The United States is home to many participants engaging with blockchain technology and crypto-assets. These include:

• crypto-asset trading platforms;
• custodians of crypto-assets; and
• developers of layer 1 blockchain networks, layer 2 networks, permissioned blockchain networks, decentralised applications, and the components of the technology stacks involved in these networks and applications.

The USA has also been a centre of innovation when it comes to the use of blockchain technology and crypto-assets in providing traditional financial services and the tokenisation of real-world assets.

Under the Biden administration, there had been a sharp increase in enforcement actions, and litigation brought by agencies such as the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC) and the Department of Justice.

Regulatory pressure continued through early 2025 in the lead-up to the change in administration and the inauguration of President Donald J Trump. The change in administration in early 2025, however, ushered in a significant shift in the US regulatory approach to digital assets. While some state-level enforcement initiatives remain active, there has been visible change at the federal level, where the tone has moved away from aggressive enforcement and towards fostering innovation and providing clearer guidance.

For instance, the executive branch has taken several steps to provide more clarity related to the development, use, custody and transfer of digital assets. This includes:

• the issuance of several executive orders related to digital assets, including Executive Order 14178: Strengthening American Leadership in Digital Financial Technology and Executive Order 14233: Establishment of the Strategic Bitcoin Reserve and US Digital Asset Stockpile;
• the formation of the SEC Crypto Task Force; and
• continued focus from Congress on digital asset legislation.

Key bills under consideration include the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act and the Stablecoin Transparency and Accountability for a Better Ledger Economy (STABLE) Act – focusing on stablecoin legislation – as well as bills addressing market structure for digital asset activities.

US businesses are using blockchain technology in a wide variety of ways, including:

• crypto-asset trading platforms;
• crypto-asset custody;
• securities issuance and record-keeping;
• securities clearing and settlement;
• gaming;
• art, collectibles and fan engagement platforms;
• protocol and software development;
• tokenised real-world assets;
• payments;
• trade finance;
• logistics and tracking goods; and
• self-sovereign identity.

While there are no definitive laws or court cases specifying how ownership of a digital asset is determined in the USA, in general, control over a digital asset equates to ownership, primarily through control of the private key necessary to effectuate an on-chain transaction involving the digital asset. That being said, there are many instances in which the owner of a digital asset transfers control to a third party in order for the third party to perform a certain function, in which case the owner will retain its ownership right to the asset pursuant to the contractual terms of the owner’s agreement with the third party.

In the USA, there is still significant uncertainty with respect to the appropriate characterisation of digital assets, though regulators and legislators are working to provide guidance. Broadly, securities are regulated by the SEC and commodity derivatives are regulated by the CFTC. To the extent that fungible digital assets, or transactions in fungible digital assets, are not regulated as securities, they would be treated as commodities and subject to CFTC anti-fraud and anti-manipulation jurisdiction with respect to spot market trading and CFTC jurisdiction over commodity derivatives.

Under existing US law, digital assets that are intended to be securities or “tokenised” securities are treated as securities. Fungible digital assets that are not themselves securities may nevertheless be transacted under circumstances that constitute “securities transactions”. Determining whether such circumstances exist requires application of the Howey test. If each of the elements of the Howey test is satisfied with respect to a contract, transaction or scheme (meaning there is an investment of money, in a common enterprise, with the expectation of profits, from the essential managerial efforts of others), then there is an investment contract, which is a type of security under the Securities Act of 1933, as amended (the “Securities Act”), and is thus subject to securities law compliance. The Howey test is a facts-and-circumstances-specific test, and it is not at all straightforward for market participants to apply.

Recognising the need for greater clarity, SEC Commissioner Hester Peirce issued a comprehensive statement in February 2025, “There Must Be Some Way Out of Here”, inviting public input on 48 questions across ten key topics. These include security status, trading, custody, crypto lending and tokenised securities, aiming to create a clearer regulatory framework for crypto activities. Commissioner Peirce emphasised the importance of establishing a regulatory taxonomy and providing a clearer means by which market participants can determine when crypto-assets or related activities fall under the SEC’s jurisdiction, which is critical for market participants such as trading firms and intermediaries.

There is no formal categorisation of “utility tokens” or “exchange tokens” in the USA.

