Skip to main content


Three Things to Look Out for in Initial Coin Offerings

Introduction, the first major retailer to accept Bitcoin, made headlines in the fall of 2017 with its plans to launch the first regulated exchange designed specifically for trading virtual tokens classed as securities in the U.S. And how is Overstock funding this new exchange? By launching its own initial coin offering, or “ICO”, of course. The ICO, conducted by Overstock’s tZERO subsidiary, will raise funds to build the exchange through the creation and sale of a tZERO virtual token, which investors can later redeem for services and even trade on the resulting exchange. If successful, the tZERO platform could help provide much needed transparency, oversight and liquidity to the notoriously unregulated and volatile ICO market. However, ICOs are a relatively new form of fund-raising and come with a myriad of legal and commercial complexities that must be considered – indeed, the tZERO ICO was delayed several times before launching on December 18. To help you navigate this complex new area, this alert examines three key things to look out for if you’re considering launching an ICO – or investing in one. But first, let’s take a closer look at ICOs and the surrounding regulatory framework.

What is an ICO?

An ICO is a digital way of raising funds in which supporters invest – either using traditional currency or, more often cryptocurrencies such as Bitcoin or Ether, as payment – and receive proprietary digital “tokens” which become working currency within the issuing enterprise. If the enterprise is successful, demand for the tokens should increase and token holders will benefit from the resulting price appreciation when selling the tokens on a secondary market, or from the ability to use the tokens within the enterprise.

ICOs share common traits with both traditional IPOs and crowdfunding (raising amounts of money from a large number of people). Like IPOs, the sponsors of an ICO raise capital from the public in order to fund growth (in the case of ICOs, generally to develop a product or service, referred to as projects). However, unlike equity issued in an IPO, tokens typically do not confer any ownership interest in the project – they may simply grant the holder a right to use the token on the issuer’s platform as a means to obtain goods or services or they may be viewed as an investment with the hope of increased value on a subsequent sale. Moreover, while IPO investors are primarily focused on financial return, ICOs have tended to target supporters who hope to use the issuer’s product or service and want to get behind the project – a feature that is more akin to crowdfunding. But ICOs also differ from traditional crowdfunding because the backers of ICOs are motivated by a potential return on their investment, while the contributions made in a crowdfunding event are more akin to donations.

ICOs have generated significant criticism from regulators around the world.  Due to their vulnerability to extreme price volatility, low liquidity, market manipulation and fraud, China and South Korea have banned ICOs outright. The U.S. Securities and Exchange Commission (SEC) and the UK Financial Conduct Authority have on several occasions warned investors of the dangers involved in investing in ICOs and have recently stepped up enforcement in this space.[1] Despite this, ICOs are proving increasingly popular with startups and entrepreneurs because of the potential to raise significant capital with less complexity and fewer administrative burdens compared to the traditional venture capital process, which usually requires granting an equity stake (and hence relinquishing some degree of control) to investors, preparing detailed business plans and undergoing financial and operational due diligence. Indeed, ICOs are reported to have raised more than $4 billion in 2017.

ICOs in a regulatory framework

Are Tokens Securities? The Howey Test

Depending on how an ICO is structured, virtual tokens may be considered securities, and therefore subject to U.S. federal securities law. In a recent investigation,[2] the SEC found that tokens issued in an ICO by a virtual venture fund called the DAO, were securities. The DAO planned to use the capital raised (the equivalent of approximately $150m USD) to invest in startups and new projects. Investors in the DAO would be entitled to vote on which projects to fund and would receive a portion of the earnings from the underlying investments.  The tokens could also be bought and sold on the secondary market. 

Under the Howey test, investment contracts (a type of security under Section 2(a)(1) of the Securities Act) are defined as an investment of money in a common enterprise with an expectation of profits derived solely from the entrepreneurial or managerial efforts of others. The SEC applied the Howey test to find that the DAO tokens were investment contracts, and therefore securities subject to U.S. securities laws. The DAO tokens had a number of equity-like features favoring this conclusion. Promotional materials informed potential investors that the objective of the DAO was to fund projects in exchange for a return on investment, and token holders were entitled to a share in the profits of funded projects, akin to dividends.  Profits would be driven by the efforts of the “curators” of the DAO, who were responsible for vetting and putting forward project proposals for consideration.  In its investor bulletin on ICOs, published earlier this year,[3] the SEC made the point that ICOs may involve the offer and sale of securities – and whether a particular ICO does so will depend on the specific facts and circumstances.

