Founders are personally liable because the SEC and CFTC target individuals, not just code. The Howey Test applies to the actions of promoters, making pre-launch marketing and token distribution the primary legal risk.
crypto-regulation-global-landscape-and-trends
Blog
Why Protocol Founders Face Personal Liability for Securities Violations
The SEC's enforcement strategy deliberately targets founders and promoters, not just entities. This analysis breaks down the legal doctrine, recent case law, and practical steps for builders to shield themselves.
introduction
THE LIABILITY
Introduction
Protocol founders are personally liable for securities violations because decentralization is a legal defense, not a product feature.
Decentralization is a spectrum measured by the Hinman Factors, not GitHub commits. Projects like Uniswap and Bitcoin achieve a defensible status; most others, including early-stage L2s like Arbitrum, operate in a regulatory gray area.
The legal shield is procedural, not technical. The SEC's case against Ripple established that programmatic sales to secondary markets are not securities transactions, but direct sales to VCs and insiders are. This precedent is critical for fundraising strategy.
Evidence: The SEC's 2023 case against Terraform Labs resulted in a $4.5 billion settlement, with founder Do Kwon facing extradition. This demonstrates that corporate structure offers limited protection against personal liability for securities fraud.
key-insights
THE PERSONAL RISK FRONTIER
Executive Summary
The SEC's enforcement actions against protocol founders establish a new, non-negotiable reality: building in public is not a shield from personal liability.
01
The Howey Test is a Blunt Instrument
The SEC applies the Howey Test to token distributions, focusing on the expectation of profit from the efforts of others. Founders' public statements, roadmap promises, and treasury management are all scrutinized as 'efforts of a common enterprise'. This turns decentralized marketing into admissible evidence.
100%
Of Cases Cite X/TG
3-Part
Test for Liability
02
The 'Sufficient Decentralization' Mirage
There is no bright-line legal test for when a protocol becomes 'sufficiently decentralized' to negate securities status. The SEC argues control persists via foundation treasuries, governance influence, and ongoing development. Early-stage founders are de facto liable until an undefined, distant future state is achieved.
$2B+
In Fines (2023)
0
Clear Legal Precedents
03
The Airdrop & ICO Trap
Free token distributions (airdrops) and initial sales are treated identically by regulators if they create a broad, profit-seeking user base. The act of creating a liquid secondary market is itself seen as facilitating an investment contract. Retail distribution is the trigger, not the payment mechanism.
Major
SEC Enforcement Vector
Uniswap, dYdX
Case Studies
04
Personal Liability is Non-Dischargeable
Fines, disgorgement, and bans imposed by the SEC (e.g., $150M+ from Ripple executives) are personal debts. They are not covered by corporate entities or foundations and are extremely difficult to discharge in bankruptcy. This risk extends beyond the company to CEOs, CTOs, and key promoters.
Lifetime
Ban Risk
Personal
Asset Seizure
05
The Solution: Protocol-Controlled Liquidity
Mitigate risk by eliminating founder-controlled initial distribution. Bootstrapping liquidity through bonding curves, LP rewards, and fee accrual directs value to the protocol itself. The founder's role shifts from promoter to irrelevant bystander in the asset's market dynamics.
0%
Founder Allocation
Protocol-Owned
Treasury
06
The Solution: Functional Utility at T=0
Launch with immediate, non-speculative utility that does not require future development. Think gas token, staking for security, or governance for a live product. This argues against the 'expectation of profit' prong of Howey by making the token a consumptive tool, not an investment.
T=0
Utility Launch
Ethereum, Filecoin
Precedent
thesis-statement
THE LEGAL REALITY
The Core Argument: Control Equals Liability
The SEC's Howey Test collapses when a founder's centralized control over a token's ecosystem makes it a security, regardless of technical decentralization claims.
Founder Control is the Trigger. The SEC's enforcement against Ripple, Solana, and Terraform Labs pivots on a single point: the founding team's continued control over the protocol's development, marketing, and economic utility. This centralized managerial effort creates a reasonable expectation of profits for token holders.
Decentralization is a Legal Defense, Not a Feature. Projects like Ethereum and Bitcoin are considered sufficiently decentralized because no single entity controls their roadmap. In contrast, a founder-controlled DAO voting on Uniswap upgrades or an L2 like Arbitrum managed by Offchain Labs retains the legal hallmarks of a common enterprise.
The Treasury is a Liability Vector. A protocol treasury, like those managed by Compound Grants or Aave's DAO, funds development that directly impacts token value. This is a textbook managerial effort under Howey. The SEC views treasury deployment as evidence of an ongoing investment contract.
Evidence: The Ripple Ruling. The court distinguished Ripple's institutional sales (securities) from secondary market trades, highlighting that direct sales to investors based on the company's efforts were the violation. This precedent directly implicates any founder-led token sale or ecosystem fundraise.