Tokenised securities are treated as securities in the USA. However, questions remain about the viability of tokenised securities since they are not provided for in the Uniform Commercial Code (UCC) – a model statute drafted by the Uniform Law Commission (ULC) that gives states one set of rules for commercial transactions such as sales of goods, negotiable instruments, funds transfers, letters of credit, securities and secured lending. The UCC only recognises two categories of securities – certificated and uncertificated. Traditionally, certificated securities are represented by a physical certificate, while uncertificated securities exist only as electronic records maintained by the issuer or its agent.

A tokenised security cannot be certificated because the rights and obligations associated with the security are not reduced to writing on paper and electronic certificates are not provided for. Therefore, while it may be possible to classify tokenised securities as uncertificated, there are specific rules regarding how uncertificated securities may be transacted and recorded on the books and records of the issuer that may not be consistent with the manner in which blockchain-based assets are transferred. Without clear recognition under the UCC, holders of tokenised securities may face legal risks in proving or defending their ownership rights, especially in cases of insolvency or competing claims. This issue has been recognised by practitioners who are working on solutions under the UCC.

The SEC’s Division of Corporate Finance recently issued a statement clarifying how federal securities laws apply to certain “Covered Stablecoins”, defined as those:

• pegged one-to-one to the US dollar;
• redeemable one-for-one for US dollars; and
• backed by low-risk, highly liquid reserves that meet or exceed their redemption value.

In the statement, the SEC shared the view that the offer and sale of Covered Stablecoins, as described, generally do not involve the offer or sale of securities under the Securities Act or the Securities Exchange Act of 1934, as amended (the “Exchange Act”). To reach this conclusion, the SEC applied both the Reves test and the Howey test. Applying the “family resemblance” test under Reves, the SEC found that since Covered Stablecoins are not marketed for speculation, and are backed by risk-reducing reserves, they are unlikely to be securities. Similarly, under the Howey test, buyers of Covered Stablecoins do not have a reasonable expectation of profits derived from others’ efforts. Nonetheless, the statement emphasised that this analysis is limited to the Covered Stablecoins described and does not apply to algorithmic stablecoins, non-US dollar pegged stablecoins or yield-bearing stablecoins, and that each stablecoin must be assessed based on its own facts and circumstances.

At the same time, multiple legislative proposals are currently pending that relate to stablecoins, as noted above. The GENIUS Act is next up for a final-passage vote in the Senate.

Non-Fungible Tokens (NFTs)

There are no regulations in the USA that are specific to NFTs as such, though existing laws apply to these digital assets and activities involving them. Given their non-fungible nature, NFTs are unlikely to be considered “commodities”. To the extent that an offer or sale of NFTs constitutes an investment contract under the Howey test, they could be classified as securities and subject to compliance with securities laws. 

Additionally, offer and sale of NFTs as consumer products such as collectibles would be subject to consumer protection laws and regulations. Both federal and state consumer protection laws generally prohibit unfair or deceptive acts and practices with respect to consumer goods and services. Similar to other types of digital assets, those selling NFTs must also keep sanctions compliance in mind and take steps to avoid engaging in transactions with sanctioned individuals or individuals residing in sanctioned jurisdictions.

Meme Coins

On 27 February 2025, the SEC’s Division of Corporation Finance issued a Staff Statement on Meme Coins, clarifying for the first time that typical meme coins are presumptively not securities under federal securities laws. The SEC explained that meme coins – crypto-assets inspired by internet memes or trends and primarily purchased for entertainment, social interaction or speculation – generally do not meet the definition of a security.

Digital assets may be used for payments in the USA. There are no digital asset-specific laws or rules in this area, and use and acceptance of digital assets for payment by merchants is subject to traditional laws and rules related to payments. Many digital asset payment systems involve transmission of digital assets by an intermediary, or conversion of digital assets to fiat or digital assets to other digital assets, all of which implicates US money transmission laws and rules.

Digital assets may be used as collateral in the USA. To that end, lenders may attempt to perfect a security interest in a digital asset pledged as collateral under the applicable provisions of the UCC. Currently, transacting parties typically treat the digital asset pledged as collateral for a loan as a “financial asset”, treat the borrower’s account with the lender as a “securities account”, treat the borrower as an “entitlement holder” and have the borrower acknowledge that the lender is a “securities intermediary”, as all of these terms are defined under the UCC. This should create a “security entitlement” under the UCC that will allow for perfection of a security interest in the collateral by the lender.

In July 2022, amendments to the UCC were approved by the ULC, pending adoption by each state at the state’s discretion. The amendments create a new Article 12 that governs the transfer of property rights in a “controllable electronic record” (CER) and amend the existing Article 9 to allow perfection of a security interest in a CER by obtaining control of the CER. Once the amendments are in effect in a particular state, the parties to a digital asset transaction under that state’s law can benefit from the new Article 12 and updated Article 9. By early 2025, close to 30 states had adopted the 2022 amendments.

