Initial Coin Offerings: Benefits and Legal Risks on the New Frontier of Investing


t takes a lot to build a successful business.  Entrepreneurs need a great idea, dedication and a hearty appetite for risk.  That’s not to mention the more practical considerations, like employees, legal and accounting, work space, computers, software and technology, marketing, advertising, publicity, and the list goes on.  How, one may ask, can a business just getting on its feet do all of this?  The answer is at once simple and obvious, yet extremely complex: money.

Most early-stage companies require some amount of start-up capital if they hope to grow the business.  As a result, entrepreneurs and their attorneys have invented numerous creative ways to raise money.  Examples include selling equity, the convertible promissory note, the “simple agreement for future equity” (SAFE), which eliminates the debt features of the note, and the “keep it simple security” (KISS), which aims for a fair balance between company and investor.  Increasingly popular for certain projects are crowd-funding campaigns on platforms like Kickstarter and Indiegogo, where businesses can pre-sell products, offer rewards for donating money, or even sell equity in the company.

From this morass of fundraising methodologies has emerged yet another way to raise money for early-stage businesses, this one with the added flair of cryptocurrency (think, Bitcoin) and blockchain technology (essentially, a decentralized digital ledger of transactions): the initial coin offering (ICO).  Fueled partly by the sharp rise in the value of Bitcoin (the original cryptocurrency), companies have raised more than $1.7 billion in ICOs as of mid-September this year.  This blog post will briefly describe the mechanics of ICOs (without getting too technical), and highlight some of the features and legal risks associated with this type of investment.

ICO Raises, Generally

In an ICO, the startup (typically in cryptocurrency or blockchain-related industries) sells a newly-minted cryptocurrency or token, rather that debt or stock in the company.  Tokens may come with various rights, such as voting and rights to profits, among others.  The upside for investors is that the currency or token they purchase in the ICO is publicly tradeable via cryptocurrency exchanges in worldwide markets either for other cryptocurrencies, like Bitcoin, or government-backed currency.  As a result, the value of the tokens purchased in an ICO can increase dramatically.  For example, blockchain innovator Ethereum sold its currency, Ether (ETH), in an ICO for 0.0005 Bitcoin per ETH.  ETH, as of the writing of this post, is worth 0.074 Bitcoin (or, over $300), an increase of over 14,500%.

The ICO is attractive for companies looking to raise money because it is perceived to be unregulated (more on this below).  As a result, companies save money normally spent complying with SEC regulations and federal and state laws.  ICOs are most commonly administered through an online smart-contract system that automatically processes the transaction, so they are more efficient and cost less in legal fees (for more on smart contracts please read “Get Smart: Why Cost Cutting Should Not Elevate Forms Over Substance”).  In addition, the system is accessible to everyone worldwide, so the potential investor pool is enormous.

The ease, low cost and high growth potential inherent in ICOs has led to a number of stunning ICO raises.  For example, a web browser company called Brave raised $35 million in a mere 30 seconds, Bancor, a company focused on creating liquidity and trade-ability in cryptocurrencies, raised $140 million in a matter of hours, and cloud storage company Storj raised $30 million, all via ICOs.

ICOs allow companies to raise large amounts of capital very quickly and cheaply.  However, there are legal risks that potential investors and companies should bear in mind before joining the ICO fray.  Concerns about regulation, hacking, and fraud should temper the eager fundraiser and investor’s approach.

ICO Regulation

ICOs are widely regarded as “unregulated.”  However, this is not necessarily the case, and companies looking to raise money through an ICO should be circumspect in determining whether they must comply with securities laws.  U.S. securities laws regulate “investment contracts,” which have been defined by the U.S. Supreme Court as “the presence of an investment in a common venture premised on a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others.”  This principle is typically applied broadly in order to satisfy the purpose of compelling full and fair disclosure in connection with the myriad ways to invest in a company.

Stemming from an investigation of an ICO gone wrong (more on this below), the SEC determined that crypto-tokens issued in an ICO by an organization called The DAO were, in fact, securities regulated under the Securities Act and the Securities Exchange Act.  The SEC noted that investors in The DAO exchanged ETH cryptocurrency for The DAO’s own tokens, DAO tokens.  The SEC stated that this kind of investment “is the type of contribution of value that can create an investment contract.”  Further, the SEC determined that investors who purchased DAO tokens reasonably expected to earn profits through their investment in The DAO ICO, because of promotional materials disseminated before the offering.  These materials stated that The DAO was a for-profit entity aiming to fund projects in order to make a return on investment.  Lastly, the SEC determined that the ICO investors reasonably expected to rely upon the significant managerial efforts of The DAO founders.  The SEC concluded that The DOW ICO was an issuance of securities that should have been registered, unless it qualified for an exemption from registration.

The SEC stopped short of a broad statement asserting that all ICOs are offers of securities subject to regulation under U.S. securities law.  However, the report on the investigation of The DAO ICO counsels caution in considering whether to raise money through an ICO, and whether to register an ICO with the SEC.  Companies should consult their attorneys in the early planning stages of ICOs to ensure compliance with applicable laws.

Hacking and Fraud

Another risk to both investors and companies in the ICO space is hacking.  In the DAO ICO described above, the SEC took notice because, after the DAO tokens were sold in the ICO, hackers exploited a flaw in the ICO system and stole $50 million, around one-third of The DAO’s assets.  Similarly, in an ICO held by startup CoinDash, hackers were able to alter the address used to solicit investors, resulting in a diversion of investor funds to the hackers.  In another attack, hackers stole almost $500,000 from potential investors in startup Enigma by impersonating the company.  The security risks involved in ICOs are substantial, and both investors and companies looking to raise money would be wise to exercise a great deal of care and implement proper security protocols when offering and participating in ICOs.

ICOs may also be used to defraud investors.  Fake companies may purport to offer legitimate ICOs, and then abscond with investor money.  The SEC has also warned investors of pump-and-dump schemes, where companies or individuals artificially inflate stock prices by promising huge returns through ICOs, and the then dump shares at the inflated price.  In fact, the SEC has suspended the trading of four companies due to fraud-related concerns about their ICOs.  Similarly, in response to allegations of wide-spread fraud in ICOs, the Chinese government has banned ICOs.  To avoid fraud, investors should thoroughly research ICOs before investing and consult with legal counsel.


ICOs are an increasingly popular way for startups to raise money from a broad investor base.  However, both companies looking to raise money and investors looking to invest should be sure to comply with applicable laws, and to rigorously vet any potential investment to avoid fraud.  Further, ICO participants should note that hacking is a significant risk, and take stringent security precautions.

Filed in: Legal Blog

October 9, 2017