US

United States

Law Over Borders Comparative Guide: Cryptoassets Law Guide

02 Jun 2026
Cryptoassets Law Guide Cryptoassets Law Guide

There is no single definition of “cryptoasset” in the United States. Instead, how a digital asset is defined and regulated depends on its use and how it is marketed and sold. A cryptoasset can be (without limitation) the subject of an investment contract (security), a commodity, a derivative, money, property, a record, a form of service of process, or something else, and can fit within multiple categories under both federal and state law. In the United States one of the greatest challenges for cryptoassets is determining the right legal bucket that defines how it will be treated in law and regulation.

There have been, however, recent efforts to define cryptoassets. In July 2025 the Guiding and Establishing National Innovation for U.S. Stablecoins Act (“GENIUS Act”) became law. The GENIUS Act defines a “digital asset” as “any digital representation of value that is recorded on a cryptographically secured distributed ledger.” In addition, a “payment stablecoin” is defined as a digital asset “that is, or is designed to be, used as a means of payment or settlement and the issuer of which (i) is obligated to convert, redeem or repurchase for a fixed amount of monetary value, not including a digital asset denominated in a fixed amount of monetary value; and (ii) represents that such issuer will maintain, or create the reasonable expectation that it will maintain, a stable value relative to the value of a fixed amount of monetary value” but excludes national currencies, deposits, and securities.

In addition, the United States Securities and Exchange Commission (SEC) recently promulgated guidance classifying cryptoassets under five categories:

  • digital commodities;
  • digital collectibles;
  • digital tools;
  • stablecoins; and
  • digital securities.

The SEC guidance describes a digital commodity as a “crypto asset that is intrinsically linked to and derives its value from the programmatic operation of a crypto system that is ‘functional,’ as well as supply and demand dynamics, rather than from the expectation of profits from the essential managerial efforts of others.” The guidance also describes digital collectibles as assets that do not have intrinsic economic properties or rights, such as generating a passive yield or conveying rights to future income, profits or assets of a business enterprise or other entity, promisor, or obligor. This guidance is merely the opinion of one federal regulator and it is not binding law, but it demonstrates recent attempts to characterize evolving technology.

In addition to the GENIUS Act (described above), relevant laws and regulatory bodies include:

  • Federal securities laws. The Securities Act of 1933, the Securities Exchange Act of 1934, the Investment Companies Act of 1940, and the Investment Advisors Act of 1940. Securities laws on the federal level are generally enforced by the SEC and self-regulatory organizations such as the Financial Industry Regulatory Authority (FINRA) and securities exchanges themselves.
  • Federal commodities and derivatives laws. The Commodities Exchange Act and the Dodd-FrankWall Street Reform and Consumer Protection Act (“Dodd-Frank”). These laws are enforced by the Commodity Futures Trading Commission (CFTC) and the National Futures Association (NFA), a self-regulatory organization with authority delegated by the CFTC.
  • Federal money transmitter laws. The Bank Secrecy Act, which is enforced by the Financial Crimes Enforcement Network (FinCEN), a federal agency within the U.S. Department of the Treasury.
  • Sanctions. Federal sanctions are typically issued by the President of the United States acting through executive orders or legislation passed by the U.S. Congress. Federal sanctions are civilly enforced by the Office of Foreign Assets Control (OFAC) within the U.S. Department of the Treasury, and may be criminally enforced by the U.S. Department of Justice (DOJ). Other agencies, such as the Department of Commerce and the Department of State, may also enforce specific sanctions or export controls in certain instances.
  • Tax. The U.S. tax code, which is enforced by the U.S. Internal Revenue Service, under the Department of the Treasury.
  • Consumer protection. Federal law in this area is enforced by the U.S. Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB).
  • Banking laws. There are multiple banking laws enforced by multiple regulatory agencies. The primary laws include the National Bank Act, the Federal Reserve Act, the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act, and the Dodd-Frank Wall Street Reform and Consumer Protection Act. These laws are enforced by the Federal Reserve Board, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation (FDIC) and FinCEN.
  • State regulators. Nearly all the federal laws and regulations described above have overlapping state law equivalents, many of which may be enforced by state attorneys general.
  • Private litigant. Many of the laws discussed above (federal and state) grant private rights of action to enforce them as well. This means that civil litigants — plaintiffs that have no affiliation with the government — can bring claims for money damages or other relief under some of these laws.