The general view in the US legal community is that private contractual arrangements that are executable, in whole or in part, using blockchain or distributed ledger technology are valid and enforceable, assuming the elements necessary to form a contract are present – offer, acceptance, the intention to be legally bound and consideration. Whether a smart contract is coded to reflect the intentions of the parties is a separate question and one that has prompted significant debate.

In the USA, there are spot exchange traded funds (eg, the SEC-approved BTC and ETH products) which are typically organised as commodity or grantor trusts that own the underlying digital assets. These are securities products that are subject to compliance with US securities laws. There are also futures-based crypto funds that provide exposure to the spot price of the underlying crypto-asset, which are also offered as securities and subject to compliance with US securities laws. Both structures also face FINRA advertising standards, Exchange Act custody and anti-fraud rules, and must maintain market-surveillance agreements with their listing exchanges.

At the federal level, there are currently no regulatory sandbox programmes in the USA specifically geared towards blockchain projects at the federal level. However, the SEC’s recently formed Crypto Task Force is considering the development of sandbox regimes for small-scale tokenisation and blockchain projects, as suggested in Commissioner Peirce’s recent statement.

At the state level, on the other hand, a number of states including Wyoming and Utah already have regulatory sandbox programmes relevant to blockchain. Additionally, states including Arizona, Kentucky, Florida, West Virginia and Nevada have passed laws providing for regulatory sandbox programmes to promote innovation, though they address more generally the use of emerging technologies for innovation.

The USA has implemented international standards in several areas impacting blockchain. Most notably, the USA has been a proponent of applying a corollary to the “Funds Travel Rule” – the requirement that mandates financial institutions to transmit certain identifying information (such as the sender’s and recipient’s name, account number and location) along with transfers of funds exceeding USD3,000 – to entities known as virtual asset service providers (VASPs) that process transactions involving virtual assets. This would significantly expand the universe of entities that meet the definition of a VASP and be subject to the Funds Travel Rule. In 2018, the Financial Action Task Force (FATF), a multi-governmental organisation that sets global standards related to anti-money laundering, clarified how the FATF standards – a set of 40 Recommendations that form the international framework for preventing money laundering and terrorist financing – apply to activities or operations involving virtual assets, and imposed a corollary to the Funds Travel Rule on VASPs that process virtual asset transfers.

In October 2021, the FATF updated its recommended guidance regarding virtual assets and VASPs. Notably, the FATF guidance broadly interprets the definition of a VASP to include “a central party with some measure of involvement” with a decentralised application. If adopted in a specific jurisdiction, this broad interpretation would potentially bring a variety of parties within the definition of a VASP and subject them to compliance with AML/CFT laws in that jurisdiction.

It is not surprising that the US delegation to the FATF pushed for a global Funds Travel Rule corollary and the expansive interpretation of the entities that might be deemed VASPs. In doing so, the USA is attempting to promote AML/CFT compliance through global standard-setting, which would make it easier for the USA to enforce its domestic AML/CFT obligations as they apply to digital asset transactions and intermediaries. Without a global standard, US-based money transmitters would have to determine whether or not they would process transmittal orders originating from outside the USA that may not include the information required by the Funds Travel Rule. If they were to process such orders, they would need to perform their own due diligence to obtain the information required to fill any gaps, which would require additional cost and time.

There are a number of regulatory bodies in the USA that are relevant to blockchain and digital assets.

The Securities and Exchange Commission (SEC)

The SEC has broad regulatory authority over securities transactions, securities professionals and intermediaries in the USA. The threshold question that determines whether the SEC has authority with respect to blockchain or digital assets is whether a “security” is involved. The definition of the term “security” in both the Securities Act and the Exchange Act includes the term “investment contract”. When commercial arrangements do not fall plainly within the other enumerated types of securities in the definitions of the term “security”, they may still be treated as securities if they are deemed to constitute investment contracts.

The test for whether a particular scheme is an investment contract was established in the Supreme Court’s Howey decision. The test looks to “whether the scheme involves an investment of money in a common enterprise with profits to come solely from the efforts of others”. In 2017, the SEC issued a Report of Investigation Pursuant to Section 21(a) of the Exchange Act: the DAO (the “DAO Report”), applying the Howey test to an offering of cryptographic tokens for sale and concluding it was an offering of securities. The DAO Report noted that “[w]hether or not a particular transaction involves the offer and sale of a security – regardless of the terminology used – will depend on the facts and circumstances, including the economic realities of the transaction”. However, most recently, in a speech Commissioner Peirce shared her view that the DAO Report should be withdrawn. 

The Commodity Futures Trading Commission (CFTC)

The CFTC has broad regulatory authority over derivative markets for commodities, and general anti-fraud and anti-manipulation authority over the spot markets for commodities pursuant to the Commodity Exchange Act (CEA). Derivatives transactions subject to CFTC jurisdiction include futures, options, swaps and leveraged retail commodities transactions under the CEA. In recent years, the CFTC has asserted – and courts have affirmed – that certain digital assets qualify as “commodities” under the CEA. The agency has explicitly stated that bitcoin and ether are commodities subject to its jurisdiction, a conclusion that is widely accepted.

In March and April 2025, the CFTC signalled a regulatory shift in its approach to digital asset derivatives by rescinding two key staff advisories and launching a public consultation. On 27 March 2025, citing increased market maturity and internal expertise, the CFTC withdrew Advisory 18-14, which had outlined heightened staff expectations for virtual currency derivatives listings. The following day, citing a desire to avoid treating such products differently from others, the CFTC also rescinded Advisory 23-07, which had detailed how the agency would review clearing activities for digital asset-based products.

On 21 April 2025, CFTC staff issued a request for information (RFI) seeking public comment on the potential uses, benefits and risks associated with perpetual futures contracts – derivatives that track the price of an underlying asset without an expiry date. This effort aims to better understand how recent innovations – particularly the growth of perpetual contracts – may introduce new market risks.

The Treasury Department and the Financial Crimes Enforcement Network (FinCEN)

FinCEN is the arm of the US Treasury Department that is responsible, in the first instance, for enforcing the US federal laws and regulations relating to crimes involving the transmission of money, frequently working in conjunction with other federal agencies and bureaus, including the Federal Bureau of Investigation and the National Security Agency. This includes enforcing the BSA, which is a comprehensive AML/CFT statute. The BSA mandates that “financial institutions”, which include “money services businesses” and “money transmitters”, must collect and retain information about their customers and share that information with FinCEN. FinCEN guidance from May 2019 examined a number of hypothetical business models involving digital assets to provide guidance with respect to the application of the BSA. Not surprisingly, many businesses engaging in activity involving convertible virtual currency, a subset of digital assets, have an obligation to comply with the BSA.

The Treasury Department and the Office of Foreign Assets Control (OFAC)

OFAC is a division of the US Treasury Department that administers and enforces economic and trade sanctions to promote US national security and foreign policy objectives. OFAC can take enforcement action against entities in the USA that violate sanctions programmes. OFAC has taken several such actions relating to digital asset transactions – for example, BitGo, BitPay and Poloniex (a subsidiary of Circle). Each of these actions was settled, and OFAC emphasised that US sanctions compliance obligations apply to all US persons, and encouraged companies that provide digital asset services to implement controls commensurate with their risk profile, as part of a risk-based approach to US sanctions compliance. Further, OFAC published Sanctions Compliance Guidance for the Virtual Currency Industry in October 2021 to assist participants in the virtual currency industry in navigating and complying with OFAC sanctions.

In August 2022, OFAC designated smart contracts associated with the operation of Tornado Cash, a virtual currency mixer, to the Specially Designated Nationals (SDN) list, effectively prohibiting US persons from engaging in transactions with these contract addresses. This was a significant action and the first time that smart contract addresses were added to the SDN list. However, in late 2024, the Fifth Circuit ruled that OFAC exceeded its statutory authority by adding the suite of smart contract addresses comprising Tornado Cash to the SDN list because such smart contracts are not “property” subject to the sanctions jurisdiction asserted by OFAC within the meaning of the International Emergency Economic Powers Act. Since then, OFAC has removed the Tornado Cash smart contract addresses from the SDN list, reversing its earlier position.

The Consumer Financial Protection Bureau (CFPB)

The CFPB has authority pursuant to the Consumer Financial Protection Act (CFPA) to address unfair, deceptive or abusive acts and practices (UDAAP) with respect to financial products offered primarily for consumer use by certain “covered persons” as defined by the CFPA. To date, the CFPB has not pursued a case alleging a violation of the CFPA involving digital assets, despite initiating investigations into certain firms.

However, the CFPB issued significant guidance just prior to the change in administration clarifying how Regulation E of the Electronic Fund Transfer Act (EFTA) applies to digital payments, particularly in the context of rising fraud and person-to-person (P2P) payment platforms. While the CFPB had signalled plans to expand oversight – including by examining non-bank financial companies that pose consumer risks and potentially applying that scrutiny to digital asset products – its capacity to act has been substantially undermined by recent court rulings. In particular, decisions questioning the constitutionality of its funding structure have raised doubts about the CFPB’s future enforcement authority and agenda, which may delay or constrain the Bureau’s ability to regulate emerging financial technologies, despite prior ambitions to increase its activity in this area.

The Department of Justice (DOJ)

The DOJ enforces federal criminal laws, including those involving securities fraud, insider trading and market manipulation, often working in parallel with civil regulators such as the SEC. While the SEC pursues civil enforcement, the DOJ has authority to bring criminal securities charges, which are often paired with other alleged federal crimes such as wire fraud.

On 7 April 2025, the DOJ issued a memo, “Ending Regulation By Prosecution”, signalling a significant shift in its approach to enforcement related to blockchain technology and crypto-assets. The memo represents a significant reversal of the previous administration’s enforcement approach to the crypto-asset sector, and de-prioritises actions against software developers in favour of actions against those who use software systems to facilitate criminal conduct. By directing federal prosecutors to focus on cases involving harm to investors or the use of crypto-assets in serious crimes such as terrorism and trafficking, the DOJ is implementing the Trump administration’s broader policy of reducing regulatory barriers to crypto-asset innovation. This shift aligns directly with Executive Order 14178’s stated goal of “protecting and promoting” access to blockchain networks and banking services for lawful users without persecution.

State Regulators

State attorney generals

State enforcement actions – led by Attorneys General (AGs), securities regulators and money transmission authorities – are expected to intensify as federal oversight of digital assets evolves. State AGs have broad authority under consumer protection laws and have increasingly targeted crypto-related platforms for allegedly unfair or deceptive practices. In particular, state securities regulators have pursued unregistered offerings and sales, while money transmission authorities have enforced licensure requirements for crypto exchanges and custodians.

Most recently, less than two months after the SEC dropped its lawsuit against Coinbase, on 18 April 2025 the Oregon State AG sued Coinbase for alleged violations of the Oregon Securities Law, asserting theories similar to those previously advanced by the SEC, namely that Coinbase unlawfully encouraged the sale of unregistered cryptocurrencies. As federal agencies reassess their regulatory posture, state-level enforcement is likely to become a more prominent mechanism for oversight.

State money transmission regulators

Historically in the USA, states rather than the federal government have been the primary regulators of “money transmitters”. Each state, other than the state of Montana, has independently passed a statute that defines the activities that constitute money transmission in that state. State laws generally define a money transmitter very broadly and typically include any entity that engages in “receiving money for transmission” or “transmitting money” or issuing or selling stored value. The scope of each state’s law, and its application to virtual currency, is dependent on how broadly the definitions of “money” and “money transmission” are interpreted by the applicable state regulator. As a result, exchanging virtual currency or facilitating payments in virtual currency may be subject to state-by-state regulation as money transmission.

While federal law requires only registration of money transmitters, state law requires licensing. It is significant to note that money transmission regulations are extraterritorial; a person must have a licence in every state in which it has customers. What matters from a jurisdictional standpoint is the location of the customer, not the location of the transmitter. States have taken different positions with respect to whether convertible virtual currency activities fall within the definition of money transmission.

State securities regulators

State securities regulators enforce and administer state-specific securities laws. These laws are often referred to as “blue sky” laws and are generally similar from one state to the next, but certain aspects can vary significantly. Many state securities statutes are derived from either the 1956 or 2002 version of the Uniform Securities Act.

State securities regulators have been very active in regulating cryptocurrency-related investment products and the sale of digital asset securities. In the cryptocurrency space, state securities regulators were first to file enforcement actions with respect to centralised lending businesses offering consumers interest payments in respect of cryptocurrency deposits. State securities regulators filed cases against BlockFi, Celsius and Voyager prior to their collapses, alleging that their products constituted investment contracts under the Howey test that required being registered under the Securities Act or offered pursuant to an exemption from registration.

There are no self-regulatory organisations in the USA specifically dedicated to blockchain or digital assets. There are a variety of trade groups dedicated to blockchain and digital assets, but none of them performs a formal regulatory or even quasi-regulatory function. Instead, these trade groups advocate on behalf of their members with respect to the adoption and regulation of blockchain technology and digital assets. There are, however, self-regulatory organisations associated with the securities and commodities industries that do have regulatory authority relevant to blockchain and digital assets, and these are discussed below.

The Financial Industry Regulatory Authority (FINRA)

FINRA is a government-authorised organisation tasked with the oversight of US-registered securities broker-dealers to ensure that they operate fairly and honestly. FINRA works under the supervision of the SEC and writes rules governing the activities of broker-dealers, examines broker-dealers for compliance with those rules, promotes market transparency to protect market integrity, and provides investor education.

FINRA has taken a specific interest in activities involving digital assets. It joined the SEC in putting out a joint statement regarding broker-dealer custody of digital asset securities in July 2019. The release dealt with the application of the customer protection rule pursuant to the Exchange Act, and the related rules, to digital asset securities. The joint statement provided guidance with respect to how digital asset securities may be custodied by broker-dealers, indicating several areas of concern. FINRA has also asked broker-dealers to notify it if they engage in activities related to digital assets, and has made digital assets an examination priority.

The National Futures Association (NFA)

The NFA is an industry-wide self-regulatory organisation for the commodity derivatives industry. It is a registered futures association designated by the CFTC and registers a number of different participants in the commodities derivatives markets. The NFA’s focus is to safeguard the derivatives markets, protect investors and ensure that members meet their regulatory responsibilities. 

On 23 January 2025, President Trump signed an Executive Order creating the Presidential Working Group on Digital Asset Markets. Chaired by investor and entrepreneur David Sacks, this group is tasked with evaluating the potential creation of a national digital asset stockpile and proposing criteria for establishing such a reserve, among other responsibilities. The order also suggests using lawfully seized cryptocurrencies to fill this stockpile.

Several federal prudential regulators have recently issued updated guidance related to digital assets. The OCC issued Interpretive Letter 1183 on 7 March 2025, rescinding prior guidance that required national banks and federal savings associations to obtain written supervisory non-objection before engaging in crypto-asset activities such as custody services, stablecoin reserve holding, and participation in distributed ledger networks. This action aimed to reduce regulatory burdens and encourage responsible innovation in the banking sector.

On 28 March 2025, the Federal Deposit Insurance Corporation (FDIC) issued new guidance (FIL-7-2025) clarifying that supervised institutions may engage in permissible crypto-related activities without prior FDIC approval, provided they manage associated risks adequately.

Subsequently, on 24 April 2025, the Federal Reserve withdrew its own guidance that had required state member banks to notify it prior to engaging in novel crypto-related activities, reflecting a significant policy shift towards a more permissive regulatory environment for banks engaging in crypto-related activities.

Judicial decisions have played an important role in interpreting the laws applicable to blockchain technology and digital assets. In the securities law context, these decisions fall into two categories of cases – those involving initial allocations of digital assets and those involving secondary transactions in tokens. Following the resignation of former SEC Chair Gary Gensler and the subsequent launch of the Crypto Asset Task Force, several SEC enforcement actions in the digital asset space were withdrawn or otherwise closed.

Judicial Decisions Involving Initial Allocations of Tokens

SEC v Ripple Labs

On 13 July 2023, Judge Analisa Torres of the Southern District of New York entered an order (the “Ripple Order”) deciding the key issues in Ripple Labs. In the Ripple Order, Judge Torres granted Ripple Labs’ motion for summary judgment with respect to two of the three categories of XRP distributions by Ripple Labs, and granted the SEC’s motion for summary judgment with respect to the institutional sales XRP by Ripple Labs.

In the Ripple Order, Judge Torres expressly rejected the SEC’s theory that a digital asset initially sold in an investment contract transaction thereafter “embodies” the elements of that investment contract. Instead, Judge Torres recognised that Howey is a facts-and-circumstances specific test that applies to a “transaction, contract or scheme” and applied that test to each category of XRP distribution at issue in the case.

Both parties appealed to the Second Circuit.  Most recently, the parties entered into a settlement agreement, bringing an end to the long running litigation.

SEC v Terraform Labs, et al

In Terraform Labs, Judge Jed Rakoff of the Southern District of New York expressed a notably different view from that of Judge Torres in the Ripple Order. Judge Rakoff declined to analyse different types of sales of the relevant digital assets by the defendants or to draw a distinction between the manner of sale of these assets, rejecting Judge Torres’s approach as set out in the Ripple Order on how secondary market sales should be treated differently from institutional sales under the Howey test. Instead, he emphasised that the economic reality of the entire scheme – including the marketing and promotional efforts by Terraform – must be considered when determining whether the transactions involved securities. The result once again highlights the significant uncertainty as to how courts will treat various types of transactions involving the sale of fungible digital assets. 

Judicial Decisions Involving Secondary Transactions in Tokens

SEC v Coinbase

On 6 June 2023, the SEC initiated a civil enforcement action alleging that Coinbase and certain affiliated entities were operating its crypto-asset trading platform as an unregistered national securities exchange, broker and clearing agency. A threshold question with respect to each of these alleged violations was whether the digital assets trading on the Coinbase platform should be treated as “securities”.

On 27 March 2024, Judge Katherine Polk Failla of the Southern District of New York denied Coinbase’s motion for judgment on the pleadings, concluding that the SEC had plausibly alleged that at least some of the crypto-assets traded on the Coinbase platform constituted “investment contracts” under the Howey test.

On 7 January 2025, Judge Failla granted Coinbase's motion for an interlocutory appeal. However, before the Second Circuit could consider the appeal, on 27 February 2025 the SEC filed a joint stipulation with Coinbase to dismiss the action and pending appeal, marking a significant shift in the SEC’s approach to crypto regulation under new leadership.

Less than two months after the SEC dropped its lawsuit against Coinbase, on 18 April 2025 the Oregon State Attorney General sued Coinbase for alleged violations of the Oregon Securities Law, asserting theories similar to those previously advanced by the SEC, namely that Coinbase unlawfully encouraged the sale of unregistered cryptocurrencies.

In early 2025, the SEC dismissed several high-profile enforcement actions against major cryptocurrency firms, signalling a notable shift in its regulatory approach under new leadership. These dismissals, many filed “with prejudice”, indicate a significant change in the SEC’s stance towards cryptocurrency regulation, moving away from aggressive enforcement actions and towards a more collaborative and transparent approach. This includes the SEC’s enforcement actions against Coinbase, Payward (dba Kraken), Cumberland, Consensys and Dragonchain. The SEC has also closed investigations without enforcement actions against multiple firms, including reported investigation closures against Robinhood Crypto, Uniswap Labs and Crypto.com.

Notable CFTC Actions

In September 2023, the CFTC brought enforcement actions against three DeFi platforms – Opyn, Deridex and ZeroEx (0x) – alleging that each facilitated trading of derivatives or leveraged products without proper registration, regardless of decentralisation claims, in violation of the CEA. The charges included operating unregistered trading platforms, failing to register as futures commission merchants, and lacking required customer identification programs. Each platform settled with the CFTC: Opyn paid a USD250,000 penalty, Deridex USD100,000 and ZeroEx USD200,000.

Notable Criminal Matters

On 20 November 2023, Sam Bankman-Fried was found guilty of two counts of wire fraud, two counts of conspiracy to commit wire fraud, conspiracy to commit securities fraud, conspiracy to commit commodities fraud and conspiracy to commit money laundering stemming from his activities at FTX and Alameda Research. He was later sentenced to 25 years in prison.

In August 2023, the DOJ filed a criminal indictment against two developers of Tornado Cash, an open-source privacy protocol that facilitates anonymous transactions by obscuring the origins of cryptocurrencies such as Bitcoin and Ether. The criminal case against the developers of the Tornado Cash software alleges that the developers engaged in a conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money transmission business. The indictment alleged that the defendants created, operated and promoted Tornado Cash, a cryptocurrency mixer that facilitated more than USD1 billion in money laundering transactions, and laundered hundreds of millions of dollars for the Lazarus Group, the sanctioned North Korean cybercrime organisation. Recently, prosecutors filed a letter with the court indicating that they would not be proceeding with one of the unlicensed money transmission counts alleged in the indictment, but would still be proceeding with the conspiracy to engage in unlicensed money transmission count. As of May 2025, the criminal trial of one of the defendants, Roman Storm, is scheduled to commence on 14 July 2025. The trial has been postponed multiple times due to disputes over expert witness disclosures and defence motions challenging the charges.

In April 2024, the developers of Samurai Wallet were criminally charged with conspiracy to commit money laundering and conspiracy to operate an unlicensed money transmission business. The indictment alleged that the defendants developed, marketed and operated Samurai Wallet, an application that included a service called “whirlpool”, which was a cryptocurrency mixer, and a service called “ricochet”, which was another tool to obfuscate the address initiating a transfer of crypto-assets. This case is still ongoing. 

In May 2024, the DOJ charged Anton and James Peraire-Bueno, brothers and MIT graduates, for allegedly orchestrating an illegal scheme that exploited Ethereum’s transaction validation process to obtain approximately USD25 million in cryptocurrency within a span of 12 seconds. The DOJ’s indictment accuses the brothers of manipulating MEV-Boost, a software used by Ethereum validators, to gain unauthorised access to pending private transactions – a practice known as Maximal Extractable Value (MEV) exploitation. This case is one of the first to target the integrity of blockchain validation mechanisms. Defendants challenged the charges, arguing that the actions were within the bounds of Ethereum’s open and permissionless protocol, and that the DOJ’s application of wire fraud statutes to this case represents an overreach. The case is ongoing.

It remains to be seen how these criminal cases – all of which allege that software developers committed crimes in connection with the operation of software they developed or used – proceed in light of the recent DOJ letter Ending Regulation by Prosecution described herein.

In 2014, the Internal Revenue Service (IRS) issued its first guidance with respect to virtual currency, noting that virtual currency is “property” for federal tax purposes and that general tax principles applicable to property transactions apply to transactions in which virtual currency is used. 

In 2019, the IRS issued further guidance addressing the tax implications of a hard fork. When a hard fork results in a taxpayer receiving new units of cryptocurrency over which they have dominion and control, they will have gross income as a result. If they do not receive any new units of cryptocurrency over which they have dominion and control in connection with a hard fork, they will not have any gross income.

In 2023, the Treasury Department and the IRS announced that they were soliciting feedback for upcoming guidance regarding the tax treatment of NFTs as a collectible under the tax code. Until further guidance is issued, the IRS intended to determine when an NFT is treated as a collectible by using a look-through analysis, under which an NFT is treated as a collectible if the NFT’s associated right or asset falls under the definition of collectible in the relevant section of the tax code.

In August 2023, the IRS proposed rules that would require “brokers”, including digital asset trading platforms, digital asset payment processors and certain digital asset hosted wallets, to file information returns and furnish payee statements, on dispositions of digital assets effected for customers in certain sale or exchange transactions. More recently, the IRS proposed that the new form 1099-DA be used by brokers in connection with reporting pursuant to the August rule proposal. Comments on form 1099-DA were being accepted until 21 June 2024. The finalised version of Form 1099-DA, along with its instructions, was published in January 2025. 

A lawsuit was filed by private litigants against the IRS in 2021 with respect to the taxation of staking rewards. The plaintiffs sought a refund on taxes paid on staking rewards earned on Tezos. The IRS subsequently authorised a full tax refund on the claim. The federal judge dismissed the case, as the action was moot after a tax refund was issued. In July 2023, the IRS issued Revenue Ruling 2023-14, clarifying its position that staking rewards are taxable as gross income when the taxpayer gains dominion and control over these rewards. The ruling applies to staking activities conducted directly on proof-of-stake blockchains as well as through cryptocurrency exchanges.

There are no ESG/sustainable finance requirements in the USA that specifically apply to digital assets. Though the SEC has required significant mandatory ESG disclosures of reporting organisations in the past, recently the SEC has been stepping back in regulating the area.

Certain legislative proposals regarding ESG and crypto-assets have been introduced, but none have passed and become law.

Data privacy laws are enacted at the state level in the USA. There are differing obligations in each state with respect to data privacy. Practically speaking, this means that companies with a national footprint will seek to comply with the most robust state-level data privacy law. The California Consumer Privacy Act (CCPA) is the most robust state data privacy law, and became effective in 2020. 

Among other things, the CCPA provides consumers with the following rights:

• the right to access data collected about them by covered businesses;
• the right to delete that data; and
• the right to opt out of data collection altogether.

Covered businesses also need to provide consumers with a privacy notice, with two or more methods to opt out of the sale of personal information, and are prohibited from using opt-out mechanisms that make it difficult for a consumer to execute and have the effect of subverting the consumer’s choice to opt out. The CCPA does not directly implicate blockchain, but any covered business using blockchain to gather, store or refer to customer information should have compliance with the CCPA in mind.

Data protection laws are also enacted at the state level in the USA. The CCPA has a data protection component requiring covered businesses to implement and maintain reasonable security procedures. Similar data protection laws have been passed in other states, as have data breach reporting statutes. These laws do not specifically apply to the use of blockchain-based products or services.