PERSONAL LIABILITY MATRIX
SEC Enforcement: A Pattern of Personal Targeting
Comparison of SEC enforcement actions against protocol founders, highlighting the legal theories used to establish personal liability for securities violations.
| Enforcement Vector | Uniswap Labs (Wells Notice) | Coinbase (Executives Charged) | Ripple (Executives Charged) |
|---|---|---|---|
Primary Allegation | Unregistered securities exchange & broker | Unregistered securities exchange, broker, & clearing agency | Unregistered securities offering (XRP) |
Personal Liability Theory | Control Person Liability (Sec. 20(a)) & Aiding/Abetting | Control Person Liability (Sec. 20(a)) | Substantial Participation in Offering |
Targeted Individuals | CEO, key executives (via Wells Notice) | CEO & former Chief Legal Officer | CEO & Executive Chairman |
Settlement vs. Litigation | Pre-litigation (Wells Notice stage) | Ongoing litigation | Settled (Executives dismissed, Corp ongoing) |
Key Evidence Cited | Protocol design, marketing, founder statements | Corporate control, public statements, operational role | Promotional campaigns, social media, sales contracts |
Monetary Penalty Sought | Not yet specified | Civil monetary penalties & injunctions | $0 (Executives), $10M disgorgement (Ripple Corp) |
Howey Test Applied To | Protocol's trading function & liquidity pools | Platform's staking service & listed assets | XRP token & institutional sales |
Founder Defense Strategy | Decentralization, code is not a security | Major Questions Doctrine, lack of fair notice | XRP is a currency, not an investment contract |
deep-dive
THE FOUNDER TRAP
The Legal Mechanics of Personal Liability
Protocol founders are personally liable for securities violations because the law pierces the corporate veil to target the individuals who orchestrate the offering.
The Howey Test is personal. The SEC's analysis of an investment contract focuses on the actions and promises of the promoters. Founders who conduct public token sales, publish roadmaps, and make statements about future utility are the direct architects of the alleged security. The corporate entity is a secondary consideration.
Control equals liability. The legal doctrine of 'control person liability' under Section 15 of the Securities Act makes individuals who control a violator equally liable. In a DAO or foundation context, founders who hold governance power or make key decisions are de facto control persons, exposing them to personal fines and injunctions.
Piercing the corporate veil. Courts disregard corporate formalities when they are a facade for fraud or when the corporation is an alter ego of its founders. The SEC argued this successfully against Kik Interactive, demonstrating that token sale funds commingled with corporate operations erased legal separation.
Evidence: The Ripple Labs precedent. The SEC's 2020 lawsuit named Ripple's CEO Brad Garlinghouse and co-founder Chris Larsen as individual defendants for allegedly aiding and abetting the company's violations. This established the blueprint for targeting executives directly, regardless of the corporate structure.
risk-analysis
SEC ENFORCEMENT REALITIES
The Slippery Slope: How Founders Incur Liability
Decentralization is a legal shield, but founders often build the very on-ramps that make them targets.
01
The Howey Test Isn't About Code
The SEC's Howey Test focuses on economic reality, not technical architecture. A founder's marketing, roadmap promises, and token distribution create an 'investment contract' regardless of DAO governance.
- Key Risk: Promising future utility or profits in blog posts, AMAs, or whitepapers.
- Precedent: Ripple (XRP) case established that institutional sales are securities; retail sales on exchanges are not, creating a dangerous gray area.
4-Part
Legal Test
70%+
Of Cases Lost
02
The Founder's Trap: Centralized On-Ramps
Founders retain control of multi-sig wallets, treasury management, and developer grants long after 'launch'. This ongoing, essential managerial effort is a textbook hallmark of a common enterprise under Howey.
- Key Risk: Controlling >15% of token supply for 'ecosystem development'.
- Evidence: Uniswap (UNI) and Aave avoided action by limiting founder control and avoiding profit promises, while LBRY lost by controlling supply and marketing future success.
>15%
Supply Control Risk
24/7
Managerial Role
03
The Airdrop Paradox
Free token distributions are not a 'get-out-of-jail-free' card. The SEC views airdrops to bootstrap a network as part of a broader scheme to create a liquid secondary market, fulfilling the 'expectation of profit' prong.
- Key Risk: Airdropping to users of a centralized precursor product (e.g., Coinbase for Ethereum ICO era).
- Tactic: ENS used a claim process tied to verifiable, past utility (domain ownership), creating a stronger defense than a pure speculative drop.
$100M+
Potential Penalty
0 Cost ≠0 Liability
Legal Reality
04
The SAFT Is a Liability, Not a Shield
The Simple Agreement for Future Tokens was a popular 2017-era hack that now backfires. It is an explicit, written admission of a securities sale to accredited investors. The SEC uses it as prime evidence that the entire token is a security.
