SEC Halts a Silly Initial Coin Offering
Last year some Ethereum developers raised money from investors for a thing called the Decentralized Autonomous Organization, which was meant to pool the investors' money and invest it in some Ethereum-projects-to-be-named-later under a complicated governance structure. It was all very blockchainy and 2016, and it raised its money -- more than $150 million worth of ether at the time -- without doing anything to comply with U.S. (or anywhere else's) securities laws. This was totally illegal! But that was the least of the DAO's problems. It also got hacked and had its money stolen and led to a fork of the Ethereum blockchain and was generally a pretty deep soul-searching moment for the cryptocurrency community.
It was also a soul-searching moment for the U.S. Securities and Exchange Commission, which eventually -- this July, over a year after the DAO's brief moment in the sun -- released a report noting that the DAO was totally illegal but that it wasn't going to do anything about it:
In light of the facts and circumstances, the agency has decided not to bring charges in this instance, or make findings of violations in the Report, but rather to caution the industry and market participants: the federal securities laws apply to those who offer and sell securities in the United States, regardless whether the issuing entity is a traditional company or a decentralized autonomous organization, regardless whether those securities are purchased using U.S. dollars or virtual currencies, and regardless whether they are distributed in certificated form or through distributed ledger technology.
But everyone was on notice that the next time someone launched a cryptocurrency-based investment scheme without even attempting to follow U.S. securities laws, they might get in trouble. Of course by that point many, many, many people had done exactly that, in the form of initial coin offerings, and they kept right on doing it after the SEC report. And so, for the last few months, people who are interested in initial coin offerings, and people who are interested in SEC enforcement actions, have been rather impatiently waiting for the SEC to sue an ICO operator for violating the law. 1 I sit near the center of that Venn diagram, so of course I was pleased to see that yesterday was the day:
The Securities and Exchange Commission today announced it obtained an emergency asset freeze to halt a fast-moving Initial Coin Offering (ICO) fraud that raised up to $15 million from thousands of investors since August by falsely promising a 13-fold profit in less than a month.
The ICO is called "PlexCoin," 2 and "the SEC's new Cyber Unit" brought the case, and both of those names are faintly embarrassing. ("SEC: Cyber" would be a pretty good CBS prime-time drama.) Anyway:
"This first Cyber Unit case hits all of the characteristics of a full-fledged cyber scam and is exactly the kind of misconduct the unit will be pursuing," said Robert Cohen, Chief of the Cyber Unit. "We acted quickly to protect retail investors from this initial coin offering's false promises."
He is not wrong: It really does hit all the characteristics of a full-fledged cyber scam. (Allegedly.) It launched on Facebook, and its business plan was vague even for a cryptocurrency. From the SEC's complaint:
The PlexCoin Facebook Page described the PlexCoin Token as "the next decentralized worldwide cryptocurrency based on the Ethereum structure" whose "mission is to broaden the possibilities of uses and to increase the number of users by simplifying the process of managing cryptocurrency to the maximum."
To the maximum! You can read the white paper here, and it's mostly in that charmingly daft, cryptocurrency-as-a-second-language tone. 3 Unlike most ICO white papers that I have read, however, it makes specific and bizarre return promises:
The return on investment (ROI) is the projected gain on your PlexCoin purchase, considering that you must sell your PlexCoin to receive your money.
Here are the expected returns on investment, relying on the possibility that all PlexCoin are sold during the pre-sale:
- Sale level 1: ROI after 29 days or less: 1 354%
- Sale level 2: ROI after 29 days or less: 629%
- Sale level 3: ROI after 29 days or less: 332%
- Sale level 4: ROI after 29 days or less: 200%
These numbers might seem enormous, but they are real.
They were not real.
If you want more characteristics of a full-scale cyber scam, there are loads, but let's put 4 them 5 in 6 footnotes. 7 They feel like cheap shots. Yes, right, this (alleged) scam was (allegedly) a scam, fine. Yes, fine, the scamminess was (allegedly) overdetermined: PlexCoin's promoter was a recidivist fraudster and hid his identity and put out a nonsensical business plan and promised huge immediate returns and explicitly admitted he would manipulate the market for PlexCoin and used the money he raised for personal expenses, dayenu. (Allegedly!) Dumb funny scams are dumb and funny, and far be it from me to criticize the SEC for delighting in them at length.
What is striking in the SEC's complaint is how traditional, and how scammy, this scheme allegedly was. It is the oldest trick in the book: A charismatic promoter asks people for money, promises to return their money many times over, and then just steals it. The particular thing that he is raising money for -- railroads or gold mines or orange groves or e-commerce or biotech or medical marijuana or cryptocurrency or "a company for carrying on an undertaking of great advantage, but nobody to know what it is" -- changes over time, but this is purely cosmetic, because in the classic case the promoter isn't going to do any of those things. He's just going to steal your money.
The classic securities fraud doesn't really involve securities -- in the sense of investments in a productive enterprise -- because the money is never actually invested in anything but the promoters' lifestyle. Similarly, here, if the SEC is correct, PlexCoin was only very nominally a cryptocurrency offering: PlexCoin didn't build a blockchain or an application where its coin would be useful; it just took investors' money (allegedly some $15 million worth 8 ) and gave them back a worthless thing called a "token." 9 That's no better and no worse than giving them back a worthless thing called a "share." The name and form of the thing is the least of their worries; the main problem is that the money was stolen.
There are other kinds of securities fraud. Enron Corp. was a whole big company with real pipelines and power plants and thousands of employees, most of whom were genuinely working on real projects that were supposed to make money for shareholders. Also some people were lying about its financials, sure, but the company itself wasn't fictional. This didn't make Enron's problems better. It made them worse! It is hard to raise billions of dollars based on pure fiction 10 ; but if you raise billions of dollars based on reality, well, then you have billions of dollars to lose.
Or: The DAO raised its money in good faith, and had a clever and interesting idea. But the DAO hack cost investors much more money than PlexCoin did. (They eventually got it back, though, sort of.)
At the end of the SEC's complaint against PlexCoin come the "claims for relief," the list of laws that PlexCoin has allegedly violated. The first two claims are classic fraud claims, lying about stuff connected to securities. Only in the third claim for relief do you get what ICO/SEC connoisseurs were waiting for, "Violations of Sections 5(a) and 5(c) of the Securities Act":
By virtue of the foregoing, (a) without a registration statement in effect as to that security, Defendants Lacroix and PlexCorps, directly and indirectly, made use of the means and instruments of transportation or communications in interstate commerce and of the mails to sell securities through the use of means of a prospectus, and (b) made use of the means and instruments of transportation or communication in interstate commerce and of the mails to offer to sell through the use of a prospectus, securities as to which no registration statement had been filed.
That is a mouthful, but it is the news here, though it was foreshadowed by the SEC's July report on the DAO. The SEC concluded that this thing that was called an "initial coin offering" was nonetheless a securities offering, and should have been conducted under the U.S. rules applicable to securities offerings, and is illegal because it wasn't.
This has nothing to do with the colorful alleged details of the alleged scam: It would be just as much a Section 5 violation if PlexCoin's promoter had a clean record and fully disclosed the management team and had a plausible business plan and genuinely used his investors' money to pursue that business plan. It would be just as much a Section 5 violation if he'd succeeded. What's illegal, under Section 5, is doing an unregistered securities offering -- whether or not you lie about it, whether or not you intend to defraud anyone, whether or not you succeed. The purpose of the rule is to protect investors from scams, but its mechanism is to require that securities offerings in the U.S. be done with a registration statement, or under an exemption from registration. 11
Of course there are hundreds and hundreds of ICOs. Many seek to qualify for exemptions from U.S. securities registration: They are limited to non-U.S. investors, say, or to accredited investors in a private offering. Others argue that they are not securities offerings at all: Their token is not an investment in an enterprise (like a share of stock), but rather a "utility token" that can be used as payment in some existing or imagined commercial system. 12 Still others, like the DAO, just ignore securities regulation and assume it doesn't apply to them. And then a final subset ignore securities regulation and also commit wild, substantive fraud, lying about everything and then stealing their investors' money.
It is no surprise that the SEC's first ICO case is (allegedly) in that last category: If you have to prioritize an illegal ICO to go after, you might as well choose the most comically illegal one you can find. That is sensible both as a matter of fairness, and as a matter of entertainment.
But as a matter of regulation -- as a matter of letting everyone know what the law is -- it leaves something to be desired. The important questions of ICO regulation are about how the important ICOs will be regulated, not the silly ones: If someone has a real serious blockchain project, and raises hundreds of millions of dollars by selling tokens, and uses the money as advertised to build the project, and the tokens have both a utility component (they can be used on the project's blockchain to buy some good or service) and an investment component (people bought them in the ICO for speculative reasons), then is that a securities offering? If the SEC had gone after a tougher case -- an ICO that looked generally legitimate, but that didn't comply with the securities laws -- then people would know more about where they stand. But it went after an obvious one. That's more entertaining, but we won't learn as much from it.
For instance there is former SEC Commissioner Joseph Grundfest, who said recently that "I.C.O.s represent the most pervasive, open and notorious violation of federal securities laws since the Code of Hammurabi," and who "had been contacting current commission officials and staff to urge them to bring cases, and fast."
There are other "Plex-" words involved; in particular, the supposed organization supposedly running PlexCoin was supposedly called PlexCorps. I'm mostly going to call the whole thing PlexCoin and not bother about those distinctions.
Some of it is also apparently plagiarized.
PlexCoin said that it "decided not to reveal the identities of our team to make sure no one is getting harassed on social media or recruited by other cryptocurrency companies" -- though the SEC argues that the real reason is (1) that there was no team, other than PlexCoin principal Dominic Lacroix and a few of his buddies, and (2) "because Lacroix was a known recidivist securities law violator in Canada."
The white paper included this graph of what PlexCoin would do with the money it raised:
"Our budget structure allows for a large part to be used for the market maintenance," says the white paper. "This will ensure a consistent increase of PlexCoin’s value, even if members sell their assets massively." They explicitly promised to pump up the value of the thing!
But that scammy promise about what PlexCoin would do with the proceeds (basically: pump the price of its own coins) was itself, allegedly, a lie. Instead, says the SEC, "the proceeds from the PlexCoin ICO were not destined for business development but instead were intended to fund Lacroix and Paradis-Royer's expenses including home decor projects." (Sabrina Paradis-Royer is a defendant in the case; she "resides at the same address as Lacroix and is believed to be his romantic partner.")
The most obvious indication that PlexCoin was a scam is simply that Quebec's Autorité des Marchés Financiers, the securities regulator with jurisdiction over Lacroix, sought and obtained an injunction against PlexCoin in July 2017. So it was declared illegal by the Quebec securities regulator, and by a Quebec court, months ago -- and ignored that order and kept raising money. The SEC complaint contains this gorgeous deadpan sentence:
At most, a Facebook page related to PlexCorps indirectly acknowledged the Quebec Tribunal's injunctions, obtained by Quebec's Autorite Des Marches Financiers (Financial Markets Authority or "QAMF"), by offering for sale a t-shirt with a picture of a man making an offensive gesture at the name and logo of the QAMF.
I cannot believe they resisted including a picture.
Quite a bit of it from fairly conventional fiat-currency payment processors like PayPal, Shopify and Stripe, though some of it apparently directly from bitcoin and ether holders.
It did really distribute the tokens, though. From the SEC complaint:
The Ethereum blockchain indicates that two addresses received 400 million and 550 million PlexCoin Tokens on or about August 13, 2017. The first address distributed over 71.4 million PlexCoin Tokens from August 22 through the present, in over 36,000 transactions.
The second address distributed over 10 million PlexCoin Tokens from November 3 through today in over 32,000 transactions.
Assuming all of the distributions of PlexCoin Tokens from these addresses were sold to investors as per the discount pricing scheme stating in the various PlexCoin ICQ marketing materials, these sales would have generated proceeds of more than $15 million USD (50 million PlexCoin Tokens sold at $0.13 generate $6.5 million USD, and 31 million PlexCoin Tokens sold at $0.28 generate $8.68 million USD).
It is perhaps notable that the SEC is using the public immutable Ethereum ledger to trace the mechanics of a cryptocurrency fraud.
Not impossible; Bernie Madoff comes close to fitting that description.
Meaning, colloquially speaking, that you have to either (1) do an initial public offering with full SEC review (a registration statement) or (2) limit your offering to "accredited investors" with a lot of money. There are other exemptions from registration -- for small offerings, for offerings only done offshore to non-U.S. persons, for crowdfunding -- but that is the rough idea.
That is, if you buy tokens in a cloud-storage ICO, and then use the tokens to obtain cloud storage, then that looks like you are buying prepaid cloud storage, not investing in a company. We talked about this "utility token" distinction back in October.
To contact the editor responsible for this story:
James Greiff at firstname.lastname@example.org