One of the strangest stories in the history of decentralized finance (DeFi) may soon also count among the most legally significant, experts told CoinDesk in a series of interviews. According to multiple legal professionals, recent events could provide the U.S. Securities and Exchange Commission (SEC) and other agencies a long-awaited foothold in the largely unregulated, $211 billion DeFi sector.
In late January, noted on-chain sleuth ZachXBT revealed that the treasury manager for Wonderland, a popular DeFi protocol, was in fact Michael Patryn, a convicted felon and the co-founder of the fraudulent former Canadian cryptocurrency exchange QuadrigaCX.
Prior to the reveal, Patryn – then working under the pseudonym “Sifu” – and Wonderland founder Daniele Sestagalli grew notorious for aggressively leveraging one of DeFi’s trendiest new tools: Protocol Controlled Value, or PCV. According to the Wonderland documentation, PCV is a term for “the amount of funds the treasury owns and controls,” and the Wonderland treasury currently manages in excess of $700 million, down from a peak well over $1 billion.
Depending on how a protocol’s treasury is managed, PCV often undermines DeFi’s claims to decentralization.
Read more: How Did a Former Quadriga Exec End Up Running a DeFi Protocol? Wonderland Founder Explains
While some decentralized autonomous organizations (DAOs) leverage on-chain governance and votes directly and programmatically lead to fund disbursements, others simply use DAO token-holder votes as “signals” from the community to a centralized group of fund managers who theoretically may or may not choose to enact the community’s wishes – a dynamic that could draw the attention of regulators.
While Wonderland’s PCV was ostensibly owned by token holders, it was largely unilaterally managed by the Sestagalli and Patryn using only a multi-signature scheme for security – a common tool that requires multiple “signers” to approve transactions from a blockchain address.
When is DeFi truly decentralized? That question could soon be at the center of an SEC investigation.
One of the strangest stories in the history of decentralized finance (DeFi) may soon also count among the most legally significant, experts told CoinDesk in a series of interviews. According to multiple legal professionals, recent events could provide the U.S. Securities and Exchange Commission (SEC) and other agencies a long-awaited foothold in the largely unregulated, $211 billion DeFi sector.
In late January, noted on-chain sleuth ZachXBT revealed that the treasury manager for Wonderland, a popular DeFi protocol, was in fact Michael Patryn, a convicted felon and the co-founder of the fraudulent former Canadian cryptocurrency exchange QuadrigaCX.
Depending on how a protocol’s treasury is managed, PCV often undermines DeFi’s claims to decentralization.
Read more: How Did a Former Quadriga Exec End Up Running a DeFi Protocol? Wonderland Founder Explains
While some decentralized autonomous organizations (DAOs) leverage on-chain governance and votes directly and programmatically lead to fund disbursements, others simply use DAO token-holder votes as “signals” from the community to a centralized group of fund managers who theoretically may or may not choose to enact the community’s wishes – a dynamic that could draw the attention of regulators.
While Wonderland’s PCV was ostensibly owned by token holders, it was largely unilaterally managed by the Sestagalli and Patryn using only a multi-signature scheme for security – a common tool that requires multiple “signers” to approve transactions from a blockchain address.
For many who were skeptical about Wonderland’s centralized treasury management, Patryn’s unmasking was a clear example of why the sector should strive to avoid centralized intermediaries, pseudonymous or not.
According to a number of legal experts, however, it may also be exactly the case that the SEC has been looking for.
“If you’re the SEC, this is probably one of the better opportunities to get some precedent on the books that would at least let you start clawing into DeFi,” Collins Belton, a managing partner at Brookwood P.C., said in an interview with CoinDesk.
Belton “absolutely” expects there will be regulatory activity on the PCV front – the first of what could be a number of cases where agencies test the sector’s claims to decentralization, as the agency analyzes “whether they’re dealing with a securities instrument, or a vehicle that needs to be regulated under the Investment Company Act.”
The bizarre, headline-grabbing nature of the Wonderland incident could also “invite political will for enforcements,” said Ross Campbell, a legal engineer at LexDAO, which could ultimately accelerate the timeline on the SEC taking action.
Read more: Wonderland Founder: ‘I’m Here to Fix This and Make It All Back’
“I think in terms of how quickly this could happen, it could happen this year, honestly,” said Campbell.
DAO in name only
According to Belton, the trend of centrally-managed PCV is a sign of broader froth that permeated DeFi markets in late 2021, a period during which Wonderland reached a peak of well over $1 billion in PCV under Sestagalli and Patryn’s oversight.
It was a largely euphoric phase where “everybody kind of lost sight of fundamental values” such as decentralization and censorship resistance, he said.
“People kind of get away with that because there’s a lot of new entrants and they don’t have that prior training, and the experienced hands saw there was money to be made – ‘Oh hey, maybe this stuff never did matter at all because we’re all making money,’” said Belton.
Indeed, he noted that the PCV trend has been broadly referred to as DeFi, despite failing to live up to the label.
“Over the past year and a half, DeFi has become a term for anything related to finance in crypto. If anything, [centrally-managed PCV] is just unregulated traditional finance,” he added.
These distinctions aren’t merely a matter of ideology, however, and may in fact be a focal point for SEC enforcement.
“I very frequently bifurcate things [definitionally] in crypto along the lines of custodial or managerial decision-making on one side, and relinquishing those controls on the other,” Belton said. “Frequently, I think, to the extent that you get in front of a court willing to engage in a fundamental-based analysis, that’s oftentimes the dividing line for where the court’s assessment will be.”
Belton noted that central management of funds increases the likelihood that Wonderland’s TIME and wMEMO tokens could be considered a security, especially given how active and vocal Sestagalli was about his management as a perk of the protocol.
“[Regulators] will be looking at the manner in which people are managing the fund, or the extra layer of value on top of the token, that’s creating issues with respect to retail. People enter into these investments based on their efforts, and based on their involvement in the operation,” said Campbell.
Sestagalli failing to disclose Patryn’s identity could also prove to be a particular sticking point as well, as it was information that may have caused some investors to reassess their position.
“Often times what they’re looking at is, ‘Are there individuals that we can uniquely point to as providing the essential managerial efforts to either drive profit, to manage risk, that would be in possession of some type of information asymmetry they could uniquely take advantage of relative to the general public,’ et cetera,” Belton said.
Test case
These clear points of centralization and the lack of disclosures both dramatically increase the odds of the SEC using Wonderland as a “test case” to explore when a protocol’s claims to decentralization are not backed up in terms of the actual power distribution, said Campbell.
“The SEC or other, similar regulators in other jurisdictions might say, ‘This looks a lot like a centralized enterprise because effectively the checks and balances are not enforced by code.’ You have soft power via signal Snapshotvoting, but the hard power is held by the multi-sig,” he said.
Indeed, over the past year the SEC has been threatening to establish a more active stance in the regulation of DeFi protocols, but so far has yet to take meaningful action – possibly due in part to the legal tangle created by decentralized decision making.
Read more: State of Crypto: The SEC Takes on DeFi
With many DeFi protocols, such as Uniswap v2 and Aave v1, once published the protocol operates entirely autonomously and is non-upgradable – it is impossible to “take the protocol down,” and their operation requires no oversight, leading to ambiguity concerning what practical steps regulatory agencies could take towards enforcement.
“Why there’s been a reticence to do more than send requests for information to DeFi companies is because part of the challenge is they have to come up with a legal theory that allows them to provide that, despite the fact that these people are not actually either taking affirmative action to facilitate or execute transactions, and they’re not exercising discretion or managerial decisions, they should still be liable and beholden to the users of these platforms – that’s actually very difficult in the United States,” said Campbell.
Belton also noted that some legal observers have argued that if a case was appealed in higher courts, including the Supreme Court, the current composition of the court is “radically pro-business” and “radically free speech-leaning,” which could make enforcement arguments against a more thoroughly decentralized entity difficult.
“They’ll always have an easier time going after select actors, versus going after a specific technology or going after thousands of people that might be involved in a DAO,” Campbell added.
By comparison, a handful of publicly known money managers are a significantly easier target. According to Belton, it prompts a simple question: “Do we go after these guys who are anon and make these novel legal arguments, or do they go after this identifiable human being who is actively calling his thing a SPAC, which we already regulate?”
Unlike with autonomous and decentralized protocols, there are more clearly-identifiable actors and steps for taking action against them.
“If you’re a Gary [Gensler], you’re saying, ‘Here’s an opportunity where a lot of things look more similar to a slam dunk to us than other protocols,’” added Campbell.
Building precedent
Adding further to the probability of enforcement action, the SEC has already established precedent with regard to investment DAOs.
“I have to remind people, the first significant thing the SEC did [in crypto] was the DAO report,” said Belton.
Read more: The DAO Report: Understanding the Risk of SEC Enforcement
Indeed, in 2017 the SEC released the now-landmark DAO report, in which it revealed it had been investigating the initial coin offering (ICO) of The DAO, an early collective investment experiment that failed after a hack in 2016.
While automated market makers (AMMs) and peer-to-pool lending markets may be new developments, in light of the DAO report, PCV is in some ways just a new term for structures that the SEC has extensive experience with. The first line of the SEC report even notes that parties related to organizing The DAO “may have violated the federal securities laws.”
“Way before Wonderland these guys were focused on treasuries managed by DAOs,” Belton said of SEC staffers. “Those are two things [treasury management and DAOs] that they are intimately familiar with and are things they think is within their purview.”
If and when the SEC successfully brings enforcement against Wonderland, however, it could be a stepping stone in pursuing other protocols, especially ones that build and manage treasuries in a centralized manner.
“That’s the goal of common-law jurisprudence. You want to build precedent you can build on,” said Belton.
Indeed, in a worst-case scenario for the industry, any protocol raising and managing treasury funds at all could eventually become targets if the SEC builds enough precedent, working their way into the industry over a period of years with successful enforcements.
“What Gary Gensler has said specifically about DeFi protocols, decentralized exchanges, and how token holders earn fees, that seems high on their list nowadays,” Campbell said of recent statements from the SEC chairman.
Self-enforcement
Ironically, many observers have pointed out that looming encroachment from the SEC may have been avoided if DeFi users demanded more thorough decentralization from the projects they invest in, as well-designed DAOs by nature give token holders and organizations methods to “clean up their own messes,” and investors often “have exit rights,” said Campbell.
“We need more effective on-chain governance and veto power by people who hold tokens. Those things together would allow more self-regulation against an enforcement action because the SEC tries to prioritize in terms of what brings the most bang for the buck and where they can make the most law by bringing an enforcement action,” Campbell added.
In a blog post, Inverse Finance founder Nour Haridy called on the Wonderland DAO to move away from the multi-signature and instead institute on-chain governance, and offered assistance with the transition.
“Due to the severity of the recent events, the future of the Wonderland story and how it unfolds will be remembered as a turning point in the history of crypto,” Haridy wrote. “In my opinion, it is up to us all in the crypto community to do our part and make sure that it is remembered as a moment where we all stood together to ease the pains of the thousands of everyday people who are hurt by this situation and to find a viable solution that puts them back in control of their own future.”
The notion of self-regulation for DeFi has some real-world precedent as well, according to Casey Hewitt, the founder of Hewitt Law. Standardizing any self-enforcement principles could prove difficult, however.
“If the goal is autonomy and self-regulation, there needs to be some accepted standards (even if it involves some level of anonymity) that everyone follows,” she said via Twitter.
Established financial entities, such as the CME Group, can do it, Hewitt said; so too should a sector of the crypto economy touching over $200 billion in assets.
“If DeFi wants to prove it can self-regulate, it needs to really do it,” she said.
According to a number of legal experts, however, it may also be exactly the case that the SEC has been looking for.
“If you’re the SEC, this is probably one of the better opportunities to get some precedent on the books that would at least let you start clawing into DeFi,” Collins Belton, a managing partner at Brookwood P.C., said in an interview with CoinDesk.
Belton “absolutely” expects there will be regulatory activity on the PCV front – the first of what could be a number of cases where agencies test the sector’s claims to decentralization, as the agency analyzes “whether they’re dealing with a securities instrument, or a vehicle that needs to be regulated under the Investment Company Act.”
The bizarre, headline-grabbing nature of the Wonderland incident could also “invite political will for enforcements,” said Ross Campbell, a legal engineer at LexDAO, which could ultimately accelerate the timeline on the SEC taking action.
Read more: Wonderland Founder: ‘I’m Here to Fix This and Make It All Back’
“I think in terms of how quickly this could happen, it could happen this year, honestly,” said Campbell.
DAO in name only
According to Belton, the trend of centrally-managed PCV is a sign of broader froth that permeated DeFi markets in late 2021, a period during which Wonderland reached a peak of well over $1 billion in PCV under Sestagalli and Patryn’s oversight.
It was a largely euphoric phase where “everybody kind of lost sight of fundamental values” such as decentralization and censorship resistance, he said.
“People kind of get away with that because there’s a lot of new entrants and they don’t have that prior training, and the experienced hands saw there was money to be made – ‘Oh hey, maybe this stuff never did matter at all because we’re all making money,’” said Belton.
Indeed, he noted that the PCV trend has been broadly referred to as DeFi, despite failing to live up to the label.
“Over the past year and a half, DeFi has become a term for anything related to finance in crypto. If anything, [centrally-managed PCV] is just unregulated traditional finance,” he added.
These distinctions aren’t merely a matter of ideology, however, and may in fact be a focal point for SEC enforcement.
“I very frequently bifurcate things [definitionally] in crypto along the lines of custodial or managerial decision-making on one side, and relinquishing those controls on the other,” Belton said. “Frequently, I think, to the extent that you get in front of a court willing to engage in a fundamental-based analysis, that’s oftentimes the dividing line for where the court’s assessment will be.”
Belton noted that central management of funds increases the likelihood that Wonderland’s TIME and wMEMO tokens could be considered a security, especially given how active and vocal Sestagalli was about his management as a perk of the protocol.
“[Regulators] will be looking at the manner in which people are managing the fund, or the extra layer of value on top of the token, that’s creating issues with respect to retail. People enter into these investments based on their efforts, and based on their involvement in the operation,” said Campbell.
Sestagalli failing to disclose Patryn’s identity could also prove to be a particular sticking point as well, as it was information that may have caused some investors to reassess their position.
“Often times what they’re looking at is, ‘Are there individuals that we can uniquely point to as providing the essential managerial efforts to either drive profit, to manage risk, that would be in possession of some type of information asymmetry they could uniquely take advantage of relative to the general public,’ et cetera,” Belton said.
Test case
These clear points of centralization and the lack of disclosures both dramatically increase the odds of the SEC using Wonderland as a “test case” to explore when a protocol’s claims to decentralization are not backed up in terms of the actual power distribution, said Campbell.
“The SEC or other, similar regulators in other jurisdictions might say, ‘This looks a lot like a centralized enterprise because effectively the checks and balances are not enforced by code.’ You have soft power via signal Snapshotvoting, but the hard power is held by the multi-sig,” he said.
Indeed, over the past year the SEC has been threatening to establish a more active stance in the regulation of DeFi protocols, but so far has yet to take meaningful action – possibly due in part to the legal tangle created by decentralized decision making.
Read more: State of Crypto: The SEC Takes on DeFi
With many DeFi protocols, such as Uniswap v2 and Aave v1, once published the protocol operates entirely autonomously and is non-upgradable – it is impossible to “take the protocol down,” and their operation requires no oversight, leading to ambiguity concerning what practical steps regulatory agencies could take towards enforcement.
“Why there’s been a reticence to do more than send requests for information to DeFi companies is because part of the challenge is they have to come up with a legal theory that allows them to provide that, despite the fact that these people are not actually either taking affirmative action to facilitate or execute transactions, and they’re not exercising discretion or managerial decisions, they should still be liable and beholden to the users of these platforms – that’s actually very difficult in the United States,” said Campbell.
Belton also noted that some legal observers have argued that if a case was appealed in higher courts, including the Supreme Court, the current composition of the court is “radically pro-business” and “radically free speech-leaning,” which could make enforcement arguments against a more thoroughly decentralized entity difficult.
“They’ll always have an easier time going after select actors, versus going after a specific technology or going after thousands of people that might be involved in a DAO,” Campbell added.
By comparison, a handful of publicly known money managers are a significantly easier target. According to Belton, it prompts a simple question: “Do we go after these guys who are anon and make these novel legal arguments, or do they go after this identifiable human being who is actively calling his thing a SPAC, which we already regulate?
Unlike with autonomous and decentralized protocols, there are more clearly-identifiable actors and steps for taking action against them.
“If you’re a Gary [Gensler], you’re saying, ‘Here’s an opportunity where a lot of things look more similar to a slam dunk to us than other protocols,’” added Campbell.
Building precedent
Adding further to the probability of enforcement action, the SEC has already established precedent with regard to investment DAOs.
“I have to remind people, the first significant thing the SEC did [in crypto] was the DAO report,” said Belton.
Read more: The DAO Report: Understanding the Risk of SEC Enforcement
Indeed, in 2017 the SEC released the now-landmark DAO report, in which it revealed it had been investigating the initial coin offering (ICO) of The DAO, an early collective investment experiment that failed after a hack in 2016.
While automated market makers (AMMs) and peer-to-pool lending markets may be new developments, in light of the DAO report, PCV is in some ways just a new term for structures that the SEC has extensive experience with. The first line of the SEC report even notes that parties related to organizing The DAO “may have violated the federal securities laws.”
“Way before Wonderland these guys were focused on treasuries managed by DAOs,” Belton said of SEC staffers. “Those are two things [treasury management and DAOs] that they are intimately familiar with and are things they think is within their purview.”
If and when the SEC successfully brings enforcement against Wonderland, however, it could be a stepping stone in pursuing other protocols, especially ones that build and manage treasuries in a centralized manner.
“That’s the goal of common-law jurisprudence. You want to build precedent you can build on,” said Belton.
Indeed, in a worst-case scenario for the industry, any protocol raising and managing treasury funds at all could eventually become targets if the SEC builds enough precedent, working their way into the industry over a period of years with successful enforcements.
“What Gary Gensler has said specifically about DeFi protocols, decentralized exchanges, and how token holders earn fees, that seems high on their list nowadays,” Campbell said of recent statements from the SEC chairman.
Self-enforcement
Ironically, many observers have pointed out that looming encroachment from the SEC may have been avoided if DeFi users demanded more thorough decentralization from the projects they invest in, as well-designed DAOs by nature give token holders and organizations methods to “clean up their own messes,” and investors often “have exit rights,” said Campbell.
“We need more effective on-chain governance and veto power by people who hold tokens. Those things together would allow more self-regulation against an enforcement action because the SEC tries to prioritize in terms of what brings the most bang for the buck and where they can make the most law by bringing an enforcement action,” Campbell added.
In a blog post, Inverse Finance founder Nour Haridy called on the Wonderland DAO to move away from the multi-signature and instead institute on-chain governance, and offered assistance with the transition.
“Due to the severity of the recent events, the future of the Wonderland story and how it unfolds will be remembered as a turning point in the history of crypto,” Haridy wrote. “In my opinion, it is up to us all in the crypto community to do our part and make sure that it is remembered as a moment where we all stood together to ease the pains of the thousands of everyday people who are hurt by this situation and to find a viable solution that puts them back in control of their own future.”
The notion of self-regulation for DeFi has some real-world precedent as well, according to Casey Hewitt, the founder of Hewitt Law. Standardizing any self-enforcement principles could prove difficult, however.
“If the goal is autonomy and self-regulation, there needs to be some accepted standards (even if it involves some level of anonymity) that everyone follows,” she said via Twitter.
Established financial entities, such as the CME Group, can do it, Hewitt said; so too should a sector of the crypto economy touching over $200 billion in assets.
“If DeFi wants to prove it can self-regulate, it needs to really do it,” she said.
