Crypto Regulation: From Mt. Gox to MiCA — A Decade of Regulatory Evolution

The ICO boom of 2017 was the moment when crypto regulatory stakes became genuinely significant at the scale of billions of dollars and retail investor exposure.

Initial Coin Offerings — sales of newly created tokens to raise project funding — raised roughly $7 billion in 2017 and over $20 billion in 2018. At peak ICO mania, projects with nothing more than a whitepaper were raising tens of millions of dollars in hours from global retail investors who had limited ability to conduct due diligence and even more limited recourse if the project failed or turned out to be fraudulent.

Many were fraudulent. A 2018 study estimated that roughly 80% of ICOs conducted in 2017 were scams. Of the remainder, a significant portion were failures rather than scams — projects where the founders were sincere but the product never shipped. A small number became genuine projects (though even among these, the token economics frequently extracted value from later investors rather than creating it).

The regulatory question was: were these tokens securities? Under the Howey test — the US legal standard for what constitutes a security — an investment contract exists when money is invested in a common enterprise with expectation of profit from others' efforts. Most ICO tokens fit this description straightforwardly. Investors were giving money to a project team, expecting the project to increase the value of their tokens.

The SEC's initial approach was cautious. The July 2017 DAO report stated that the DAO tokens were securities and that ICO issuers should register with the SEC. It didn't initially pursue enforcement aggressively. As the ICO boom continued through 2017-2018, the SEC shifted to active enforcement, bringing actions against hundreds of projects.

The problem was timing. By the time enforcement arrived, most of the fraudulent ICOs had already run. Retail investors had lost billions. The SEC's actions allowed recovery in some cases but couldn't undo the losses in most.

The more enduring regulatory question from the ICO era: when does a token that was originally sold as a security become a non-security "utility" or commodity? Ethereum itself faced SEC scrutiny, and the question of whether ETH was a security was significant for the entire DeFi ecosystem. The SEC's eventual decision not to classify ETH as a security — signaled through the approval of spot ETH ETFs in 2024 — resolved this specific question without providing clear guidance for the broader landscape.

The ICO era also produced the "SAFTs" (Simple Agreements for Future Tokens) and other structures designed to sell tokens to accredited investors first and then distribute to the public after a project launched — attempting to satisfy securities law while maintaining the broad token distribution model. These structures attracted their own enforcement actions. The fundamental tension between securities law (which presumes investor protection through disclosure and registration) and the crypto ethos (which favors permissionless participation) has not been resolved by any of the structures attempted so far.

The ICO Boom and the Securities Question

// COMMENTS

ON THIS PAGE