Back in 2013, the first cryptocurrency matter hit our desks. That was the beginning of the exponential growth of our digital assets practice. Recognizing the importance of the area, we launched this blog, Blockchain and the Law. In our first cluster of posts, we covered topics such as cryptocurrency taxation, blockchain and privacy, and issues surrounding initial coin offerings (or ICOs), one of the hottest issues at that time and a practice that still garners SEC scrutiny in 2022 (interestingly, there is still no consensus around when a digital asset, outside of Bitcoin, which is considered a commodity, is a “security”).

Today, blockchain-based innovations continue apace, continuously offering new opportunities (and raising challenges). In the push toward Web3 – with its decentralized, permissionless, tokenized core – there are a variety of new technologies and innovations, from DeFi to DAOs to NFTs to fan tokens to the Merge to the metaverse.  We have been privileged to work with many of the most dynamic clients in helping them build businesses around these advances.

We were thrilled to host a three-day symposium from September 19-21, 2022 to highlight some of the hottest legal and business issues affecting digital assets, featuring a full slate of discussions among our attorneys and guests from the industry.  At the symposium, we programmed virtual panels across a range of topics: SEC enforcement and securities regulation of digital assets, asset manager considerations surrounding digital assets, employee compensation and benefits issues, cryptocurrency AML considerations, digital assets in bankruptcy, decentralized autonomous organizations (DAOs), and sports and media trends and issues in Web3.  The final day of the event culminated in an in-person reception and a “Voices from the Industry” panel featuring an eclectic group of executives from across the digital asset space talking about issues that are top of mind.  In the span of a few days, we learned a lot.

Background

The issue of fraudulent crypto-related mobile apps has received much attention of late.  Back in July 2022, the FBI issued a notice, warning financial institutions and investors about instances where criminals created spoofed cryptocurrency wallet apps to trick consumers and steal their cryptocurrency. There have also been reports of phishing websites that attempt to trick consumers into entering credentials, thereby enabling hackers to access victims’ crypto wallets. In response to these developments, Senator Sherrod Brown recently sent a letter to Apple, among others, expressing his concern about fraudulent cryptocurrency apps and asking for more information about the particulars of Apple’s process to review and approve crypto apps for inclusion in the App Store.

In a recent ruling, a California district court held that Apple, as operator of that App Store, was protected from liability for losses resulting from that type of fraudulent activity. (Diep v. Apple Inc., No. 21-10063 (N.D. Cal. Sept. 2, 2022)). This case is important in that, in a motion to dismiss, a platform provider was able to use both statutory and contractual protections to avoid liability for the acts of third party cyber criminals.

The U.S. District Court for the Southern District of New York recently rejected a proposed settlement of a securities class action involving purchasers of digital tokens due to concerns about whether the lead plaintiff had adequately represented the class for settlement purposes.  Judge Lewis A. Kaplan held in Williams v.

As of this writing, the Ethereum “Merge,” one of the most anticipated events in blockchain history, is finally expected to occur in September 2022. The “Merge” will shift the Ethereum blockchain (native token ETH, or ether) from a proof-of-work (PoW) consensus mechanism to a proof-of-stake (PoS) consensus mechanism that uses over 99.9% less energy. Technically, the Merge involves transitioning the current Ethereum proof-of-work Mainnet protocol (the blockchain used for ETH-based transactions) to the Beacon Chain proof-of-stake network.  As a result, transactions will be conducted on the new proof-of-stake network and new ETH tokens will be minted by nodes on the network staking a fair amount of ether tokens into a pool to secure the network and validate transactions. Post-Merge, the practice of ether cryptomining on the Ethereum 2.0 network will end, either forcing miners to pivot to mining on Ethereum Classic or find a new endeavor.

While the move to Ethereum 2.0 is being closely-watched, akin to the countdown to the New Year’s Eve Times Square ball drop, it’s a little more complicated and more of a series of actions (and accompanying benefits) that will happen over time. The Merge is but the first step in a series of five (notably followed by upgrades titled ‘the Surge,’ ‘the Verge,’ ‘the Purge,’ and ‘the Splurge’) that intend to make Ethereum faster, more scalable, more powerful, more energy efficient and more robust.

In what is the New York Department of Financial Services’ (NYDFS) first enforcement action against a NYDFS-licensed “virtual currency business,” on August 1, 2022, the agency announced $30 million settlement with cryptocurrency investing platform Robinhood Crypto, LLC (“RHC”).  The settlement addressed  charges stemming from what the NYDFS cited as various deficiencies during 2019-20 of RHC’s Bank Secrecy Act (BSA) and anti-money laundering (AML) program and RHS’ cybersecurity obligations under the agency’s Virtual Currency “BitLicense” regulation (23 NYCRR Part 200) and Cybersecurity Regulation (23 NYCRR Part 500), among other things

NYDFS has been active in crypto regulation for many years. In 2015, New York was the first state to promulgate a comprehensive framework for regulating virtual currency-related businesses. The keystones of the BitLicense regulations are consumer protection, anti-money laundering compliance and cybersecurity rules that are intended to place appropriate “guardrails” around the industry while allowing innovation. In addition, NYDFS’s Cybersecurity Regulation went into effect in March 2017 and generally requires all covered entities, including licensed virtual currency businesses, to establish and maintain a cybersecurity program designed to protect the confidentiality, integrity, and availability of its information systems. Licensed virtual currency companies are subject to the same AML and cybersecurity regulations as traditional financial services companies.

With the enduring popularity of certain NFTs and the promise of their use in the Metaverse and beyond, the hype around the new technology has been accompanied by rising concerns over NFTs being the centerpiece of traditional financial crimes like money laundering and wire fraud.  For example, on June 30th, 2022 the Justice Department indicted six individuals in four separate cryptocurrency fraud cases, which altogether involved over $130 million of investors’ funds. These indictments include allegations of a global Ponzi scheme selling unregistered crypto securities, a fraudulent initial coin offering involving phony associations with top companies, a fraudulent investment fund that purportedly traded on cryptocurrency exchanges, and the largest-known Non-Fungible Token (NFT) money laundering scheme to date.