Decentralized Crypto Assets are NOT Securities

Arie Trouw
11 min readNov 11, 2022

There has been a lot of talk about how to define various crypto assets, including coins and tokens. The discussion usually relates to bucketing these assets into existing buckets for the sake of determining what laws, regulations, and governing bodies apply to them. For example, the SEC has an interest in determining that assets are securities so that those assets fall under their purview. They use what is called the ‘Howey Test’, based on a U.S. Supreme Court decision from 1946 to determine if something is a security or not.

In 2018, William Hinman, who at the time was the Director of the Division of Corporate Finance at the SEC, stated that Bitcoin and most likely Ethereum are not securities due to the fact that they are decentralized. [].

My interpretation of his statements is that assets that are truly decentralized are not securities. Any contract between the selling and buying parties of the asset can not survive the transaction since the seller no longer has control of, or connection to the asset after the sale.

An example of this is gold. Gold itself is a self-sovereign element with no need of an authority to validate its existence or fulfill its promises (it conducts electricity really well whether you want it to or not). This makes gold a commodity. On the other hand, a gold mining company, which may or may not produce gold may sell shares in itself or futures contracts, both of which are clearly securities. These are contracts between the company and the investors. However, if the company sells gold that it owns to raise money that is a sale of a commodity asset, which may still require regulation, but not as a security.

My assertion is that William Hinman was correct in that all decentralized assets are not securities. Being a one way statement, this does not speak to whether or not centralized assets are securities, but just eliminates decentralized assets from being treated as securities.

This also does not preclude decentralized assets from being regulated. They could be considered commodities or currencies and be regulated as such, but they can not be regulated as securities.

Arie Trouw

The Arie Test: Beyond Bitcoin and Ethereum

Defining Bitcoin and Ethereum as non-securities based on decentralization is a great starting point, but how do we determine if other assets should also be considered non-securities based on them being decentralized?

The decentralization of a crypto asset is based on who or what controls the asset. This can change over time and be hard to establish without digging into how the token or coin is implemented. Every crypto asset, including smart contracts, can have one or more Control Vectors. A Control Vector is a way in which the asset can be controlled by external entities.

Each Control Point is a sliding scale, with the one extreme being Fully Controlled and the other being Fully Decentralized. The scale is the inverse of the number of entities required to change ledger entries or system rules. This is the simple Decentralization Coefficient (DC). For example, if one person has that ability exclusively, then it is 100% Controlled [1/1]. The larger the denominator, the lower the control. Perfect cryptography is a system where zero people have that ability, making it 0% Controlled [0/1] or Absolute Decentralization. Alternatively, as the denominator approaches Infinity, a system achieves Effective Decentralization.

A network, asset, or any system may have multiple Control Points. When multiple Control Points exist, the Decentralization Coefficient for the system is at best the highest (most controlled) Decentralization Coefficient of all the Control Points.

The Bitcoin and Ethereum networks have achieved Effective Decentralization on their primary validator Control Points.

Direct Decentralization

Both Bitcoin and Ethereum are the native currency on their respective networks (ETH and BTC), which are both Layer 1 networks, meaning they do not have dependence on any other network to run, and both are based on Proof-of-Work (PoW). It is generally accepted that PoW networks that are extremely widely adopted qualify as Effectively Decentralized. Ethereum is transitioning to Proof-of-Stake (PoS) for performance and environmental reasons. Given the extremely broad ownership of ETH, switching to PoS should not alter the belief that Ethereum is Effectively Directly Decentralized.

There are other Layer 1 networks that may have achieved ‘Effective Direct Decentralization’, however, determining that would require detailed technical analysis of that network.

Indirect Decentralization

An easier way to reach decentralization is to leverage the decentralization of an existing decentralized network. Unlike Bitcoin, Ethereum is built specifically to allow for smart contracts, which are small pieces of code that are placed on its shared ledger. Once a smart contract is on Ethereum’s shared ledger, it cannot be altered, and its data is deterministic.

The only exception to this is when the code is written with a ‘back door’ that gives one or more specific addresses the ability to take actions in that contract that other addresses are unable to take. ‘Upgradable Smart Contracts’ are a category of smart contracts that allow a specific address, usually that of the creator of the contract, to deploy a new contract that replaces the existing contract, possibly changing the data, or the logic for that contract.

Establishing ‘Indirect Decentralization’ can only be achieved by deploying a smart contract on a Directly Decentralized Network such as Ethereum and proving that the contract is not Upgradable or has any other back door system. This is usually done by publishing the code for the smart contract. Once that is done, anyone can audit the code. Since the compilation of Solidity (the most used language for smart contracts) is deterministic, the fact that the published code is the actual code for the deployed smart contract can be established by compiling the code and getting the exact bytecode that is deployed.

Most ERC-20 Tokens that run on Ethereum publish their source code to prove ‘Indirect Decentralization’.

Losing Decentralization

Many tokens started off with Indirect Decentralization since they were initially established as ERC-20 tokens on Ethereum. Some of the projects, especially those that strive to be Layer 1 Networks, establish a native coin on their network and then do a swap (usually one-to-one) for people to exchange the ERC-20 token for their native coin. In this case, decentralization as such was not lost, but rather the original ERC-20 remains decentralized, and the new native coin starts off as a controlled asset.

Another way to lose decentralization is for the number of entities that control it to shrink. For example, if interest in Bitcoin were waning, and only ten PoW miners are still mining it, then those ten miners have control over Bitcoin. An asset’s Decentralization Coefficient is a two-way street. It can go up or down. In the case of Indirect Decentralization, the Decentralization Coefficient is always equal to that of the host’s.


Crypto assets can be forked, just like source code can be. Anyone can take the rules and historic ledger of a crypto asset, produce a new set of rules and new future ledger, and produce a fork of an existing crypto asset. This is possible because one of the primary features of nearly all crypto assets is that the rules and ledger are very transparent. If the new fork is such that control over it is different than the original, that originating fork is not affected by this change in any way. This means that forks can be ‘imposed’ on crypto assets without any sort of permission or approval, and thus they should be considered 100% the responsibility of the forker.


Nearly every crypto asset is fungible, meaning there is no difference between any two units of that currency. For example, the value of one U.S. Dollar is equal to any other U.S. Dollar, regardless of what form it is in (paper, coin, etc.) and can be used as a currency. There is a subset of crypto assets that have no use other than being a currency. BTC is the best known asset in this category, which also includes cryptocurrencies such as LTC, ZCASH, XMR, DOGE, and SHIB.


Using crypto assets as proxies is common. A crypto asset could represent ownership in something, such as real-world assets, virtual assets, governing entities, or anything else people want them to represent. The declaration of a crypto asset as a proxy can be done either programmatically or declaratively.

Programmatic Proxies

The record of a Programmatic Proxy is usually maintained in a way that has an equal Decentralization Coefficient as the asset itself. For example, an ERC-20 smart contract can be extended (before deployment) to allow a majority of the holders of the token to approve minting additional tokens. This means that the ‘Right to Mint’ is an action that is proxied to the holders of the token. Decentralized Autonomous Organizations (DAOs) are usually a form of Programmatic Proxies. Like forks, a Programmatic Proxy can be imposed on an asset without any permission or approval. For example, anyone can write a DAO smart contract that allows holders of ETH to vote on something or to have shared ownership in something.

Declared Proxies

The record of a Declared Proxy is usually maintained independently from the asset. The terms of the proxy may be memorialized on a decentralized network or in a legal document. For example, each token could represent a share in a company or fractional ownership in real estate. Declaring a proxy use for a crypto asset can be done by anyone at any time. For example, I can declare that the holders of BTC have a shared ownership in my car equal to their percentage ownership of all BTC that exists. The terms of declared proxies may or may not be binding depending on how, where and by whom they are made.