Utility vs. Security tokens

What is less clear from the SEC’s report on the DAO is whether pure “utility” tokens would fall within the definition of a security. If a token’s sole purpose is to enable token holders to exchange the tokens for services on the platform, then arguably it will not meet the “expectation of profit” and “solely from the efforts of others” prongs of the Howey test. However, merely calling a token a “utility” token or structuring it to provide certain functionality does not prevent the token from being a security. Issuers may face trouble convincing the SEC that their token is solely a “utility” token because tokens are generally sold to fund future projects and most investors appear to buy tokens primarily not for their utility, but because they are hoping that their value will quickly appreciate and they can sell them on the secondary market for profit. In fact, the Chair of the SEC has said that he has yet to see an ICO that doesn’t have sufficient indicia of being a securities offering. In addition, on December 11, 2017 the SEC instituted a cease and desist order[4] against Munchee, an ICO sponsor. Munchee had planned to issue tokens to the general public and had argued in its white paper that its tokens were “utility” tokens, and thus not subject to U.S. securities regulations, a conclusion the SEC disagreed with.

3 Things to look out for in an ICO

1.  Structuring the ICO – exemptions and alternatives

As evident from the above, a key consideration of any ICO is whether the tokens offered may be considered securities. While the SEC did not charge the sponsors of the DAO with violating securities laws – presumably because of the novel nature of the issues considered – those who participate in an unregistered offer and sale of securities risk violating Section 5 of the Securities Act. Sponsors considering promoting an ICO should therefore carefully consider whether the tokens offered might be classed as securities, and if so, what registration and disclosure obligations would be required. 

In addition, it may be possible to structure the ICO within a suitable exemption in order to reduce the regulatory burden. For example, Filecoin (a network supplying digital storage space) which conducted its ICO in August 2017, used a two-step structure to avoid the registration requirements of the Securities Act.  In the first step, funds are only raised from accredited investors. This allows the sponsors to rely on the exemption available under Rule 506(c) of the Securities Act. Investors in the “pre-functional” network are not issued tokens. Rather, investors enter into a Simple Agreement for Future Tokens (SAFT) with the project, pursuant to which the project commits to deliver tokens to the investor at such time as the network became functional. As a second step, once the network becomes functional, the project issues tokens to the initial investors under the SAFT agreements, and may issue tokens to additional investors, including non-accredited investors. Limiting investment in a pre-functional network to accredited investors allows the project sponsors to rely on an exemption from the SEC registration requirements and then, once the project becomes functional, the tokens issued may be viewed as “utility” tokens not subject to classification as securities.

2. Disclosure – “White papers” are not prospectuses

To date, sponsors looking to raise funds through an ICO have typically published a “white paper” setting out a business plan and timetable for the ICO, the price of the tokens and any minimum or maximum amounts to be raised. The problem with such white papers is that they typically do not include the level of detail provided in a Securities Act compliant registration statement. Instead, white papers are often vague and ambiguous, offering little protection to investors.

If an ICO were conducted in accordance with the SEC registration process, the Securities Act would require the offer to be accompanied by “full and fair disclosure”, consisting of a registration statement containing the information necessary to enable prospective purchasers to make an informed investment decision. Notwithstanding that ICOs seek to rely on exemptions from registration, we are already seeing a shift in the market towards greater disclosure. For example, Filecoin provided an offering memorandum that went beyond a typical white paper, outlining several risks associated with investing in the Filecoin project and blockchain technologies generally. The SEC has recently urged market participants – and their advisors – to pay particular attention to SEC guidance on treatment of ICOs. Companies launching an ICO would be well advised to obtain proper legal advice on the applicable regulatory requirements and preparation of associated documentation, and investors should ensure that they receive appropriate and informed disclosure.

3. Remember – technology is vulnerable

Because ICOs take place online and often involve payment by virtual currencies such as Bitcoin or Ether, funds that are lost due to fraud are notoriously difficult to trace and recover. Another important consideration is that ICOs are vulnerable to cyber-attacks – especially given the amount of money being put into ICOs at the moment. The DAO lost approximately $50 million of investor funds when its system was breached after a hacker took advantage of a flaw in the code. The DAO was reportedly able to return lost funds to some investors after a majority of the Ethereum community voted in favor of a controversial mechanism known as ‘forking’ the blockchain, but the DAO was eventually delisted from most major exchanges. Attacks such as these have the potential to significantly harm, and even bankrupt, the underlying project (not to mention the resulting reputational damage), leaving issuers and investors with nothing. As such, care should be taken to ensure that the applications on which tokens are issued and traded are sufficiently protected.

Where to next?

Despite these hurdles, the appeal of ICOs is clear – the tZERO ICO reportedly raised $100m in its first day. This, combined with growing acceptance of cryptocurrencies and blockchain technology, means that we are likely to see more ICOs in the near future. However, we can also expect increasing attention and oversight from regulators, both in the U.S. and beyond.  Recent enforcement actions indicate that ICOs are becoming an area of focus for the SEC – the SEC didn’t set up its Cyber Unit for no reason. If you are considering launching or investing in an ICO, getting proper legal advice to navigate this complex regulatory environment is key. If you are interested in discussing ICOs further, please do get in touch.


[1] In September 2017, the SEC formed a new Cyber Unit, which focuses in part on cyber-crimes involving blockchain technology and initial coin offerings. On December 4, 2017, the Cyber Unit brought its first enforcement action, which related to a fraudulent initial coin offering promising astronomical returns to investors. See