- Key Risk: Creating a paper trail that defines the token as an investment at inception.
- Result: Projects like Filecoin and Dfinity that used SAFTs operate under perpetual regulatory cloud, limiting US exchange listings.
2017-2018
Era of Risk
Exhibit A
For SEC
05
Marketing as a Weaponized Artifact
Every tweet, Discord message, and blog post is discoverable. Founders who hype 'number go up' technology, partnerships, or 'moonshot' potential are writing the SEC's complaint for them. Decentralization theater fails when marketing is centralized.
- Key Risk: Community managers and 'anonymous' founders are still traceable and liable.
- Defense: Bitcoin and Ethereum achieved 'sufficient decentralization' where no single party's efforts are essential, a status nearly impossible for new L1s to claim.
100%
Of Comms Scraped
Irreversible
On-Chain
06
The Operational Control Death Spiral
Founders who act as de facto CEOs—hiring core devs, negotiating CEX listings, directing grant funds—are performing the essential managerial efforts that define a security. True decentralization requires irreversible abdication of control, which most teams are structurally and financially unable to do.
- Key Risk: Foundation-controlled treasury paying for ongoing development.
- Solution Path: Progressive Decentralization models, as advocated by a16z Crypto, with clear, verifiable milestones to transfer ownership, but this is a multi-year legal tightrope.
3-5 Years
Decentralization Timeline
High Failure Rate
Of True Abdication
FREQUENTLY ASKED QUESTIONS
Founder FAQ: Navigating the Gray Areas
Common questions about why protocol founders face personal liability for securities violations.
Founders are liable because courts often pierce the corporate veil of a DAO, viewing them as the active promoters. If you personally marketed the token with promises of profit, like in the cases against Ripple or Terraform Labs, you are the target. The SEC focuses on the individual's actions, not the decentralized entity's structure.
takeaways
STRUCTURAL LIABILITY
Actionable Takeaways for Protocol Architects
The SEC's enforcement actions against LBRY and Ripple establish that protocol founders are personally liable for securities violations, regardless of decentralization claims.
01
The Howey Test Is a Trap for Active Founders
The SEC's primary weapon. Your actions post-launch create an 'investment contract' if investors expect profits from your managerial efforts. Key triggers:\n- Promotional statements about token utility or roadmap.\n- Controlling treasury or grant distributions.\n- Active development and governance proposals.
100%
Of SEC Cases
LBRY, Ripple
Precedents
02
Decentralization is a Defense, Not a Launch State
True decentralization is a legal shield, but the bar is impossibly high at launch. The SEC argues initial distribution is the violation. Your path:\n- Document a credible, timed path to relinquish control (e.g., Uniswap's UNI airdrop).\n- Use a foundation or DAO with enforceable bylaws from day one.\n- Avoid pre-sales and VC rounds that anchor price expectations to your work.
>2 Years
Runway Needed
Bitcoin, Ethereum
Legal Models
03
The SAFT is Structurally Flawed
The Simple Agreement for Future Tokens creates a securities record for the SEC. It legally segregates the investment (the SAFT, a security) from the consumable asset (the token), but the SEC views the entire scheme as one continuous offering.\n- Post-SAFT token sales are seen as part of the original illegal offering.\n- Investor communication about the network can taint the entire token as a security.
Telegram
Case Study
$1.2B+
SEC Settlement
04
Operationalize the 'Consumptive Use' Argument
The Ripple ruling created a narrow safe harbor: sales to sophisticated entities for immediate utility (e.g., ODL customers) are not securities. Architect for this:\n- Build protocol revenue/fee mechanics first, token integration second.\n- Create documented, arm's-length contracts with enterprise users.\n- Isolate the utility token sale mechanism from general exchange listings.
Ripple ODL
Legal Precedent
Programmatic Sales
Key Distinction
05
Personal Asset Segregation is Non-Negotiable
Piercing the corporate veil is trivial for the SEC when funds are commingled. Founders are personally liable for disgorgement of all proceeds from token sales deemed illegal.\n- Use a separate legal entity (e.g., foundation in a favorable jurisdiction).\n- Never mix token sale proceeds with personal or operational accounts.\n- Document all expenditures as legitimate business expenses for network development.
$22M
LBRY Penalty
Personal
Liability
06
Pre-Launch Legal Architecture: Cayman Foundation + Swiss Association
The emerging playbook for high-stakes protocols. This creates jurisdictional arbitrage and structural decentralization.\n- Cayman Foundation: Holds IP and treasury, governed by token holders.\n- Swiss Association: Handles operations, employs devs, provides legal personhood in a pro-innovation jurisdiction.\n- Clear, public constitution that limits founder control and defines sunset clauses.
Solana, Avalanche
Adopters
Zug, Crypto Valley
Jurisdiction
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall