On November 8, the Securities and Exchange Commission (“SEC”) imposed a cease-and-desist order against Zachary Coburn for causing his former company, EtherDelta, to operate as an unregistered securities exchange in violation of Section 5 of the Securities Exchange Act of 1934 (“Exchange Act”).  Notably, EtherDelta, a trading platform specializing in digital assets known as Ether and ERC20 tokens,[1] was not operated like a traditional exchange with centralized operations, as there was no ongoing, active management of the platform’s order taking and execution functions. Instead, EtherDelta was “decentralized,” in that it connected buyers and sellers through a pre-established smart contract protocol upon which all operational decisions were carried out.

In the SEC’s view, EtherDelta met Exchange Act Rule 3b-16(a)’s definition of an exchange notwithstanding the lack of ongoing centralized management of order taking and execution.  Robert Cohen, the Chief of the SEC’s Cyber Unit within the Division of Enforcement stated after the order’s release, “The focus is not on the label you put on something . . . The focus is on the function . . . whether it’s decentralized or not, whether it’s on a smart contract or not, what matters is it’s an exchange.” This functional approach echoes prior SEC guidance and enforcement actions in the digital asset securities markets in emphasizing that the Commission will look to the substance and not the form of a market participants’ operations in evaluating their effective compliance with U.S. securities laws.


Under Section 5 of the Exchange Act, no broker-dealer or “exchange”[2] may directly or indirectly operate in interstate commerce to use the facility of an exchange to “effect any transaction in a security” unless that exchange is registered with the SEC as a national securities exchange or operates subject to an exemption. In conducting its evaluation of EtherDelta, the SEC looked to the functional test laid out in Rule 3b-16(a), which prescribes that an organization, association, or group of persons will be viewed to be operating as an “exchange” if it:

(1) Brings together the orders for securities of multiple buyers and sellers; and

(2) Uses established, non-discretionary methods (whether by providing a trading facility or by setting rules) under which such orders interact with each other, and the buyers and sellers entering such orders agree to the terms of a trade.

In determining that EtherDelta satisfied this test, the SEC considered a number of operational characteristics of the platform:

  • EtherDelta operated as a marketplace bringing together buyers and sellers of tokens—including those qualifying as “securities” under the Howey test[3]—through an online platform that stored all orders on EtherDelta’s centralized server. Orders were posted on a public order book for the 500 most common pairs of Ether and ERC20 tokens. All live buy and sell orders were listed and sorted by price and order type (buy or sell), enabling users to identify potential transaction counterparties.
  • EtherDelta’s order taking and execution systems were conducted by a smart contract capable of executing transactions across any Ether/ERC20 Token pair on the Ethereum blockchain. Trade execution only occurred where orders were acted upon by a “taker,” and EtherDelta had no discretion as to order receipt or execution procedures.
  • Where a match was found, trades were executed automatically by the smart contract. Both parties’ cryptographically-signed orders were validated and confirmed as open, and the funds and assets in each user’s account were verified for sufficiency. If all conditions were met, the trade was executed promptly in exchange for a fee imposed on takers of 0.3% of the transaction’s trade volume.

Over an 18-month period, EtherDelta’s smart contract executed more than 3.6 million orders for users in this manner.

Based on these facts, the SEC found that EtherDelta brought orders for securities tokens together by receiving and storing them in its order book, and publicly displaying all bid and offer details. Additionally, EtherDelta utilized Coburn’s smart contract trading protocols as established, non-discretionary methods to facilitate order entry and execution. Thus, EtherDelta fit the parameters of Rule 3b-16(a) and was subject to the registration requirement under Exchange Act Section 5.


Within the digital asset markets, this enforcement action is the first of its kind to be imposed against a digital assets trading platform.  Still, although the “decentralized” nature of the EtherDelta smart contract trading platform may be unconventional for securities markets, the order should not come as a surprise to market participants since it is in line with prior Commission actions and guidance on the matter and reflects the Cyber Unit’s continued expansion beyond digital asset cases involving outright fraud.

The SEC indicated in its July 2017 DAO Report that certain digital asset trading platforms, even those operating in a “decentralized” manner, satisfied the criteria of Rule 3b-16(a) to qualify as an “exchange.”[4] Yet again, in March of 2018, the SEC’s Divisions of Trading and Markets and Enforcement jointly issued a Public Statement reminding digital asset market participants operating a trading platform of their registration requirements if they were facilitating transactions in securities tokens. Even in non-exchange contexts, such as its recent enforcement action against an unregistered broker-dealer operating in digital asset securities markets, the SEC has explicitly looked past the unconventional nature of the technology to indicate that where securities are involved in a transaction, the U.S. securities laws will be applied.  As Cohen indicated after the order’s release, the focus of the SEC’s analysis will be on “the function and what the platform is doing.” Going forward, market participants operating digital asset trading platforms should view this action as yet another reminder of their compliance obligations under the U.S. securities laws.

Despite the order’s consistency with the SEC’s general approach, it does not clarify the significant confusion currently existing in digital asset markets about when and how such assets meet the Howey test, and may be classified as “securities.” The order does not provide an explanation of the particular facts and circumstances that transformed certain ERC20 tokens into securities.  Recently, however, the Director of the SEC Division of Corporation Finance, William Hinman, announced that the Commission will release “Plain English” guidance in the near future to assist token issuers and market participants in determining whether an asset is a “security” during an offering and also how the SEC might evaluate tokens post-offering during secondary market trading. It is unclear exactly when such guidance will be released, but Hinman indicated he expected it to be published at the end of 2018 or the beginning of 2019.  While the content of the guidance remains to be seen, its promulgation may bring some measure of clarity to the evolving landscape on the treatment of digital assets and cryptocurrencies as securities.

[1] “ERC 20 Tokens,” as the SEC’s order details, refer to those digital assets issued and traded on the Ethereum blockchain under the ERC20 protocol, which is a standard coding protocol used by many initial coin offering (ICO) issuers to create, offer, and sell ICO tokens.

[2] An “exchange” is defined in Exchange Act § 3(a)(1) to mean “any organization, association, or group of persons, whether incorporated or unincorporated, which constitutes, maintains, or provides a market place or facilities for bringing together purchasers and sellers of securities or for otherwise performing with respect to securities the functions commonly performed by a stock exchange as that term is generally understood, and includes the market place and the market facilities maintained by such exchange.”

[3] See SEC v. W.J. Howey Co., 328 U.S. 293, 301 (1946). Under the Howey test, a financial instrument will meet the definition of an “investment contract,” and thus qualify as a “security,” if there is: (1) an investment of money; (2) in a common enterprise; (3) with a reasonable expectation of profits; (4) from the managerial or entrepreneurial efforts of others.

[4] The SEC found in its enforcement order against Coburn that over 92% of all trades executed on EtherDelta were conducted after the release of the DAO Report.