Blockchain Bites: Binance US faces ‘regulation by enforcement’, Crypto industry unites over Coinbase Wells Notice, Blockchain Regulatory Certainty Act (re)introduced, Sushi DAO legal defense fund, Euler Finance hacker returns stolen ETH, Ticketmaster golden tickets for NFT holders, Possible liability for DAO governance token holders, Do Kwon arrested


Authors: Michael Bacina, Steven Pettigrove, Jake Huang, Kelly Kim, Luke Higgins, Luke Misthos, Tim Masters

Service: Blockchain | FinTech
Sector: Financial Services | IT & Telecommunications

Michael Bacina, Steven Pettigrove, Tim Masters, Jake Huang, Luke Misthos, Luke Higgins and Kelly Kim of the Piper Alderman Blockchain Group bring you the latest legal, regulatory and project updates in Blockchain and Digital Law.

Binance US faces ‘regulation by enforcement’ from CFTC 

The US has doubled down its recent streak of aggressive regulation by enforcement of the crypto industry – this time targeting Binance, the world’s largest crypto exchange.

On Monday, the Commodity Futures Trading Commission (CFTC) announced that it has filed a civil enforcement action in the US charging Binance and its chief executive officer Changpeng Zhao (commonly known as CZ) of operating illegally in the country in violations of the Commodity Exchange Acts (CEA) and CFTC Rules. The complaint also charges Samuel Lim, Binance’s former chief compliance officer, with aiding and abetting Binance’s violations.

The complaint charges that three Binance entities operate the Binance exchange along with numerous other corporate vehicles through what the CFTC alleges is an “intentionally” “opaque” structure, with CZ at the helm as Binance’s owner and chief executive officer. The complaint also alleges that Binance chose to knowingly disregard applicable provisions of the CEA while engaging in a calculated strategy of regulatory arbitrage to their commercial benefit.

The CFTC’s complaint says:

Binance’s solicitation of customers located in the United States subjected Binance to registration and regulatory requirements under US law. But Binance, Zhao, and Lim have all chosen to ignore those requirements.

CFTC Chairman Rostin Behnam said:

This should be a warning to anyone in the digital asset world that the CFTC will not tolerate wilful avoidance of U.S. law.

CZ called the CFTC complaint “unexpected and disappointing”, and noted that Binance had been working cooperatively with the CFTC for over two years. It seems that Binance will be pushing back in the matter, as CZ said:

…the complaint appears to contain an incomplete recitation of facts, and we do not agree with the characterization of many of the issues alleged in the complaint.

While not able to give full responses immediately, CZ addressed a few key points in his response highlighting:

  • Binance’s technology for compliance, including measures to block US users;
  • Binance has a 750-people compliance team’ who cooperate and work with law enforcement;
  • Binance holds 16 licenses and registrations globally; and
  • The fact that Binance does not trade for profit or “manipulate” the market under any circumstances.

This complaint by the CFTC is another aggressive enforcement action that has been recently been brought in the US against the crypto industry and follows the Biden administration’s White House Economic Report which took a very visible angle on drawing criticism to crypto generally, and will likely draw criticism again for the US not following a transparent rulemaking process for the novel crypto-asset sector.

Crypto industry unites over Coinbase Wells Notice

US crypto-exchange giant Coinbase has been issued a Wells Notice by the Securities and Exchange Commission (SEC). A Wells Notice indicates that the SEC is considering enforcement action against the exchange over possible violations of US securities laws. Reports first surfaced of an SEC probe into Coinbase mid-last year.

The SEC is required to serve a Wells Notice to give fair warning to individuals or organisations that the SEC intends to commence regulatory enforcement action. It typically takes the form of a letter with only a broad outline of the nature of the infractions alleged and the enforcement proceedings to be initiated. A Wells Notice does not always result in charges or signal that the recipient has violated any law.

Coinbase is one of the largest cryptocurrency exchanges in the world and the few publicly listed companies operating in the blockchain ecosystem. As a result of the Wells Notice, Coinbase’s shares (NASDAQ ticker: COIN) fell 13% in trading on Thursday.

Coinbase will have the chance to prepare a ‘Wells Submission’ in response to the notice. According to the SEC’s Enforcement Manual, the Wells Submission takes the form of a legal brief including both factual and legal arguments to prove why charges should not be brought. The contents of a Wells Submission are public information, and accordingly will be the subject of considerable public interest given the scale of Coinbase’s operations and its status as a publicly listed company. Anything alleged in the Wells Submission may be used against Coinbase in eventual enforcement proceedings.

Coinbase has issued a public statement acknowledging the Wells Notice and expressing its disappointment in the SEC’s failure to engage with its efforts to open a dialogue and register with the SEC under US securities laws.

While the specifics of the Wells Notice are not public, Coinbase has confirmed that the notice covers:

an unspecified portion of [Coinbase’s] listed digital assets, [Coinbase’s] staking service Coinbase Earn, Coinbase Prime, and Coinbase Wallet.

The SEC has increased its efforts to crack down on the crypto sector following the collapse of FTX last year, and staking services such as Coinbase’s Earn are under increased regulatory scrutiny. Just last month, Kraken shuttered its US token staking service and paid USD$30 million in penalties to settle SEC charges that it failed to register the service.

Coinbase co-founder and CEO, Brian Armstrong, responded to the Wells Notice in a Twitter thread:

Armstrong was joined on Twitter by a number of industry peers who expressed disappointment in the SEC’s failure to engage with Coinbase on possible avenues to registering their business with the regulator. Several lamented the SEC’s continued regulation by enforcement approach and its frequently repeated claim that crypto businesses can simply “come in and register” with the SEC. There has been widespread calls from industry to support Coinbase’s defence of the SEC’s allegations and lobby for legislative reforms to provide a clear regulatory framework for crypto assets.

Blockchain Regulatory Certainty Act (re)introduced

On March 23, Tom Emmer, the co-Chair of the Congressional Blockchain Caucus and majority whip of the US House of Representatives, introduced the Blockchain Regulatory Certainty Act (BRCA), saying: 

Crypto and blockchain technology, by nature, does not easily fit into the frameworks policymakers have considered when crafting regulations in the past.

And further emphasized the importance of the proposed bill:

The longer we delay… the greater risk that this transformative technology is driven overseas, depriving domestic users and investors. This bill will help America remain a technological leader in the crypto space.

The bipartisan bill is co-led by Darren Soto, also the co-Chair of the Congressional Blockchain Caucus, and affirms that the blockchain developers and businesses that do not provide custody services to customers are not classified as money transmitters under US law. In trying to provide regulatory certainty, the bill aims to prevent blockchain developers or businesses, including individual service providers, from relocating to other jurisdictions which provide clearer regulatory guidance. This marks the fourth successive Emmer-led introduction of the BRCA bill since 2018. On all prior occasions the bill has failed.

The 2023 BRCA has already attracted positive feedback and support from many established industry members, including CEOs of the Blockchain Association, Chamber of Digital Commerce, Crypto Council and Coin Center who said:

The Blockchain Regulatory Certainty Act would reinforce in law the established understanding that non-custodial services…should not be regulated in the same way as…a custodial cryptocurrency exchange.

It remains to be seen whether ‘fourth time is the charm’ for a Bill which would bring at least one small part of needed regulatory certainty for the US, amid increasingly hostile views towards crypto asset service providers by the Biden administration.

Raw deal: Sushi DAO head chef proposes legal defense fund

Last week, the decentralised autonomous organisation Sushi DAO and its ‘Head Chef’ Jared Grey were served with a subpoena by the SEC. In response, Grey proposed the creation of a “Sushi DAO Legal Defense Fund” to cover the legal costs for the DAO’s core contributors, which would include $3 million in Tether (USDT) initially, with an additional $1 million USDT available if needed. The proposal also stated that the Sushi DAO is cooperating with the SEC and will not comment on any ongoing investigations.

DAOs offer many potential benefits such as transparency and security, however they also present significant regulatory challenges due to their decentralised and autonomous nature. One of the biggest regulatory difficulties with DAOs is the lack of legal recognition and clarity, as DAOs do not neatly fit into any of the traditional legal entity types and will likely be considered partnerships or unincorporated associations. DAOs also usually operate across borders and jurisdictions, making it difficult to determine which laws and regulations should apply. The decentralised nature of DAOs can also make it challenging to identify who is responsible for compliance with any regulatory requirements which might apply.

The Sushi subpoena isn’t the first time a US regulator has gone after a DAO. In September 2022, the CFTC filed a lawsuit against Ooki DAO, the organisation behind the Ooki Protocol. The action raised several key legal concerns for DeFi founders and DAO governance members. In December 2022, a Californian court ruled that the CFTC would need to serve specific individuals in the Ooki DAO, being the founders (as opposed to the DAO as a whole).

Sushi’s proposed legal defense fund would cover legal expenses for any core contributors who joined the project since April 2022 and will continue to pay out until the end of any legal proceedings. The funds will come from a combination of fees on various products and swap transactions conducted on the SushiSwap DEX. The fund is based on the MakerDAO’s legal defense fund which was proposed to DAO members in December 2022 as a protection mechanism. The subpoena represents just the latest in a string of SEC enforcement actions that including fining cryptocurrency exchange Kraken for its staking product, and the issue of a Wells Notice to Coinbase.

Despite the recent developments, Grey expressed his appreciation for the continued support and unity of the blockchain ecosystem in a recent tweet:

The SEC is yet to officially announce it issued the subpoena to Grey or the Sushi DAO. At the time of writing, the Sushi DAO proposal has ~16,000 views and is pending vote.

Euler Finance Hacker returns over 58,000 stolen ETH

Euler Finance, a non-custodial, decentralized borrowing and lending protocol was exploited on March 13 in the largest DeFi hack of 2023, with a hacker stealing nearly $200 million from the protocol. The hacker used a flash loan by deceiving the protocol into assuming it had varying amounts of eToken and dToken. Stolen crypto assets included Dai, Wrapped Bitcoin, Staked Ether and USD Coin. Since the incident, the hacker had attempted to reach an agreement with Euler, commenting:

No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement.

Euler’s attempt to negotiate with the hacker, requesting return of 90% of the stolen assets within 24 hours was met with silence. It has since been reported that Euler offered a public $1 million bounty reward for any information that may assist in capturing the hacker or recovery of funds. It has been reported that the hacker had laundered portions of the stolen funds via Tornado Cash, a now-blacklisted Crypto mixer which enables private transactions.

On March 25, an on-chain message was sent out from a wallet address holding 10 million of the DAI stolen, announcing their willingness to provide information about the hacker in exchange for 10% of the bounty reward offered by Euler. Another on-chain message was subsequently sent out from a different wallet address also associated with the hack, offering Euler to contact them for free information about the hackers. Although unconfirmed, it is currently speculated that there are multiple hackers involved in this flash loan attack.

However, in a series of unexpected transactions on March 25, the hacker returned over 58,000 stolen ETH to the protocol. It has also been reported that the hacker returned some ETH to a wallet address of one of the victims, following their on-chain message:

Please consider returning…I’m just a user that only had 78 wstETH as my life savings deposited into Euler.

While the motivation behind this return remains unknown, and the majority of the stolen funds have been returned, it remains to be seen whether the remaining assets still in the hacker’s control will be recoverable.

Ticketmaster: golden tickets for NFT holders

 Ticketing giant Ticketmaster has announced a partnership with the metal band Avenged Sevenfold to launch a new feature that allows artists to offer special access to concert and event tickets for owners of the band’s Deathbats Club NFTs.

The Deathbats Club collection consists of 10,000 unique NFTs that act like the band’s club membership cards. Even with 10,000 NFTs, the Deathbats Club is a relatively small club considering the global popularity of the band, which has sold over 8 million albums and performs for thousands of fans in arena-sized venues like Madison Square Garden. As such, the demand for Deathbats Club NFTs is quite high. According to data from NFTgo, the floor price of Deathbats has more than doubled over the last month.

Avenged Sevenfold is just the first for a new feature that Ticketmaster is intending to rollout for all artists, whereby Ticketmaster will ‘token-gate’ ticket sales and offer up special access to concerts and events for eligible NFT owners. In Avenged Sevenfold’s case, owners of a Deathbat were offered early access to purchase tickets for the band’s June concerts in New York and Los Angeles.

Ticketmaster’s new feature was developed in partnership with Bitflips, the Web3 team behind the Deathbats Club NFT collection. The token-gating function is currently compatible with NFTs minted on the Ethereum blockchain and stored in dApp wallets, such as MetaMask. Ticketmaster has said that its token-gating capabilities are based on how artists want to connect their community, and are a blank slate for the artist to decide. The feature is now available to any artist with their own NFT collection or that has partnered with an NFT community.

There have been suggestions that NFTs will likely have a significant impact on the ticketing industry. In addition to similar initiatives to Ticketmaster’s ticket-gating function, NFTs could provide a more secure and transparent ticketing system for events. With NFTs, event organisers can issue unique tickets that are verifiable, traceable, and secure. This could prevent ticket duplication and counterfeiting, reducing fraud and ticket scalping. The intersection between NFTs and ticketing in the near future will be an interesting showcase of the many practical applications of blockchain technology. 

Court considers possible liability for DAO governance token holders 

A potentially significant decision was reached in the Sarcuni v bZx DAO class action earlier this week. The Court rejected a motion to dismiss brought by DAO members who held governance tokens (BZRX), on the basis that the DAO in question is possibly a general partnership at law, which means token holders could potentially be found to be liable personally for actions of the DAO.

In the ruling, the Judge paid special attention to the apparent attempts made by the founders of the DAO to avoid US laws by transferring ownership from the LLCs to a DAO, citing the founder’s own words on this point multiple times throughout the ruling.

Additionally, the judge accepted that the tokenholding members may well have owed the plaintiffs a duty of care based on certain promises made about the security and operation of the bZx protocol. The tokenholding defendants are alleged to have breached their duty of care by failing to maintain adequate security, allowing hackers to access the entire treasury of bZx protocol deposits on the Polygon and Binance chains via a single phishing email to a developer.

The defendants say that transactions in the bZx protocol were non-custodial, as users maintained custody of their assets, which many assume would limit the liability of developers. However, the judgment said:

A successful phishing attack on a bZx developer allowed a hacker to gain access to all of the funds supposedly in [the] Plaintiffs’ custody, rendering the distinction between custodial and non-custodial meaningless

Additionally, the Judge suggested that the ability of the developers to upgrade the smart contract where the key to perform that upgrade is in the hands of a single developer renders the arrangement custodial in truth.

bZx was originally a DeFi margin trading protocol and was transitioned into a DAO controlled protocol in August 2021, before losing USD$55M in a security breach in November 2021. The plaintiffs claim they lost USD$1.7M in the attack, with losses ranging from $800 to $450,000 among 19 users, including lead complainant Mr Christian Sarcuni.

After the security breach, another community called Ooki DAO succeeded bZx DAO, taking ownership of the protocol. The Ooki DAO is currently the subject of an ongoing lawsuit by the CFTC.

DAOs offer many advantages. They can operate globally, but there remains uncertainty as to which laws and regulations of any particular country apply. This creates challenges in identifying where legal liability should fall. DAOs which are properly decentralised typically have no clear legal entity or ownership structure. This can make it difficult to hold anyone accountable for the actions of the DAO, particularly if those actions are illegal/negligent and result in harm to others.

While the decision is on an interlocutor point, and a final hearing is some time away, the case will proceed personally against bZx founder Kyle Kistner, as well as other DAO tokenholders (with the court dismissing claims against those that did not possess DAO tokens). The significant of this case should not be overstated, but it may serve as a precedent for further examination of legal liability within DAO structures.

Crypto fugitive Do Kwon arrested 

Do Kwon, the co-founder and CEO of Terraform Labs, the backers of the collapsed Luna and TerraUSD cryptocurrencies, was reportedly arrested in Montenegro on Thursday, 23 March. Kwon was detained at the Podgorica airport for allegedly possessing a fake Costa Rican passport. His South Korean passport was revoked previously by South Korean prosecutors in October 2022.

In response to Montenegro’s interior minister Filip Adzic’s announcement, public agencies rushed to verify the identities of the arrested suspects, with the National Police Agency of South Korea confirming Do Kwon’s identity on Friday after fingerprints matched official records. It has been reported that officials are arranging to repatriate Do Kwon to South Korea while US authorities are seeking his extradition.

Following the $40 billion collapse of Luna and the TerraUSD stablecoin in May last year, Do Kwon and five others have been pursued by authorities in Singapore, South Korea and the United States. The meltdown not only caused detriment to investors but rapidly undermined public confidence in cryptocurrency markets, contributing to the downfall of companies including Celsius and Three Arrows Capital.

Interpol, an international police organization, issued a red notice in September, requesting global authorities’ cooperation in the arrest of the fallen ‘cryptocurrency king’. Police authorities in Singapore are also known to be investigating Do Kwon’s Singapore based company, Terraform Labs.

The US Securities and Exchange Commission has charged Do Kwon with securities fraud, alleging that Do Kwon and his company Terraform Labs:

Failed to provide the public with full, fair, and truthful disclosure as required for a host of crypto asset securities, most notably for Luna and TerraUSD.

Following the unsealing of an indictment by the US Attorney for the Southern District of New York last week, Do Kwon now faces eight additional criminal charges including securities, commodities and wire fraud and conspiracy to commit fraud and market manipulation concerning allegedly misleading claims relating to an earlier de-pegging incident in May 2021. US authorities allege that a US based firm intervened at that time to restore the TerraUSD peg, which Kwon failed to disclose, implying that the algorithm which purportedly underpinned the peg had operated as planned.

Do Kwon has consistently denied allegations of fraud through his Twitter account (bearing its now ironic handle @stablekown) and in public interviews, commenting:

I’ve stolen no money and never had ‘secret cashouts’…


There is a difference between failing and running a fraud.

While the authorities prolonged chase draws closer to an end, legal representatives of Do Kwon and Terraform Labs did not respond to requests for comment. It remains to be seen whether Do Kwon will take his public defence over the failure of Luna and the Terra ecosystem to the Courts.