Intro to Legal in Web3

George Goognin
February 10, 2022

Rep. Brad Sherman (D-CA) on Cryptocurrency, Bitcoin, Doge, HamsterCoin, CobraCoin and MongooseCoin

There are lots of rumors about the legal side of crypto. The SEC, Chinese government, presidents, and central banks around the world constantly publish contradictory statements. Every time people hear signals from the "ruling boomers," the market pumps and dumps.

Some countries like Switzerland, Luxembourg, Japan, and Latvia have developed clear crypto legislation, while others are in progress. But the one principle is common around the globe: institutions judge any particular crypto transaction depending on the underlying human relationships.

Let's test the waters.

Security Tokens

One of the main fears of creators in web3 is having problems with the SEC or another financial regulator. Historically, governments try to protect small, unqualified (retail) investors from fraud. As a result, securities laws are full of complex conditions, and the legal responsibility for violations can be devastating.

It's actually quite easy to check whether a token is a security or not. A token is a security if it creates expectations to receive profits derived from the efforts of others. 

If you want to jump down the rabbit hole — feel free to read the SEC article about Howey Test and its application to tokens. While the nuances of legal frameworks may vary, the majority of the countries apply almost the same logic to define securities.

Some examples of securities from the fiat world:

  • Equity shares. They provide dividends and other potential distributions while the owner sits on a couch.
  • Bonds. They pay interests with no work done by the holder.

Some examples from web3:

  • Tokenized stocks, bonds, ETFs, etc.
  • Tokens that allow owners to receive a piece of a protocol's income just by holding them, for instance: 
  • Curve, Uniswap, and other DeFi protocols with APYs.
  • Some DAO governance tokens which distribute protocol revenues.
  • Protocols that promise regular token buybacks to pump the price. They don't distribute dividends but declare that the core team will buy tokens from the market using some schedule or targeting some price levels. These tokens are securities because they create an expectation of a price pump made by someone other than the token holders.

How can I avoid accidentally violating laws regarding securities?

The most important rule is: don't promise any profits to your token holders without them doing any work.

A common pushback: 

— Web3 builders: “Hey, but we're a decentralized protocol with an anonymous team!”

— SEC: “No way, ser, we will find and scrutinize you, it's only a matter of time.”

While it may sound scary for those of us in tech, you can actually issue SEC-compliant security tokens. It's a separate topic that requires a deeper dive, but the TL;DR is: 

  • It will cost you $20-85k and 1-6 months of work with experienced attorneys.
  • You will be able to organise secondary trading only through licensed trading systems (mostly slow and expensive platforms these days).
  • Each of your token holders will have to pass KYC/AML.

The primary US-based venues for issuing security tokens are Vertalo and Securitize. This industry is quite weak today, but it will definitely grow as regulators do their jobs, and more institutional investors will join the party.

Utility Tokens

If you don't want to mess with regulators, you'd better build a utility token. Utility tokens provide some value in a specific ecosystem, for instance:

  • Enabling extra features in software.
  • Providing discounts for in-app purchases.
  • Giving in-app perks and privileges.

The best example is Axie: people have to play the game (do some work) to earn tokens. And these tokens could be used inside the game to get some perks.

Another example of a utility token? Airline miles or any rewards programs. In these situations, a user must do some tasks to get the token: fly X miles, buy Y kilos of sushi, etc. Consequently, the user can spend the token for perks like business lounges or free deliveries.

For these use cases, you can legally distribute utility tokens across web3 protocols without KYC and other regulatory restrictions.

Property Tokens

Property tokens are a representation of proof of ownership of a “thing”. The "thing" could be something material (cars, houses), virtual (art, music), or even a contract (intellectual property).

Some examples of property tokens are NFTs and tokenized real estate. They don't yield value to you automatically; you own them and can sell or rent them yourself. Consequently, they’re a safe harbor in crypto from a legal perspective.


The best examples of cryptocurrencies are BTC and ETH. Some of the primary features of a cryptocurrency from a legal perspective are:

  • You can buy and sell these tokens.
  • You have to do some work to get a yield or an income distribution: mainly, you need to provide your hardware to serve the network.

Even though cryptocurrencies are not securities, their usage can be banned in some countries. These regulations change daily, so it's your responsibility to track your laws in your country of residence.


There are lots of situations in which web3 products promote something along the lines of: "buy our token and get a draw ticket!". Unfortunately, private lotteries are illegal in most of the countries around the world and across the US.

The most common definition of a lottery: the act of selling an opportunity to win a prize where the probability of winning doesn't depend on the work of the buyer. Those of you who are legal bookworms can drill down into the U.S. Code regarding this topic.

However, there are some workarounds to being declared a lottery if you want to excite your community with draws:

  • It's okay if a person is engaged in provable work to get a random trophy: for example, passing a quiz, inviting a friend, playing X hours of game, you name it.
  • It's also okay if your draw participation is free.

Taxes and Pensions

The tax system in the US and other countries is far too complex to be discussed in a single article. Still, the general rule for web3 assets stays the same around the world: tokens are treated by tax agencies according to their underlying nature (security, property, etc.). In particular, the IRS treats cryptocurrencies (BTC, ETH, etc) as a property (see IRS FAQ).

One mistake that many people make: it’s common to believe that tax agencies will not reach out to you because crypto is anonymous. Please don't bet on this. In fact, crypto is much more transparent than paper cash: 

  • Coinbase has 73 million users who have attached their wallets to KYC info.
  • Large institutional investors and countries hold a few million BTC each.
  • Most importantly, all transactions are carved out of stone in public blockchains and have a public record.

This article contains no investment or tax advice. Do your own research, talk to attorneys, and stay safe.

About the Author

George Goognin has consulted with a few government bodies on crypto legislation worldwide, co-authored crypto-related federal laws, and executed the first legal utility-to-security token conversion in the world.

He's now building Evita DAO to make real estate a no-brainer for the people. Evita allows you to invest in the highest yield real-estate development products using security tokens, donate office and housing rentals to communities. In the future, Evita plans to build affordable houses at scale.

More articles