On August 30, 2023, in a case of first impression, the U.S. District Court for the Southern District of New York dismissed in full a putative securities class action against Uniswap Labs, a decentralized finance (“DeFi”) digital asset exchange (“DEX”), Uniswap Foundation (together with Uniswap Labs, “Uniswap”), and Uniswap’s CEO and founder, Hayden Adams, as well as three of the exchange’s venture capital investors, Andreessen Horowitz, Paradigm Operations, and Union Square Ventures.
The action alleged that defendants were liable for losses incurred by class members who bought “scam tokens” issued by anonymous third parties on the DEX. Plaintiffs were unable to identify the anonymous issuers of the scam tokens, so they sought redress from the DEX—as the Court observed, plaintiffs “were looking for a scapegoat for their claims because the Defendants they truly seek are unidentifiable.” The court held that the DEX was not liable for fraud or unregistered offerings perpetrated by the anonymous third parties via the smart contract underlying the exchange, explaining that “it defies logic that a drafter of computer code underlying a particular software platform could be liable . . . for a third party’s misuse of that platform.”
The Uniswap protocol
Uniswap is one of the largest DeFi digital asset exchanges on the Ethereum blockchain network. Rather than matching buyers and sellers of a particular asset, as on a traditional exchange, the Uniswap smart contracts each function as an “Automated Market Maker,” permitting self-executing exchanges of digital assets between end users and the liquidity pool, without the need for an intermediary. By interacting with the Uniswap smart contracts, anyone can create liquidity pools for any pair of fungible tokens. Those liquidity pools each operate as individual smart contracts on the blockchain. When end users interact with the liquidity pools, they exchange token pairs and pay a transaction fee that is distributed to the liquidity providers. Liquidity providers can withdraw their liquidity and fee income at any time.
In addition to writing the code underlying the Automated Market Maker smart contracts, Uniswap operates a user interface on its website. Advanced blockchain users may be able to interact with the smart contracts without the interface, but the interface makes the smart contracts more user friendly for anyone with a basic understanding of non-custodial crypto wallets. From time to time, Uniswap may update the interface to “de-list” certain liquidity pools, but this merely blocks those liquidity pools from the interface—they continue to exist as individual smart contracts on the blockchain.
Plaintiffs alleged that defendants controlled the DEX and were aware of the scam tokens trading thereon, but ignored them to profit from transaction fees. Plaintiffs averred that defendants were therefore liable under Section 29(b) of the Securities Exchange Act of 1934 (the “Exchange Act”) for frauds perpetrated by the anonymous issuers of the “scam tokens.” Plaintiffs also alleged that defendants were operating as unregistered broker-dealers and that Uniswap was an unregistered exchange. Therefore, plaintiffs argued that defendants were liable for unregistered dealings in securities under and Section 12(a)(1) of the Securities Act of 1933 (the “Securities Act”).
Section 29(b) of the Exchange Act provides, among other things, that fraudulent investment contracts shall be void. As the court explained, this provision voids only “contracts which by their terms violate” the Exchange Act, and does not apply when violations are “collateral or tangential to the contract between the parties.” The court found that the foundational smart contracts created by Uniswap that permit third parties to create liquidity pools are distinct from the individual smart contracts governing any particular liquidity pool which are not created by or controlled by Uniswap. Those foundational contracts, the court held, could themselves operate lawfully, and did not “by their terms violate” the Exchange Act. As such, the court dismissed the Section 29(b) claim. In so doing, the court compared Uniswap to Venmo and Zelle, suggesting that these platforms would not be liable for drug deals facilitated by fund transfers on the platforms—in other words, it is not the underlying platform that is unlawful here, but collateral human intervention.
Section 12(a)(1) of the Securities Act provides a civil cause of action against issuers of certain unregistered securities. Liability under this provision may arise in two circumstances: (1) where the defendant passes title or other interest to the buyer for value; and (2) where the defendant successfully solicits a purchase, motivated in part to serve the defendant’s own financial interest or those of the securities’ owner. The court held that the first theory fails because it cannot implicate parties who are collateral to the offer or sale, and Uniswap does not itself hold title at any point during the transactions executed through the Uniswap protocol. The second theory fails because plaintiffs did not allege any successful solicitation and abandoned their claim that Uniswap profited from end users’ interactions with the smart contracts. The Court did not address the question of whether defendants operated as unregistered broker-dealers or if the DEX was an unregistered exchange—both of which remain open questions.
The Court acknowledged that there are a number of policy questions relevant to the decision, such as whether a DEX should be liable for fraud perpetrated thereon. But the Court suggested that policy issues are better addressed by Congress, not by a court, explaining “the Court declines to stretch the federal securities laws to cover the conduct alleged, and concludes that Plaintiffs’ concerns are better addressed to Congress than to this Court.” The Court added, “[w]hether this anonymity is troublesome enough to merit regulation is not for the Court to decide, but for Congress. Indeed, [t]he ultimate question [in these cases] is one of congressional intent, not one of whether this Court thinks it can improve upon the statutory scheme that Congress enacted into law.”
The Court also dismissed ancillary claims against control persons and neglected to exercise supplemental jurisdiction over related state law claims. Thus, the case was dismissed in its entirety, though plaintiffs can refile their state law claims in state court and/or appeal the decision to the Second Circuit Court of Appeals.
This is a good result for DeFi protocols, especially DEXs, but it is not likely to be the last word in the nascent sphere of legal risks for DeFi. If adopted broadly, this decision will help to shield developers of smart contracts from liability for misuse of those smart contracts by third parties. Moreover, the Court endorsed the view of the CFTC that ETH is a commodity (not a security). That said, Uniswap was well positioned to defend against this particular suit and other protocols may present different issues. And this suit represents only a narrow sliver of potential suits and enforcement actions that DeFi platforms could be seeing with greater frequency in the coming months and years.
One important factor that weighed in Uniswap’s favor here is the fact that trading digital assets is not inherently unlawful. Smart contracts that facilitate activities that are inherently unlawful, such as gambling in some jurisdictions, could be treated differently. Another factor that favored Uniswap is the fact that it did not itself profit from transaction fees. Had plaintiffs adequately alleged that Uniswap directly solicited transactions in any of the “scam tokens” at issue and profited from those transactions, the result might have been different. As such, DeFi protocols that collect fees from interactions with their smart contracts should be careful about promoting transactions in any particular token that might be characterized as an unregistered security.
Notably, this decision does not absolve DeFi platforms of complying with the vast U.S. regulatory regime. For example, the court here noted that Uniswap is comparable to Venmo or Zelle, which would not be held liable for facilitating transactions collaterally related to drug deals. But Venmo and Zelle are money transmitters subject to AML obligations set by FinCEN, and if Venmo or Zelle were to fail to establish risk-based AML programs with adequate Know Your Customer procedures, they could face steep fines—and the fact that any transactions facilitated illegal activity could be evidence of an inadequate AML program. Uniswap likewise may be viewed as a money transmitter. Indeed, FinCEN has for years taken the position that DeFi protocols that accept and transmit value—whether that value is fiat currency or digital assets—are subject to FinCEN’s AML obligations. Moreover, in April 2023 FinCEN published a report on illicit finance risk in DeFi, demonstrating the increased focus of the Treasury Department on DeFi. The report noted that many DeFi platforms that operate in the United States are not compliant with the AML obligations of the BSA, and some are also not compliant with various registration obligations under, for example, the Securities Exchange Act and the Commodities Exchange Act.1
The SEC and CFTC have also been increasing their focus on DeFi protocols lately—the SEC has proposed rules2 that would clarify registration and AML obligations for DeFi token exchange protocols like Uniswap (notably, Uniswap itself was reportedly under investigation by the SEC as of September 2021). And the CFTC recently issued orders against three DeFi trading platforms for offering unregistered derivative trading.3 Further, earlier this year, the CFTC obtained, via default judgment, a federal court’s endorsement of its theory of jurisdiction over a DeFi leveraged trading protocol that sought to avoid regulatory scrutiny by transferring control from a centralized entity to a supposedly decentralized one.4
DeFi protocols come in all shapes and size, and each could face numerous unique legal risks, many yet untested. With the increasing attention, now more than ever, DeFi protocols are encouraged to seek legal counsel regarding the ever-expanding compliance obligations imposed by U.S. regulators and civil litigation risks.
4. CFTC v. Ooki DAO, No. 3:22-cv-05416-WHO, 2023 WL 5321527 (N.D. Cal. June 8, 2023); see also Statement of CFTC Director of Enforcement, Ian McGinnley on the Ooki DAO Litigation Victory, (“Critically, in a precedent-setting decision, the court held that the Ooki DAO is a ‘person’ under the Commodity Exchange Act and thus can be held liable for violations of the law. The court then held that the Ooki DAO did, in fact, violate the law as charged. The founders created the Ooki DAO with an evasive purpose, and with the explicit goal of operating an illegal trading platform without legal accountability. This decision should serve as a wake-up call to anyone who believes they can circumvent the law by adopting a DAO structure, intending to insulate themselves from law enforcement and ultimately putting the public at risk.”)