to lose its peg (fall below $1 U.S.), which quickly led to a digital version of an old-fashioned bank run in the days before federal deposit insurance. Once started, confidence fell into an ever-accelerating death spiral until the TerraUSD stablecoin and its associated Luna altcoin (intended, at least in part, to provide support for the stablecoin) were essentially worthless.

Stablecoins undoubtedly fulfill a key transactional role as a digital means of payment or exchange, and there may be roles for both public and privately issued coins. However, the TerraUSD collapse provides an obvious example of the need for some sort of regulation in this area if stablecoins are to fulfill their intended transactional roles.

Non-fungible tokens are fundamentally different from coins, which are essentially fungible. One Bitcoin or ETH is functionally equivalent to another. In contrast, each NFT is, at least in theory, unique. An obvious example is digital art, where a single specific NFT controls ownership of a single specific piece of digital art. This raises some obvious legal questions as to the law governing such personal property. Should the law treat digital art like tangible physical works of art, or should we solely apply intellectual property rules? And what about digital real estate in virtual realities beyond the physical one?

Yuga Labs, the entity behind the Bored Ape Yacht Club NFT, recently engaged in a sizeable sale of “Otherside” (a virtual space in the Metaverse) property, offering virtual deeds in Otherside in exchange for Ape Coins (an altcoin minted by Yuga Labs).7 While these transactions focused on the virtual metaverse, the value of digital assets exchanged was in the hundreds of millions of dollars. Are deeds to virtual land in Otherside governed solely by code on the relevant blockchain, or does traditional real property law have a role to play in the metaverse? Or do we need to take entirely new and different approaches to apply law to the virtual world?

Bored Ape NFT
Bored Ape NFT

Responsible Development of Digital Assets

As the reader will likely note, it is challenging to capture even a brief overview of “the Law and Crypto” in a short piece like this, and there is an increasingly urgent need to begin to address the issues raised

in this survey, and many more. Earlier this year, President Biden issued an Executive Order on Ensuring Responsible Development of Digital Assets,8 essentially encouraging regulators and market participants to work together in a manner both encourages innovation and protects consumers. Achieving both will be no small order, but acknowledging the need is undoubtedly a significant step in the right direction.

SEC Chair Gary Gensler has characterized the current transactional environment involving digital assets as akin to “the Wild West,” which is likely true to a large extent. Others have suggested that perhaps this Wild West environment is helpful in promoting innovation. At the end of the day, however, even the Wild West was largely tamed over time, and the shape of the process of understanding and regulating digital assets while simultaneously promoting responsible innovation will undoubtedly be an interesting one for those of us in its midst. ■

1. While Bitcoin itself borrowed from a variety of earlier ideas, the first version of what we now think of as cryptocurrency initially appeared in a white paper published in 2009 by Satoshi Nakamoto (a pseudonym—the real author or authors remain anonymous). See Bitcoin: A Peer-to-Peer Electronic Cash System, at bitcoin.pdf.

2. A detailed explanation of the blockchain technology upon which Bitcoin and other cryptocurrencies are built is beyond the scope of this article. However, an excellent video explanation can be found here:

3 SEC v. W.J. Howey Co., 328 US 293 (1946).

4 The use of various DAOs, generally, is quite common, for example, in association with the Ethereum blockchain.

5 For a fuller explanation, see Securities and Exchange Commission, Securities Exchange Act of 1934, Release No. 81207 / July 2017, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO. Available at:

6 The blockchain code had functioned as written but had been flawed, and this flaw was exploited by the attacker.

7 See

8   See