The laws that apply to a cryptoasset depend on how it is offered or sold, how it is used, and the bundle of rights (if any) that are conveyed or travel with it.

For example, if a digital asset is marketed, sold or understood to be an investment it may be regulated as a security under the federal securities laws. The term “security” includes, among other things, “investment contracts” under the Securities Act of 1933, 15 U.S.C. § 77b(a)(1)). An investment contract is a legal classification for an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others (S.E.C. v. W.J. Howey Co., 328 U.S. 293 (U.S. 1946)). If a cryptoasset is offered or sold as a security, its offer and sale must be registered with the SEC unless an exemption applies.

Registering securities with the SEC involves submitting a registration statement, which consists of a prospectus and additional information. The prospectus contains a description of the security to be issued, the issuer’s business, financial information, management, material risks associated with the investment and intended use of the proceeds. As additional information, the issuer may file what it deems necessary for a complete and accurate description of the offering such as legal opinions, material contracts, and consents from experts like its auditors. SEC staff review registration statements before the offering begins to ensure compliance with disclosure requirements and accuracy and completeness of the information provided. As part of the review process the SEC may request additional information from the issuer. Once the SEC resolves any outstanding issues, it declares the registration statement effective, and the issuer can proceed with a public offering. Issuers are subject to post-registration compliance, which includes filing periodic and event-specific reports, and other disclosures designed to give investors full and fair disclosure of what the issuer is doing with the investment proceeds. The sale of securities is also subject to the anti-fraud provisions of the federal securities laws, and other provisions that require disclosure to investors under certain circumstances. Some cryptoassets will be regulated as a “commodity” under the Commodity Exchange Act. A commodity is a good “in which contracts for future delivery are presently or in the future dealt in.” (7 U.S.C. 1a(9).) Regulators including the CFTC and/or the SEC have concluded that Aptos (APT), Avalanche (AVAX), Bitcoin (BTC), Bitcoin Cash (BCH), Cardano (ADA), Chainlink (LINK), Dogecoin (DOGE), Ether (ETH), Hedera (HBAR), Litecoin (LTC), Polkadot (DOT), Shiba Inu (SHIB), Solana (SOL), Stellar (XLM), Tezos (XTZ) and Ripple (XRP) are digital commodities (see SEC Rel. Nos 33-11412, 34-105020).

The CFTC generally has jurisdiction over derivative instruments that are based on commodities where actual delivery of the instrument would not take place within 28 days from the date of the transaction. The CFTC has taken the position that it has authority to enforce the anti-fraud and market manipulation protections of the Commodities Exchange Act, but it does not currently have general jurisdiction over spot transactions in commodities (see U.S. Commodity Futures Trading Comm’n v. Monex Credit Co., 931 F.3d 966, 976 (9th Cir. 2019)).

In addition, a regulatory regime for stablecoins is emerging. The GENIUS Act regulates payment stablecoin issuers: issuers must maintain reserves at a 1:1 ratio in high-quality assets, they must be insured depository institutions or otherwise licensed, they must submit to annual audits and provide monthly disclosures, and they are regulated by, among other parties, the Office of the Comptroller of the Currency (OCC).

Cryptoassets that are sold as securities must either be registered with the SEC or fall within an applicable exemption. Most cryptoassets sold as securities in a compliant fashion have been issued subject to exemptions for accredited investors (i.e., Reg D) or non-U.S. investors (i.e., Reg S). Both Reg D and Reg S allow the offer and sale of securities without registration under the Securities Act. Cryptoassets sold as securities not pursuant to an exemption must be registered subject to the process summarized above.

Purely intrastate issuances can be registered with state securities regulators under state blue sky (securities) laws. Blue sky laws vary from state to state and typically require registration, disclosure, and licensing and prohibit fraud in the purchase and sale of securities.

