Composability creates systemic risk. The modular stack—relying on EigenLayer for restaking, Celestia for DA, and Arbitrum for execution—means a failure in any dependency cascades through the ecosystem.
the-sec-vs-crypto-legal-battles-analysis
Blog
Why 'Efforts of Others' Is the Achilles' Heel of Crypto Projects
A technical breakdown of how the SEC weaponizes 'efforts of others'—active development, marketing, treasury management—to classify tokens as securities under the Howey Test. Analysis of cases against Solana, Cardano, and Ripple.
introduction
THE DEPENDENCY TRAP
Introduction
Crypto's core value proposition of composability creates a systemic vulnerability where a project's success is outsourced to the reliability of external protocols.
Security is not transitive. A dApp's security budget is dictated by its weakest link, often a bridge like Across or LayerZero, not its own smart contract audit.
Execution is not guaranteed. Projects using intents via UniswapX or CowSwap delegate transaction success to solver networks, introducing new points of centralized failure.
Evidence: The 2022 Wormhole bridge hack ($325M) and frequent Solana validator outages demonstrate that infrastructure failures are existential, not operational.
thesis-statement
THE ARCHITECTURAL TRAP
The Core Argument: Development = Dependence
Crypto's reliance on external development creates systemic fragility that undermines decentralization and sovereignty.
Development creates hard dependencies. Every project that integrates a third-party bridge like Across or Stargate or an oracle like Chainlink inherits its security model and liveness assumptions. This outsources a critical failure point, making your protocol's uptime contingent on another team's operational integrity.
The 'Efforts of Others' is a legal and technical liability. The Howey Test's central prong defines an investment contract based on profits derived from the managerial efforts of others. Heavy reliance on external infrastructure like The Graph for indexing or LayerZero for messaging makes this argument easier for regulators to apply, jeopardizing the entire project's legal status.
Modularity trades sovereignty for scalability. Choosing a rollup stack like OP Stack or Arbitrum Orbit delegates sequencing and proving to external networks. This creates vulnerability to base-layer governance, where a decision by Optimism's Security Council or EigenLayer's operators can fundamentally alter your chain's execution environment without your consent.
Evidence: The 2022 Wormhole bridge hack resulted in a $320M loss, not for Wormhole's team, but for the dozens of protocols and thousands of users whose assets and operations depended on its security. The failure of a single dependency cascaded across the ecosystem.
market-context
THE LEGAL VULNERABILITY
The Enforcement Landscape: A Pattern Emerges
The 'efforts of others' legal doctrine is the primary vector for regulatory enforcement against decentralized protocols.
The Howey Test's 'Efforts of Others' defines an investment contract. The SEC's enforcement strategy against projects like LBRY and Ripple pivots on proving that a core, identifiable team drives essential managerial efforts for token value. This legal framework treats decentralization as a spectrum, not a binary state.
Protocols are not immune. A court examines the 'essential managerial efforts' post-launch. If a foundation like Uniswap's or Compound's controls governance, treasury, or critical upgrades, the token remains a security. True decentralization requires ceding all control, a state few projects achieve.
The enforcement pattern is clear. The SEC targets projects where developer activity and roadmap execution are centralized. This creates a paradox: building a functional protocol requires centralized effort, but that same effort creates legal liability. The 'sufficient decentralization' defense remains legally untested and perilous.
case-study
THE LEGAL VULNERABILITY
Case Studies: The SEC's 'Efforts of Others' Evidence
The SEC's 'Howey Test' hinges on an 'expectation of profits derived from the efforts of others.' These case studies show how active development and marketing by core teams become legal evidence.
01
The Ripple Precedent: Centralized Marketing & Ecosystem Funds
The SEC's case against Ripple Labs highlighted the company's active efforts to promote XRP's value. This created a clear 'efforts of others' expectation for token holders.\n- Key Evidence: Ripple's $500M+ XRP ecosystem fund to incentivize developers and partners.\n- Key Evidence: Direct marketing campaigns and paid listings on major exchanges, framing XRP as an investment.
$500M+
Ecosystem Fund
Core Team
Active Promotion
02
The LBRY Ruling: Token Utility Is Not a Shield
LBRY argued its LBC token was a utility token for accessing a decentralized video platform. The court ruled that the promotional efforts of the LBRY company were central to creating investment value.\n- Key Evidence: Public statements by the CEO forecasting token price appreciation.\n- Key Evidence: The company's control over the token supply and its ongoing development of the core protocol.
CEO Statements
Price Forecasts
Protocol Dev
Centralized Control
03
The Telegram 'Gram' Token: Pre-Functional Promises
The SEC halted Telegram's $1.7B token sale for its TON blockchain. The 'efforts of others' was established before the network even launched. Investors relied entirely on Telegram's future development.\n- Key Evidence: Sale of future rights to tokens on a non-existent network.\n- Key Evidence: Marketing materials promising a revolutionary platform built and maintained by Telegram's team.
$1.7B
Pre-Launch Raise
0% Live
Network at Sale
04
The DAO Report: Code Is Not a Neutral Actor
The seminal 2017 DAO Report established that even decentralized-looking projects can fail the Howey Test if a centralized group curates the code and promotes the venture.\n- Key Evidence: Slock.it's active solicitation of investors and management of the DAO's creation.\n- Key Evidence: Investors relied on Slock.it's expertise to build and maintain the smart contract system.
Slock.it
Active Curator
2017
Blueprint Set
05
The Modern Airdrop Trap: Post-Drop Development
Projects like Uniswap and Aave conducted 'fair' airdrops but remain legally exposed. The SEC argues token value is still tied to the ongoing, essential efforts of the core development companies.\n- Key Evidence: Uniswap Labs' continuous protocol upgrades (e.g., V4) and business development (UniswapX).\n- Key Evidence: Aave Companies' development of new markets and safety modules, which directly impact token utility and value.
Uniswap Labs
Core Dev
Protocol Upgrades
Ongoing Efforts
06
The Solution Path: True Protocol Neutrality
To mitigate this risk, projects must architect for credible neutrality where token value is not dependent on a specific entity's efforts. This is a high-bar engineering and legal challenge.\n- Key Tactic: Fully on-chain, immutable governance that removes core team upgrade keys.\n- Key Tactic: Minimal, forkable client diversity and a public goods funding model (e.g., retroactive funding) that severs the link between token price and a single dev shop.
Immutable Gov
No Upgrade Key
Forkable Stack
Client Diversity
THE HOWEY TEST'S THIRD PRONG
SEC Enforcement Matrix: How 'Efforts' Are Catalogued
This table deconstructs how the SEC's 'Efforts of Others' prong is applied to crypto projects, mapping specific operational features to enforcement risk.
| Critical Operational Feature | High-Risk (Likely a Security) | Mitigated Risk (Grey Area) | Low-Risk (Likely Not a Security) |
|---|---|---|---|
Core Development & Roadmap | Centralized team controls 100% of upgrades (e.g., pre-decentralized XRP, pre-2023 Solana) | Foundation proposes, but token holders vote (e.g., Uniswap, Arbitrum DAO) | Protocol upgrades are permissionless & forkable (e.g., Ethereum, Bitcoin) |
Profit Distribution Mechanism | Explicit promise of returns via buybacks/burns (e.g., alleged in SEC vs. Terraform) | Fee switch controlled by DAO, not guaranteed (e.g., potential Lido DAO) | No protocol-level profit distribution to token holders |
Marketing & Promotional Activities | Active promotion by founding team tying token price to ecosystem success | Foundation-funded grants for ecosystem growth, not token price | Purely organic, community-led growth and promotion |
Node/Validator Control | Founders pre-approve all validators (e.g., alleged in SEC vs. Binance BNB) | Permissioned entry with progressive decentralization roadmap | Fully permissionless validation (e.g., >200k Ethereum validators) |
Initial Capital Formation | Token sale funds directly fund company operations & development | Token sale funds locked in community treasury via vesting | No pre-mine or foundational treasury; fair launch |
On-Chain Governance Power | Token voting controls core protocol parameters & treasury | Token voting limited to non-financial parameters (e.g., Curve gauge weights) | No formal token-based governance; social consensus only |
Post-Launch Managerial Role | Active, essential managerial efforts by founding entity (SEC vs. Coinbase case) | Diminishing role with clear path to obsolescence | Founders have no special technical control or access |
deep-dive
THE INCENTIVE MISMATCH
The Slippery Slope: From Builder to Promoter
Crypto's reliance on external protocols creates a fundamental misalignment where project success depends on the execution of third parties.
Success is outsourced. A protocol's core function often depends on the security and liveness of external infrastructure like The Graph for indexing or Chainlink for oracles. A failure in these systems is a failure of the dependent dApp, regardless of its own code quality.
Incentives become promotional. To mitigate this risk, teams must actively lobby infrastructure providers for support, shifting focus from engineering to business development and marketing. This creates a system where technical merit is secondary to deal-making.
The L2 example is definitive. An Optimism or Arbitrum rollup is only as secure as its chosen data availability layer, be it Ethereum, Celestia, or a DAC. The builder's technical choices are ultimately a bet on another team's operational rigor and economic security.
Evidence: The oracle problem. The 2022 Mango Markets exploit was a $114M failure of price feed manipulation, not a bug in Mango's core logic. It demonstrated that a project's survival hinges on the vigilance of its oracle provider.
counter-argument
THE INCENTIVE MISMATCH
Counter-Argument: 'But We're Decentralized!'
Decentralization is a governance ideal, not a substitute for a sustainable economic engine.
Decentralization is not monetization. A DAO with 10,000 token holders still requires capital for infrastructure, audits, and development. The protocol treasury is the only real balance sheet, and its depletion is a terminal event.
Token incentives create mercenary capital. Projects like early SushiSwap or OlympusDAO prove liquidity flees when emission rewards stop. Sustainable fees from real usage, like Uniswap's swap fee switch debate, are the exception.
The 'public good' trap misallocates resources. Building core infrastructure like The Graph or an L2 sequencer assumes perpetual altruism. This model fails when competing chains like Solana or Avalanche offer direct, venture-backed funding to builders.
Evidence: Analyze any top-100 DeFi protocol. The ones with fee accrual to token holders (e.g., MakerDAO, Aave) persist. Those reliant on inflationary token emissions to fund operations consistently bleed value.
takeaways
THE COORDINATION TRAP
TL;DR for Builders and Investors
Crypto's core promise of composability is undermined by the 'Efforts of Others' problem, where a project's security and success become a function of external, unaligned dependencies.
01
The Bridge Oracle Dilemma
Cross-chain protocols like LayerZero and Axelar rely on external oracles and relayers. A bridge is only as secure as its weakest linked chain's validator set.\n- Risk: A single chain's 51% attack can drain a $1B+ bridge.\n- Solution: Move to light-client-based verification (e.g., IBC) or intent-based routing (Across, UniswapX).
$2.5B+
Bridge Hacks (2024)
>70%
Rely on Oracles
02
L2 Sequencer Centralization
Optimism, Arbitrum, and other rollups depend on a single sequencer for transaction ordering and liveness. This is a single point of failure.\n- Risk: Sequencer downtime halts withdrawals, creating a ~7-day forced exit delay.\n- Solution: Adopt shared sequencer networks (Espresso, Astria) or based sequencing (native to L1).
~100%
Centralized Control
~12 secs
Downtime Impact
03
Stablecoin Governance Capture
DAI and USDC are de facto infrastructure, but their stability depends on centralized entities (Circle) or MakerDAO governance, which can be politically attacked.\n- Risk: Governance attack or regulatory seizure can freeze $30B+ in DeFi collateral.\n- Solution: Build with Exclusively overcollateralized or algorithmic stablecoins (LUSD, GHO) or use native yield-bearing assets.
$130B+
TVL at Risk
1 Council
Can Halt USDC
04
MEV Supply Chain Reliance
Builders assume a fair and efficient mempool. In reality, ~90% of Ethereum blocks are built by 3-4 entities. Your user's transaction is at the mercy of this opaque supply chain.\n- Risk: Censorship, front-running, and extractive value capture destroy UX.\n- Solution: Integrate private RPCs (Flashbots Protect), use SUAVE-like protocols, or build on chains with native MEV mitigation.
~90%
Builder Centralization
$700M+
MEV Extracted (2023)
05
The Liquid Staking Monoculture
Ethereum's security now depends on Lido's ~30% staking share. A bug or governance failure in Lido threatens the entire chain's liveness.\n- Risk: Systemic contagion if the dominant LST de-pegs or is slashed.\n- Solution: Enforce strict staking limits (DVT), diversify integrations across Rocket Pool, StakeWise, and encourage native restaking.
~30%
Lido Dominance
$40B+
TVL in LSTs
06
DeFi Lego Dependency Risk
Aave or Compound's interest rates depend on Chainlink oracles. A Uniswap pool's liquidity depends on LP incentives. This creates fragile, recursive dependencies.\n- Risk: Oracle failure or incentive misalignment triggers a cascading liquidation spiral (see Iron Bank, 2023).\n- Solution: Design for graceful degradation, use multiple oracle feeds, and audit dependency trees rigorously.
>100
Major DeFi Protocols
~5
Core Oracle Feeds
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall