Cryptocurrency Regulation and Enforcement at the US Federal and State Levels

Skadden Insights – September 2021

Alexander C. Drylewski Eytan J. Fisch Stuart D. Levi Jessie K. Liu Peter B. Morrison William E. Ridgway

In recent months, the increased focus on cryptocurrency regulation and enforcement at both the federal and state levels demonstrates the digital currency’s place as an established component of the financial landscape. At the same time, the cryptocurrency industry has become more attuned to and engaged with government. Growth in this space appears likely to continue. Below we discuss some of the recent notable legislation, regulation and enforcement developments in this industry.

Federal Government


On August 10, 2021, the U.S. Senate passed a $1 trillion bill aimed at increasing infrastructure funding over the next eight years. To help pay for these expenditures, the Senate included a provision imposing reporting requirements on cryptocurrency “brokers,” with estimates that such reporting would allow the Internal Revenue Service to collect an additional $28 billion in tax revenue over 10 years. But the broad definition of broker — any person responsible for regularly providing any service effectuating transfers of digital assets on behalf of another person — sparked significant backlash throughout the cryptocurrency community, resulting in several days of proposals and counterproposals among legislators. While the original definition remained in place, the debate marked the most serious consideration of a cryptocurrency issue by either chamber of Congress.


On September 21, 2021, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued an updated advisory about the sanctions risks of facilitating ransomware payments using cryptocurrencies. OFAC’s advisory reminds organizations that it applies a strict liability standard when imposing civil penalties for sanctions violations. Thus, organizations may be liable for making a ransomware payment even if they do not know that the recipient has been designated a malicious cyber actor by OFAC. If a payment is made to a sanctioned entity, the advisory noted that OFAC would consider in its enforcement response: (1) whether the organization took meaningful steps to reduce the risk of extortion by a sanctioned actor, citing practices highlighted in the Cybersecurity and Infrastructure Security Agency’s (CISA) September 2020 Ransomware Guide; and (2) whether the organization reported the attack “to appropriate U.S. government agencies,” as well as “the nature and extent of [any] cooperation with OFAC, law enforcement, and other relevant agencies, including whether an apparent violation of U.S. sanctions is voluntarily self-disclosed.”

On the same day, OFAC also issued its first-ever sanctions against a crypto exchange, designating the exchange SUEX as a malicious cyber actor. According to the Treasury Department’s press release, over 40% of SUEX’s known transactions are associated with illicit actors, and SUEX was sanctioned for providing material support to the threat posed by criminal ransomware actors. Under OFAC’s sanctions, all of SUEX’s property and interests in property that are subject to U.S. jurisdiction are blocked, and U.S. persons generally are prohibited from engaging in transactions with the exchange. Further, entities in which SUEX owns 50% or more also are blocked. According to the Treasury Department, financial institutions and other entities that engage in transactions with SUEX may also expose themselves to sanctions or be subject to an enforcement action.

Additionally, in August 2021, SEC Chairman Gary Gensler spoke about cryptocurrencies at the Aspen Security Forum, generally calling for increased regulatory and enforcement scrutiny. “We have a crypto market now where many tokens may be unregistered securities, without required disclosures or market oversight,” he said. This asset class is “rife with fraud, scams and abuse in certain applications,” he continued, explaining how this leaves prices open to manipulation and investors vulnerable. “Right now, we just don’t have enough investor protection in crypto. Frankly, at this time, it’s more like the Wild West,” he commented. He also noted that the SEC will use the full extent of its powers and will pursue more authority from Congress to “prevent transactions, products and platforms from falling between regulatory cracks.” Similarly, in an interview with the Wall Street Journal, Chair Gensler reiterated that he would ask Congress to help legislate a solution to fill regulatory gaps.


This summer, parties in numerous notable cryptocurrency-related enforcement cases reached settlements:

  • On July 14, 2021, the SEC settled charges against U.K.-based Blotics Ltd., formerly doing business as Coinschedule Ltd., for violations of Section 17(b) of the Securities Act. According to the SEC order, Coinschedule operated a website that profiled and ranked more than 2,500 offerings for digital tokens, claiming to list the “best” initial coin and exchange offerings. The SEC determined that the publicized tokens included “securities,” and Coinschedule failed to disclose that it received compensation from issuers to profile their tokens. The SEC concluded that failure to disclose this compensation violated the “anti-touting” provisions of the federal securities laws; but the decision did not provide clear guidance as to whether and when cryptocurrencies qualify as securities.
  • On August 6, 2021, the SEC settled charges against Blockchain Credit Partners and its two founders for purportedly using decentralized finance (DeFi) technology to sell over $30 million of unregistered securities and for misleading investors about the company’s operations and profitability. According to the SEC order, Blockchain Credit Partners sold two types of digital tokens on its DeFi Money Market platform. One of the tokens, a payment token called mToken, paid 6.25% interest. The other token, DMG, is a governance token that gave holders voting rights and a share of profits. The SEC alleged that DMG holders had the ability to resell the governance tokens for profit in the secondary market. Notably, the SEC explained that labeling DMG as a governance token and mTokens as decentralized did not prevent the agency from concluding that the tokens constituted unregistered securities under the securities laws.
  • On August 9, 2021, the SEC settled charges with Poloniex, the operator of a web-based platform that facilitated the buying and selling of digital assets that allegedly constituted unregistered securities. According to the SEC order instituting cease-and-desist proceedings, the trading platform qualified as an “exchange” under applicable securities laws because it provided the nondiscretionary means for trade orders to interact and be executed. The SEC alleged that beginning in August 2017, Poloniex employees “aggressive[ly]” sought to increase their market share in the trading of digital assets by listing new digital assets on its platform. Poloniex served both U.S. and international users but did not register as a national securities exchange nor qualify for an exemption. The SEC alleged that Poloniex thus violated Section 5 of the Securities Exchange Act as a result.
  • On August 10, 2021, BitMEX, a cryptocurrency exchange and derivatives trading platform owned and operated by Seychelles-based HDR Global Trading Limited, entered into a global settlement with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and the Commodity Futures Trading Commission (CFTC).1 The settlement resolved civil claims that BitMEX offered cryptocurrency derivatives to U.S. individual and institutional customers without registering with the CFTC, operated a facility to trade or process swaps without being approved as a designated contract market or a swap execution facility and failed to comply with U.S. anti-money laundering (AML) laws to maintain an adequate AML compliance program. In total, BitMEX paid a $100 million penalty to FinCEN and the CFTC, with $20 million of the FinCEN penalty suspended pending the completion of two independent consultant reviews. Both the CFTC and the Department of Justice (DOJ) proceedings and the DOJ’s criminal case against BitMEX’s founders, brought in October 2020, remain ongoing.2
  • On September 1, 2021, the SEC sent a Wells notice to publicly traded cryptocurrency exchange Coinbase, stating it would sue if the company proceeded to launch its Lend product, which allows consumers to earn interest on cryptocurrency holdings. Coinbase’s chief legal officer responded in a blog post stating the company had engaged with the SEC regarding Lend for some six months and arguing that Lend is not a security. Coinbase’s stock dropped more than 3% after the Wells notice became public. Shortly after the Wells notice, Coinbase canceled the launch of Lend.

State Governments

State governments also have become increasingly involved in regulating cryptocurrency.


On April 21, 2021, Wyoming Gov. Mark Gordon signed Bill 38, allowing the state to legally recognize decentralized autonomous organizations (DAOs) as limited liability companies. Generally, DAOs make governance decisions and implement certain actions through the use of blockchain-based “smart contracts” (i.e., pieces of computer code that execute specified functions when given certain data). DAOs do not have centralized managers or executives. Wyoming’s law requires that a DAO maintain its presence in the state through a registered agent and include proper designation in its articles of organization (self-identifying as a DAO, DAO LLC or LAO (limited liability autonomous organization)), but ensures that members of a DAO will not be held personally liable for the debts and liabilities of the company, addressing a concern that a DAO could be construed as a partnership.


Since July 2021, the securities regulators of five states — Alabama, Kentucky, New Jersey, Texas and Vermont — have issued cease-and-desist or show cause orders against BlockFi, Inc., BlockFi Lending, LLC and BlockFi Trading, LLC regarding the BlockFi companies’ interest-bearing cryptocurrency accounts. BlockFi is a financial services firm that purports to generate revenue through cryptocurrency trading, lending and borrowing and by engaging in proprietary trading, and its interest-bearing cryptocurrency accounts have raised at least $14.7 billion worldwide. In general, the states have alleged that BlockFi’s interest-bearing accounts are unregistered securities whose sale violates the states’ securities laws.


Clearly, cryptocurrency is not going away, and neither are the government’s efforts to regulate it. In coming months and years, we can expect growing focus on this rapidly developing area of the law.


1 Both the FinCEN and CFTC settlement involved several entities operating as an integrated, common enterprise known as BitMEX.

2 As discussed in the October 2020 edition of The Distributed Ledger: Blockchain Digital Assets and Smart Contracts, the DOJ announced indictments of the founders and some executives of BitMEX for alleged violations of AML requirements under the Bank Secrecy Act.

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.