Proxy Jurisdictions

Since the declaration of a Programmatic Proxy is contained on a blockchain network, the jurisdiction of that network is effectively the jurisdiction of the proxy. This, however, is very unclear given the complexities of node location, address ownership, authorship, and many other factors.

Since the declaration of a Declared Proxy generally falls in the world’s legal frameworks, the jurisdiction where the declarant resides most likely is the jurisdiction that governs the proxy.

Proxy Connection to Asset

Unless a proxy is natively encoded into a crypto asset, proxies are completely independent from the crypto asset on which it is based. This is exemplified by the fact that any parties may create a Programmatic or Declared Proxy and impose it on an existing asset.

As with forks, such proxies are the responsibility of the parties who create them rather than the originator of the existing assets.


Oracles are systems that allow for bringing off-chain data into a smart contract. When an Oracle is used by a crypto asset or smart contract, that creates an additional Control Point for that asset.

Example: BTC

BTC is the native coin for the Bitcoin Network which is the most decentralized shared ledger network in the world. The only way to alter ledger entries is to convince a majority of the proof-of-work nodes to join a new fork of that ledger. To change the rules of the system, a similar majority of the miners must be convinced to use the new set of rules to build the ledger. Both are very difficult, and in Bitcoin’s case, there is no single person or entity that can individually do this.

Conclusion: Direct Decentralized Currency (or possibly Commodity)

Example: ETH

ETH is the native coin for Ethereum which is the second most decentralized shared ledger crypto asset in the world. The only way to alter ledger entries is to convince a majority of the proof-of-work nodes to join a new fork of that ledger. To change the rules of the system, a similar majority of the miners must be convinced to use the new set of rules to build the ledger. Both are very difficult, and in Ethereum’s case, there is no single person or entity that can individually do this. Unlike Bitcoin, Ethereum has a native utility. It’s used as gas to pay for processing smart contracts.

Conclusion: Direct Decentralized Utility Currency

Example: Pre-minted ERC-20 [Unmodified Smart Contract on Ethereum]

Many blockchain projects created ERC-20 tokens for their projects. Once they are created, unless the ERC-20 smart contract was modified to have a backdoor or some other control mechanism, the tokens become an Indirectly Decentralized Currency. After they are created, anyone can use any token for any purpose.

Two types of derivatives can be created from the ERC-20.

One derivation is a new token or coin can be created and either granted to current holders of the token or exchanged for the token.

The other derivation is declaring a proxy use for the token. This could be declaring that the token represents ownership in something, like real estate, or that it can be used as gas in a blockchain network.

In all cases, the action is completely independent from the original token since it can be actuated by anyone.

Since the ERC-20 contract in this case is unmodified, then any proxy has to be external, and is its own entity.

Conclusion: Indirectly Decentralized Currency

Example: Backdoor ERC-20 [Modified Smart Contract on Ethereum]

Some blockchain projects have modified the code of smart contract they used for their ERC-20 to allow for updates or other forms of control by a specific party. Derivations can also be made from these tokens, but it would be less likely that a party that does not have control over the backdoor would do that since the token could be changed at any time, which would influence the derivation.

For example, if the smart contract of the ERC-20 allows for the backdoor holder to mint additional tokens, then that entity could grant themselves additional rights to the declaration.

However, if the declaration is made by the party that controls the backdoor, then it is possible that the ERC-20 is no longer a currency and takes on the properties of the declaration.

Conclusion: Centralized Currency, Security, Title, Contract, etc.

Example: Native Coin

Many blockchain projects either started off with a native coin or made a native coin derived from their original ERC-20 offering. In that case, the native coin itself has its own designation and in most cases, since achieving meaningful decentralization is extremely difficult, they generally remain centralized.

Conclusion: Centralized Currency, Security, Title, Contract, etc.


Ultimately, the most important question regarding what category a token or coin falls into is determined first and foremost on whether it is Decentralized, either Directly or Indirectly (i.e. