One of the common refrains we’ve heard from SEC Chair Gary Gensler, as well as his predecessor Jay Clayton, is that the SEC is interested in protecting consumers from risky situations. The industry has expressed its opposition to recent moves by the SEC to (possibly) establish oversight of the digital currency sector, particularly decentralized finance (DeFi) platforms and projects.
Here’s the thing, though: It’s hard to argue Gensler doesn’t have a point. Crypto users lost millions over the past seven days for various reasons, and they don’t currently have much recourse beyond hoping the platforms can either recover their lost funds or will otherwise make them whole.
It’s worth asking whether the SEC would be as forward about regulating crypto if these concerns were mitigated through other means. I’ve reported on Gensler for the past year and change, and several individuals I’ve spoken to say he’s sincere when he says he’s solely interested in protecting consumers (as opposed to him just conducting a “power grab” over the cryptocurrency industry for its own sake).
In fairness, the $100 million to $200 million lost in the last week may not seem like that much when compared to crypto’s current $1.8 trillion market cap. But that’s still someone’s money that is now irrevocably gone.
Here’s the playbook: A project launches. Sometimes the code is audited. Sometimes it isn’t. On occasion this project is exploited. A rogue programmer finds an accessible endpoint in the wild or a savvy huckster somehow acquires admin access keys or users are fooled into sending millions of dollars worth of crypto to a shady address.
At any rate, you now have users who are out some money. For those who have funds in excess (*cough* they’re rich enough that the loss of a few thousand or even million dollars is no big deal), this may be at most an inconvenience. For everyone else, though, this could be catastrophic, and certainly harmful.
There's no consistency in how companies respond right now, either. Some companies offer refunds or find ways of making users whole. If we dig through the archives, exchanges like Bitfinex created its own tokens that it distributed to users. The tokens were redeemable for equity (or $1 apiece). Others raise funds to distribute to users.
Other companies take completely different routes. Yuga Labs, the force behind the Bored Ape Yacht Club, for example, offered an apology for clogging up the Ethereum blockchain and contributing to high gas prices, and suggested it would simply build its own layer 1 blockchain to support future BAYC-related efforts ( some believe the tweet and the network congestion that prompted it were deliberate).
That brings its own risks, as Sky Mavis recently demonstrated with its Ronin hack, in which the company lost over $600 million to North Korean hackers.
The question seems to me to be “is anyone actually protecting users?”
Right now, the answer seems to be “people on Twitter,” a good intuition and the rare actual audit. But again, there's no consistency here.
Bringing this back to Gensler and the SEC, the industry’s taken issue with proposals that seem like they would bring decentralized exchanges and other similar projects under the regulator’s purview.
Lots of projects don’t suffer multimillion dollar exploits. But the projects that do tend to get the headlines. And I’m sure that concern is front and center on Gensler’s plate.
There's also a growing movement among some lawmakers and industryparticipants to have the Commodity Futures Trading Commission (CFTC) act as the primary regulator for crypto, but it doesn’t have a consumer protection mandate in the same way the SEC does (the SEC’s mandate is focused on disclosures). Further, waiting for Congress to take some action here will probably take a while.
The SEC is now nearly doubling the size of its crypto enforcement team, opening 20 new roles. There's been some backlash from the crypto world given that these are specifically enforcement roles, rather than roles for individuals who could write guidance letters.