Picture: ISTOCK
Picture: ISTOCK

Last year some Ethereum developers raised money from investors for a thing called the Decentralized Autonomous Organization, which was meant to pool the investors’ money and invest it in some Ethereum-projects-to-be-named-later under a complicated governance structure. It was all very blockchainy and 2016, and it raised its money — more than $150m worth of ether at the time — without doing anything to comply with US (or anywhere else’s) securities laws. This was totally illegal!

But that was the least of the DAO’s problems. It also got hacked and had its money stolen and led to a fork of the Ethereum blockchain and was generally a pretty deep soul-searching moment for the cryptocurrency community.

It was also a soul-searching moment for the US Securities and Exchange Commission, which eventually — this July, over a year after the DAO’s brief moment in the sun — released a report noting that the DAO was totally illegal but that it wasn’t going to do anything about it:

       “In light of the facts and circumstances, the agency has                   decided not to bring charges in this instance, or make                     findings of violations in the Report, but rather to caution the         industry and market participants: the federal securities laws         apply to those who offer and sell securities in the United               States, regardless whether the issuing entity is a traditional           company or a decentralized autonomous organization,                   regardless whether those securities are purchased using US         dollars or virtual currencies, and regardless whether they               are distributed in certificated form or through distributed             ledger technology.”

But everyone was on notice that the next time someone launched a cryptocurrency-based investment scheme without even attempting to follow US securities laws, they might get in trouble.

Of course by that point many, many, many people had done exactly that, in the form of initial coin offerings, and they kept right on doing it after the SEC report. And so, for the last few months, people who are interested in initial coin offerings, and people who are interested in SEC enforcement actions, have been rather impatiently waiting for the SEC to sue an ICO operator for violating the law.[1] I sit near the centre of that Venn diagram, so of course I was pleased to see that yesterday was the day:

      “The Securities and Exchange Commission today announced         it obtained an emergency asset freeze to halt a fast-moving           Initial Coin Offering (ICO) fraud that raised up to $15m from           thousands of investors since August by falsely promising a             13-fold profit in less than a month.”

The ICO is called PlexCoin[2] and “the SEC’s new Cyber Unit” brought the case, and both of those names are faintly embarrassing. (SEC: Cyber would be a pretty good CBS prime-time drama.) Anyway:

      “‘This first Cyber Unit case hits all of the characteristics of a          full-fledged cyber scam and is exactly the kind of misconduct        the unit will be pursuing,’ said Robert Cohen, Chief of the                Cyber Unit. ‘We acted quickly to protect retail investors from        this initial coin offering’s false promises.’”

He is not wrong: It really does hit all the characteristics of a full-fledged cyber scam. (Allegedly.) It launched on Facebook, and its business plan was vague even for a cryptocurrency. From the SEC’s complaint:

     “The PlexCoin Facebook Page described the PlexCoin Token            as ‘the next decentralized worldwide cryptocurrency based          on the Ethereum structure’ whose ‘mission is to broaden the        possibilities of uses and to increase the number of users by            simplifying the process of managing cryptocurrency to the            maximum’.”

To the maximum! You can read the white paper here, and it’s mostly in that charmingly daft, cryptocurrency-as-a-second-language tone.[3] Unlike most ICO white papers that I have read, however, it makes specific and bizarre return promises:

       “The return on investment          (ROI) is the projected gain           on your PlexCoin                          purchase, considering that          you must sell your                        PlexCoin to receive your              money.

       “Here are the expected                returns on investment, relying on the possibility that all                  PlexCoin are sold during the pre-sale:

       “Sale level 1: ROI after 29 days or less: 1,354%

        “Sale level 2: ROI after 29 days or less: 629%

        “Sale level 3: ROI after 29 days or less: 332%

        “Sale level 4: ROI after 29 days or less: 200%

        “These numbers might seem enormous, but they are real.”

They were not real.

If you want more characteristics of a full-scale cyber scam, there are loads, but let’s put[4] them[5] in[6] footnotes.[7] They feel like cheap shots. Yes, right, this (alleged) scam was (allegedly) a scam, fine. Yes, fine, the scamminess was (allegedly) overdetermined: PlexCoin’s promoter was a recidivist fraudster and hid his identity and put out a nonsensical business plan and promised huge immediate returns and explicitly admitted he would manipulate the market for PlexCoin and used the money he raised for personal expenses, dayenu. (Allegedly!) Dumb funny scams are dumb and funny, and far be it from me to criticize the SEC for delighting in them at length.

What is striking in the SEC’s complaint is how traditional, and how scammy, this scheme allegedly was. It is the oldest trick in the book: a charismatic promoter asks people for money, promises to return their money many times over, and then just steals it.

The particular thing that he is raising money for — railroads or gold mines or orange groves or e-commerce or biotech or medical marijuana or cryptocurrency or “a company for carrying on an undertaking of great advantage, but nobody to know what it is” — changes over time, but this is purely cosmetic, because in the classic case the promoter isn’t going to do any of those things. He’s just going to steal your money.

The classic securities fraud doesn’t really involve securities — in the sense of investments in a productive enterprise — because the money is never actually invested in anything but the promoters’ lifestyle. Similarly, here, if the SEC is correct, PlexCoin was only very nominally a cryptocurrency offering: PlexCoin didn’t build a blockchain or an application where its coin would be useful; it just took investors’ money (allegedly some $15m worth[8]) and gave them back a worthless thing called a “token”.[9] That’s no better and no worse than giving them back a worthless thing called a “share”. The name and form of the thing is the least of their worries; the main problem is that the money was stolen.

There are other kinds of securities fraud. Enron was a whole big company with real pipelines and power plants and thousands of employees, most of whom were genuinely working on real projects that were supposed to make money for shareholders. Also some people were lying about its financials, sure, but the company itself wasn’t fictional. This didn’t make Enron’s problems better. It made them worse! It is hard to raise billions of dollars based on pure fiction[10]; but if you raise billions of dollars based on reality, well, then you have billions of dollars to lose.

Or: The DAO raised its money in good faith, and had a clever and interesting idea. But the DAO hack cost investors much more money than PlexCoin did. (They eventually got it back, though, sort of. )

At the end of the SEC’s complaint against PlexCoin come the “claims for relief,” the list of laws that PlexCoin has allegedly violated. The first two claims are classic fraud claims, lying about stuff connected to securities. Only in the third claim for relief do you get what ICO/SEC connoisseurs were waiting for, “Violations of Sections 5(a) and 5(c) of the Securities Act”:

           “By virtue of the foregoing, (a) without a registration                        statement in effect as to that security, Defendants Lacroix              and PlexCorps, directly and indirectly, made use of the                    means and instruments of transportation or                                      communications in interstate commerce and of the mails              to sell securities through the use of means of a                                  prospectus, and (b) made use of the means and                                  instruments of transportation or communication in                        interstate commerce and of the mails to offer to sell                        through the use of a prospectus, securities as to which no              registration statement had been filed.”

That is a mouthful, but it is the news here, though it was foreshadowed by the SEC’s July report on the DAO. The SEC concluded that this thing that was called an “initial coin offering” was nonetheless a securities offering, and should have been conducted under the US rules applicable to securities offerings, and is illegal because it wasn’t.

This has nothing to do with the colorful alleged details of the alleged scam: It would be just as much a Section 5 violation if PlexCoin’s promoter had a clean record and fully disclosed the management team and had a plausible business plan and genuinely used his investors’ money to pursue that business plan. It would be just as much a Section 5 violation if he’d succeeded. What’s illegal, under Section 5, is doing an unregistered securities offering — whether or not you lie about it, whether or not you intend to defraud anyone, whether or not you succeed. The purpose of the rule is to protect investors from scams, but its mechanism is to require that securities offerings in the US be done with a registration statement, or under an exemption from registration.[11]

Of course there are hundreds and hundreds of ICOs. Many seek to qualify for exemptions from US securities registration: They are limited to non-U.S. investors, say, or to accredited investors in a private offering. Others argue that they are not securities offerings at all: Their token is not an investment in an enterprise (like a share of stock), but rather a “utility token” that can be used as payment in some existing or imagined commercial system.[12] Still others, like the DAO, just ignore securities regulation and assume it doesn’t apply to them. And then a final subset ignore securities regulation and also commit wild, substantive fraud, lying about everything and then stealing their investors’ money.

It is no surprise that the SEC’s first ICO case is (allegedly) in that last category: If you have to prioritise an illegal ICO to go after, you might as well choose the most comically illegal one you can find. That is sensible both as a matter of fairness, and as a matter of entertainment.

But as a matter of regulation — as a matter of letting everyone know what the law is — it leaves something to be desired. The important questions of ICO regulation are about how the important ICOs will be regulated, not the silly ones: if someone has a real serious blockchain project, and raises hundreds of millions of dollars by selling tokens, and uses the money as advertised to build the project, and the tokens have both a utility component (they can be used on the project’s blockchain to buy some good or service) and an investment component (people bought them in the ICO for speculative reasons), then is that a securities offering? If the SEC had gone after a tougher case — an ICO that looked generally legitimate, but that didn’t comply with the securities laws — then people would know more about where they stand. But it went after an obvious one. That’s more entertaining, but we won’t learn as much from it.

• Levine is a Bloomberg View columnist. He was an editor of Dealbreaker, an investment banker at Goldman Sachs, a mergers and acquisitions lawyer at Wachtell, Lipton, Rosen & Katz and a clerk for the US Court of Appeals for the Third Circuit. This column does not necessarily reflect the opinion of the editorial board or Bloomberg and its owners.

Bloomberg

 

FOOTNOTES:

 

1. For instance there is former SEC Commissioner Joseph Grundfest, who said recently that “I.C.O.s represent the most pervasive, open and notorious violation of federal securities laws since the Code of Hammurabi,” and who “had been contacting current commission officials and staff to urge them to bring cases, and fast.”

2. There are other “Plex-” words involved; in particular, the supposed organization supposedly running PlexCoin was supposedly called PlexCorps. I’m mostly going to call the whole thing PlexCoin and not bother about those distinctions.

3. Some of it is also apparently plagiarized.

4. PlexCoin said that it “decided not to reveal the identities of our team to make sure no one is getting harassed on social media or recruited by other cryptocurrency companies” — though the SEC argues that the real reason is (1) that there was no team, other than PlexCoin principal Dominic Lacroix and a few of his buddies, and (2) “because Lacroix was a known recidivist securities law violator in Canada”.

5. The white paper included this graph of what PlexCoin would do with the money it raised:

“Our budget structure allows for a large part to be used for the market maintenance,” says the white paper. “This will ensure a consistent increase of PlexCoin’s value, even if members sell their assets massively.” They explicitly promised to pump up the value of the thing!

6. But that scammy promise about what PlexCoin would do with the proceeds (basically: pump the price of its own coins) was itself, allegedly, a lie. Instead, says the SEC, “the proceeds from the PlexCoin ICO were not destined for business development but instead were intended to fund Lacroix and Paradis-Royer’s expenses including home decor projects.” (Sabrina Paradis-Royer is a defendant in the case; she “resides at the same address as Lacroix and is believed to be his romantic partner.” )

7. The most obvious indication that PlexCoin was a scam is simply that Quebec’s Autorité des Marchés Financiers, the securities regulator with jurisdiction over Lacroix, sought and obtained an injunction against PlexCoin in July 2017. So it was declared illegal by the Quebec securities regulator, and by a Quebec court, months ago — and ignored that order and kept raising money. The SEC complaint contains this gorgeous deadpan sentence:

           “At most, a Facebook page related to PlexCorps indirectly                acknowledged the Quebec Tribunal’s injunctions,                              obtained  by Quebec’s Autorite Des Marches Financiers                  (Financial Markets Authority or “QAMF“), by offering for                   sale a t-shirt with a picture of a man making an offensive               gesture at the name and logo of the QAMF.”

I cannot believe they resisted including a picture.

8. Quite a bit of it from fairly conventional fiat-currency payment processors like PayPal, Shopify and Stripe, though some of it apparently directly from bitcoin and ether holders.

It did really distribute the tokens, though. From the SEC complaint:

             “The Ethereum blockchain indicates that two addresses                 received 400 million and 550 million PlexCoin Tokens on               or about August 13, 2017. The first address distributed                     over 71.4 million PlexCoin Tokens from August 22 through               the present, in over 36,000 transactions.

            “The second address distributed over 10 million PlexCoin                 Tokens from November 3 through today in over 32,000                    transactions.

             “Assuming all of the distributions of PlexCoin Tokens                       from these addresses were sold to investors as per the                   discount pricing scheme stating in the various PlexCoin                 ICQ marketing materials, these sales would have                               generated proceeds of more than $15m (50-million                           PlexCoin Tokens sold at $0.13 generate $6.5m and 31-                     million PlexCoin Tokens sold at $0.28 generate $8.68m).”

It is perhaps notable that the SEC is using the public immutable Ethereum ledger to trace the mechanics of a cryptocurrency fraud.

10. Not impossible; Bernie Madoff comes close to fitting that description.

11. Meaning, colloquially speaking, that you have to either (1) do an initial public offering with full SEC review (a registration statement) or (2) limit your offering to “accredited investors” with a lot of money. There are other exemptions from registration — for small offerings, for offerings only done offshore to non-U.S. persons, for crowdfunding — but that is the rough idea.

12. That is, if you buy tokens in a cloud-storage ICO, and then use the tokens to obtain cloud storage, then that looks like you are buying prepaid cloud storage, not investing in a company. We talked about this “utility token” distinction back in October.

Please sign in or register to comment.