Securities exchanges and broker/dealers must register with the SEC or FINRA. The registration process for securities exchanges with the SEC involves:

  • The submission of Form 1 (which covers various aspects of the exchange’s structure, operations, and compliance with SEC regulations).
  • SEC review and requests for additional information, as needed.
  • The amendment of Form 1 to address any concerns raised by the SEC.
  • A public comment period, which allows stakeholders, market participants, and the public to provide input on the exchange’s application.
  • The SEC then determines whether to approve the application, and if approved, the exchange receives formal registration.

Once registered, the exchange must comply with ongoing reporting requirements (by, for example, submitting material updates and financial statements). The registration process may take several months to over a year, depending on the complexity of the application, completeness of the documentation submitted to the SEC, any necessary amendments, and the SEC’s workload.

Very few issuers and exchanges have successfully gone through the full registration process with the SEC or the NFA, a self-regulatory organization that oversees the derivatives industry, particularly futures and foreign exchange markets, and works in conjunction with the CFTC. Generally, commodity pool operators (CPOs), commodity trading advisors (CTAs), futures commission merchants (FCMs), introducing brokers (IBs), and other entities involved in commodity futures and options activities are required to register with the NFA. The registration process consists of completing and submitting the required registration forms, which cover the applicant’s business structure, principals, financial condition, and compliance procedures and conducting background checks on principals and associated persons.

The NFA’s Membership Committee reviews the completed application and may at that point grant approval. Once registered, firms and individuals must adhere to ongoing compliance requirements, which include submitting annual reports, financial statements, and other material information.

Generally, the registration process can take between 18 and 24 months, although the exact time frame may vary. Derivatives exchanges must comply with CFTC registration requirements and register with/via the NFA. As an example, the CFTC allows Designated Contract Markets (DCMs) or exchanges to list products for trading without prior CFTC approval by filing a written self-certification with the CFTC (see ‘Listing Products for Trading by Certification,’ 17 CFR Part 40.2).

Yes. Promotions of cryptoassets are regulated under a variety of federal and state laws designed to protect consumers from misleading or unfair practices. Cryptoassets sold as securities are subject to a variety of broad disclosure and anti-fraud requirements under the federal securities laws. The SEC enforces these laws and regulates the sale of securities, but private plaintiffs can bring claims for damages against promoters as well. For example, a promoter of a cryptoasset sold as a security may qualify as a “statutory seller” of that asset if he successfully solicits a purchase of securities and is motivated at least in part by a desire to serve his own financial interest or those of the securities owner. Pinter v. Dahl, 486 U.S. 622 (1988). Most state securities laws, as well as state consumer protection and unfair and deceptive practices laws also contain similar provisions.

Civil plaintiffs have sued promoters under these laws and some federal courts have allowed these claims to proceed. For example, investors in the defunct cryptocurrency exchange FTX sued various celebrities that promoted FTX, such as Thomas Brady, Gisele Bundchen, Stephen Curry, Shohei Ohtani, Naomi Osaka, Kevin O’Leary, Udonis Haslem and the Golden State Warriors. In May 2025 Judge Moore of the Southern District of Florida allowed claims against promoters for unregistered sale of a security under the Florida and Oklahoma Securities Act to proceed to discovery (see In re FTX Cryptocurrency Exch. Collapse Litig., 781 F. Supp.3d 1324 (S.D. Fla. 2025)).

As a matter of regulation, the SEC has warned that any individual promoting a virtual token or coin that is a security “must disclose the nature, scope, and amount of compensation received in exchange for the promotion” (see ‘SEC Statement Urging Caution Around Celebrity backed ICOs’ (November 1, 2017) at www.sec.gov/news/public-statement/statement-potentially-unlawful-promotion-icos). In addition, the FTC has issued guidance on influencer marketing, including the FTC’s Guides Concerning the Use of Endorsements and Testimonials in Advertising (16 C.F.R. §§ 255.0 to 255.5).

The SEC has settled charges against a number of promoters, including professional boxer Floyd Mayweather Jr. and music producer DJ Khaled, each for failing to disclose payments received for promoting investments in Initial Coin Offerings (ICO) (see ‘Two Celebrities Charged with Unlawfully Touting Coin Offerings’ (November 29, 2018) at www.sec.gov/news/press-release/2018-268). Similarly, in 2020, the SEC settled charges against actor Steven Seagal for failing to disclose payments received for promoting an investment in an ICO conducted by Bitcoiin2Gen (B2G). Seagal’s promotions included “posts on his public social media accounts encouraging the public not to ‘miss out’ on [B2G’s] ICO and a press release titled ‘Zen Master Steven Seagal Has Become the Brand Ambassador of Bitcoiin2Gen.’” (See ‘Actor Steven Seagal Charged with Unlawfully Touting Digital Asset Offering’ (February 27, 2020) at www.sec.gov/news/press-release/2020-42.)

Administrators and issuers of cryptoassets are subject to registration and reporting requirements under federal and state money transmitter licensing laws. Specifically, the Bank Secrecy Act contains federal registration requirements that are enforced by FinCEN, a Department of Treasury “Bureau.” Depending on a custodian’s role in the flow of funds, they may be required to register with FinCEN and with state regulators. Federal sanctions compliance is handled by OFAC, which promulgates regulations and requires all financial institutions, including crypto exchanges, platforms and businesses, to refrain from doing business with sanctioned individuals and entities. Failure to comply with applicable federal sanctions laws and regulations can result in serious civil and criminal penalties.

In the United States, the primary anti-money laundering and Know Your Client (AML/KYC) obligations arise from the Bank Secrecy Act (BSA). The BSA applies to, among other things, any “Money Services Business”, which includes entities that provide exchange, transfer, custody, trading, issuance or safekeeping of cryptoassets on behalf of customers. This often includes digital asset exchanges, custodians, OTC desks, payment processors, and companies that issue or manage virtual tokens for users.

A money services business is required to register with FinCEN and comply with the BSA. Obligations under the BSA include:

  • establishing a compliance program with internal policies, procedures and controls to prevent money laundering and counter-terrorist financing (AML/CFT);
  • collecting identifying information and completing due diligence on customers;
  • monitoring questionable transactions and filing suspicious activity reports (SARs) where appropriate;
  • appointing a qualified compliance officer; and
  • retaining records and other related compliance obligations.

In the United States, property law is generally established by each state and there is no unified federal property law that applies to cryptoassets. Accordingly, the legal contours of ownership of cryptoassets as property varies by state.

In recent years, roughly half the states have adopted revisions to Article 12 of the Uniform Commercial Code (UCC) that governs commercial transactions, including transactions in cryptoassets. Model Article 12 of the UCC creates a new term of art designed to include cryptocurrencies and non-fungible tokens (NFTs): a “controllable electronic record” (CER). Revised Article 12 allows a buyer of a cryptoasset CER to take possession of it free and clear of other property rights in the CER. In other words, buyers are protected from third parties who might subsequently claim an interest to the CER similar to a clean title in real estate. A “qualifying purchaser” of a CER is defined as a purchaser that obtains control of a CER for value, in good faith and without notice of a claim of a property right in the CER. “Control” requires one to have:

  • the power to avail itself of substantially all the benefit from the CER;
  • the exclusive power to prevent others from availing themselves of substantially all the benefit of the CER;
  • the exclusive power to transfer control of the CER; and
  • the ability to readily identify itself (by name, number, cryptographic key, account number or otherwise) as the person having these powers.

For the states that have not adopted Article 12 different rules regarding the rights, owners and qualified purchasers of cryptoassets will apply.

There is no registration regime for DAOs on the federal level. Certain states, however, have passed laws that allow for the registration of a DAO as a type of business organization. For example, Wyo. Stat. § 17-31-101 et seq. provides for the creation of a DAO that is a limited liability company, and 17-32-101 et seq. provides for the creation of a Decentralized Unincorporated Nonprofit Association (DUNA). In addition, Tennessee created a framework for registering decentralized organizations (Tenn. Code § 48-250-101 et seq.); and Vermont allows registration as a blockchain-based limited liability company (BBLLC) (11 V.S.A. § 4171 et seq.).

One significant risk for members of unincorporated DAOs is that the DAO may be treated as a general partnership, and members of the DAO may be treated as general partners. In many states, general partners of a general partnership face joint and several liability on a personal level for the liabilities of the DAO. A DAO that is operating in nuanced areas of securities, tax, consumer protection, contract or intellectual property law can create issues for its members. For example, on November 18, 2024, Judge Chhabria of the Northern District of California ruled that the Lido DAO can be sued under California law as a general partnership; its institutional investors can be sued as general partners; and the Lido DAO and its partners can be sued for the offer or sale of a Lido DAO (LDO), an alleged unregistered security under the federal securities laws (see Samuels v. Lido DAO, 757 F. Supp.3d 951 (N.D. Cal. 2024)). This ruling, and similar subsequent rulings, should be studied by potential participants of a DAO to ensure the risks of the DAO’s conduct are fully understood.

Most bankruptcies in the United States (including bankruptcies of well-known cryptoasset companies) proceed in federal bankruptcy court, with exceptions for certain regulated entities. At present the U.S. Bankruptcy Code does not have any provisions specific to cryptoassets. However, the GENIUS Act, which likely will become effective in 2026, amends 11 U.S.C. § 507 to grant stablecoin holders higher priority in the event of a bankruptcy of a payment stablecoin issuer. This is likely a response to the result in In re Celsius Network LLC, et al., where the court held that “cryptocurrency assets remaining in the Earn Accounts on the Petition Date became property of the Debtors’ bankruptcy estates.” (See In re Celsius Network LLC, 647 B.R. 631, 637 (Bankr. S.D.N.Y. 2023).)

As a general rule, while cryptoassets present some novelty, the bankruptcy process applies the U.S. Bankruptcy Code and applicable case law to their treatment and disposition in the bankruptcy process. How customer funds are treated in bankruptcy will depend on how they are described or treated in terms of service. Courts may need to classify cryptoassets because different types of assets (securities, commodities or stablecoins) are treated differently in bankruptcy proceedings. Lastly, valuation methods for cryptocurrencies can be complex, and courts may face challenges as they try to assess market value.

“Smart contracts” are, as a general rule, neither smart nor contracts. The term is a misnomer. They are software scripts. That said, it is of course possible to include a contract within a so-called smart contract. For instance, a “token” is a technical software artifact that exists on a distributed database; to turn this code into a legally binding contract, the parties should sign a paper and ink contract outside of an offering on the blockchain. But it is important to note that, standing alone, a smart contract may not be a contract and therefore may not be enforceable under contract law. Legal treatment of “smart contracts” at the federal level falls under general contract law principles. Some states, however, have passed laws to clarify the legal effect of records, agreements and transactions maintained on a blockchain (see, for example, Ariz. Rev. Stat. § 44-7061; Ark. Code Ann. § 25-32-122; 8 DE Code § 224; Idaho Code § 28-5303; 205 Ill. Comp. Stat. 730/5, 730/10; Iowa Code § 554.14101 et seq.; Kansas HB2039; Ky. Rev. Stat. §139.516 et seq.; Maryland SB 136; Nevada SB 162 and 163 and Nev. Rev. Stat. §§ 719.045, 719.090, 719.145 (2021); N.D. Cent. Code § 9-16-19; Ohio Rev Code § 1306.01(G); 12A O.S. 2011, Section 15-102 (Okla.); SD Cod. L § 53-12-1 Tenn. Code. § 47-10-201, 47-10-202; TX Bus. Org. Code 1.002.20-a; 12 VT Stat. § 1913; § 19 RCW (WA); and Wyo. Stat. § 17-16-140, -141, and 142).

Victims of “crypto fraud” have all the legal and equitable remedies available to victims of any other type of fraud. Complaints may be filed with the relevant government and consumer protection agencies. It is possible to receive pre-judgment injunctive relief, freezing assets prior to a final judgment. Courts may require that a bond be posted and will, as a general rule, not agree to transfer funds before a final judgment has been entered.

Another growing area of recovery for victims of crypto fraud is forfeiture actions brought by federal or state authorities. Under federal law, the U.S. Department of Justice (DOJ) may seek criminal forfeiture over assets held by convicted criminals, and may also seek civil forfeiture over property used in or that is the proceeds of federal crimes. If the DOJ wins forfeiture over cryptoassets it may return the assets to victims as part of its remission process (see 28 C.F.R. § 9.8). The DOJ has brought numerous forfeiture actions over cryptoassets in recent years, including for example United States of America v. Approximately 225,364,961 USDT, 25-cv-1907 (D.D.C. 2018), which seeks to recover more than USD 225 million worth of tether that was allegedly stolen in cryptoasset fraud schemes. In addition, individuals who hold ownership interests in assets that are subject to forfeiture can file a claim for the assets and seek to recover the asset directly in the forfeiture action.

In addition to available legal recourse, the victim of a crypto fraud can take practical steps such as reporting the incident to the security team of the exchange or platform where the fraud took place. Blockchain/DLT experts may be able to track and identify relevant transactions involved in the fraud. Also, changing passwords and enabling two-factor authentication may prevent further unauthorized access to the account at stake.

Specialist tax advice should be obtained.

Cryptoasset platforms are subject to the same state and federal data privacy and cybersecurity obligations as any other U.S. business.

The SEC recently issued guidance on the application of the federal securities laws to protocol mining, protocol staking, wrapping, and airdrops. This guidance is not binding on judges, and it is revokable by the SEC — nevertheless it may be persuasive in certain circumstances.

The SEC’s guidance states that certain activities falling within their definition of protocol mining and protocol staking do not involve the offer and sale of a security within the meaning of Section 2 of the Securities Act and Section 3 of the Exchange Act, and therefore participants in such activities do not need to register their mining or staking transactions. Similarly, under certain specified definitions and descriptions set forth within, the SEC guidance states that the offer or sale of a “Redeemable Wrapped Token” and the airdrop of a non-security cryptoasset do not involve the offer or sale of a security under the federal securities laws. In addition, for purposes of the SEC’s guidance, a crypto system is deemed “decentralized” if “the crypto system functions and operates autonomously with no person, entity, or group of persons or entities having operational, economic or voting control of the crypto system.” The SEC may interpret the federal securities laws based on these descriptions and positions for the remainder of the Trump Administration, but they are not binding on the SEC under future administrations, and other courts, regulators and counter-parties may interpret the facts and circumstances differently.

The most significant legislation pending before Congress is the Digital Asset Market Clarity Act of 2025 (CLARITY Act). The U.S. House of Representatives passed this bill in July 2025, but the U.S. Senate has not, and as of this writing the Senate Banking Committee is still debating its text.

There are numerous issues that the CLARITY Act, if it is passed, may address.

  • It may classify digital assets as securities (subject to SEC jurisdiction), digital commodities (subject to CFTC jurisdiction) and stablecoins, which would be regulated separately. Drafts of the bill contemplate defining a security based on clearer terms and more of a bright-line rule than the Howey test and current precedent.
  • It may expand CFTC jurisdiction to include spot and cash markets for digital commodities. The CFTC currently has only anti-fraud and anti-manipulation authority over commodity spot markets, and the contemplated expansion would require digital commodity exchanges, brokers and dealers to register with the CFTC.
  • It may codify protections for decentralized protocols (and their founders or executives) that do not have custody or control customer funds. At the same time, it may modify registration and regulatory standards for centralized intermediaries that control customer funds.
  • It may create a new framework for digital asset companies to raise capital. The current disclosure regime under the federal securities laws was not written with digital assets in mind, and the CLARIFY Act may modify the rules to require disclosures that are better suited for digital asset securities and related projects.
  • It may clarify whether crypto exchanges and platforms can pay interest to customers that hold stablecoins on their platforms. The banking and digital asset industries have expressed different views about this issue. As of this writing, a compromise on this issue has not yet emerged.