Let Ugly Ducklings Grow: Why Crypto Needs a Safe Harbor

Too much much regulation may hinder the development of viable decentralized models.

AccessTimeIconAug 12, 2022 at 3:40 p.m. UTC
Updated Apr 9, 2024 at 11:22 p.m. UTC
Layer 2
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Asked for his views on cryptocurrencies, Securities and Exchange Commission Chairman Gary Gensler likes to quote the poet James Whitcomb Riley, who wrote, “When I see a bird that walks like a duck and swims like a duck and quacks like a duck, I call that bird a duck.”

The point of Gensler’s “duck test” is that he believes the vast majority of crypto projects are in fact unregistered securities, with little ambiguity. In Gensler’s mind, almost all meet the more conventional Howey Test measure for that.

It’s a nice line but perhaps not the best analogy. After all, a more famous literary reference also draws on the duck image to remind children that first impressions are not always reliable.

In Hans Christian Andersen’s classic fairy tale “The Ugly Duckling,” a newborn cygnet is mistakenly thought to be a member of a barnyard mother duck’s brood and is teased for being so plain-looking compared with the other ducklings. Eventually it flees the farm and grows into a beautiful, graceful swan.

You’re reading Money Reimagined, a weekly look at the technological, economic and social events and trends that are redefining our relationship with money and transforming the global financial system. Subscribe to get the full newsletter here.

Let’s face it, lots of cryptocurrency projects are pretty ugly in their infancy.

In 2013, when Bitcoin was four, its blockchain suffered an accidental hard fork as a failure to reconcile two versions of its code led miners to unknowingly start building two separate chains. One year later, an attacker exploited the so-called “malleability bug” to launch a crippling denial-of-service attack against the Bitcoin network while others used the same exploit to steal bitcoin from the doomed exchange Mt. Gox. Then, in 2016, two-year-old Ethereum faced a massive crisis when an attacker found a bug in the smart contract code for the decentralized investment project The DAO and drained it of $60 million worth of ether.

In all three cases, the issues were resolved with the decisive leadership of core groups of Bitcoin and Ethereum developers. In the first and third instances, the interventions involved coordinating a rollback in the blockchain, with the consensus of users, to cancel transactions occurring after the attack. This speaks to the presence of some degree of centralization in these early phases of protocol development, when bugs and performance problems that clearly hurt the network need to be resolved efficiently.

Notably, as Bitcoin and Ethereum’s networks have grown, both have become increasingly decentralized, making coordination of core code upgrades more challenging. A key indication of this is the years of development work and consensus-building it has taken for Ethereum developers to migrate the blockchain from proof-of-work to proof-of-stake, which is now poised to happen next month.

It is this evolved state of decentralization that, according to SEC pronouncements, appears to have made the current iterations of Bitcoin and Ethereum exempt from securities registration. Both now fail the part of the Howey Test that says an investment scheme is a security if returns for investors hinge on the work of a small group of people. Bitcoin’s founder and earliest adopters are out of the picture, and Ethereum’s founders don’t have the influence they once had to unilaterally push through changes.

Here’s the problem: The SEC’s approach to these issues implies that Bitcoin’s and Ethereum’s transitional experience are the exception, not the rule. Gensler has said he concurs with his predecessor Jay Clayton’s statement that “every ICO I’ve seen is a security,” referring to initial coin offerings, the means by which many crypto projects attracted their initial funding.

He has also urged decentralized exchanges (DEX) to register with the SEC. This poses a challenge for these protocol-based systems: Who, among their decentralized communities of users and developers, would make the call to file the documents? Under what authority?

Such semantics won’t stop the SEC from taking action – likely against the founding developers of DEX – if it so wishes. Meanwhile, actions such as the recent insider-trading case against a former Coinbase (COIN) employee, which simultaneously described nine Coinbase-listed tokens as securities, are a reminder that, under the blanket “duck test” view, all token projects other than Bitcoin and Ethereum are vulnerable to SEC enforcement.

It’s a Damocles Sword threat, and it forces many potentially valuable projects to exercise excessive caution – such as blocking customers that use U.S. IP addresses – which means innovation in this space is inherently constrained.

But if Bitcoin and Ethereum could grow into swans, what’s to say others can’t in the future? And shouldn’t policy incorporate the prospect of that transition from unavoidable centralized structure at initiation to a later decentralized structure that no one can effectively control? Enforcement actions can cripple otherwise high-potential projects; they can condemn them to permanent ugly duckling-hood.

This prospect of transition is precisely what SEC Commissioner Hester Peirce’s proposal for a safe harbor provision for crypto projects is intended to achieve. It would give crypto projects a three-year grace period within which to develop a robust, decentralized functionality that would render them exempt from securities registration requirements.

Sadly, Peirce’s approach has gained little to no traction among her fellow commissioners.

It’s important that we ask why. After all, the pass that Ethereum has received appears to be based on a notion developed by former SEC Director of the Division of Corporate Finance William Hinman, who in a June 2018 speech suggested that the Ethereum network had over time become “sufficiently decentralized” and so had lost the security status it held at launch.

In its case against Ripple Labs over its XRP token, the SEC has tried to distance itself from what it described as a “personal errand” by Hinman, suggesting that his thesis on transition does not necessarily represent agency doctrine. But Judge Sarah Netburn delivered Ripple a big victory last month, ruling that a draft of the speech, which may well show SEC staff helping to shape Hinman’s thinking, can be admitted as evidence in the case. The popcorn is ready on this one.

Let’s assume the Hinman doctrine is a thing, then. Why would there be a resistance to giving token projects a grace period to become sufficiently decentralized? Perhaps because U.S. regulators don’t see the benefit of decentralization. They like having someone they can hold accountable. Without that, they reason, how can they protect U.S. citizens from bad actors?

What they’re missing is that decentralization is central to the core value proposition for cryptocurrencies. Without it, they’re worthless.

Decentralization enables censorship resistance for bitcoin, so funds can be sent peer-to-peer. For example, a donor in the U.S. can send BTC to an activist in Russia, without Putin’s government, or another central authority, interceding. It’s also a necessary condition to attain the programmability with which decentralized finance (DeFi) protocols can automatically execute settlement and collateral contracts. If a third party has control over the system, it has the power to intervene, which means there’s no guarantee of automaticity. Programmability is lost.

If we want a more open, fluid and equitably accessible financial system, one that’s not subject to the political and economic manipulation by Wall Street’s too-big-to-fail intermediating institutions, decentralization is a worthy goal. After all, the recent big failures in crypto-lending projects were concentrated in centralized finance (CeFi) providers such as Celsius and Voyager while broadly decentralized DeFi protocols such as Aave and Compound survived the industry’s de facto stress test remarkably well.

It’s quite simple, really: If there is a centralized entity with custody of its customers’ funds, it can lose or otherwise impair those funds against its customers’ interests. If there is no custody, only the customer can lose funds. In that case, there’s literally no one to regulate.

If regulators keep imposing rules that favor centralization – as with the demands placed on crypto providers to block accounts using the Ethereum-based mixing service Tornado Cash (see The Conversation below) – they will simply build the same risks into the system and hinder the development of viable decentralized models.

Let’s let the ugly ducklings grow up.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Michael J. Casey

Michael J. Casey is CoinDesk's Chief Content Officer.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.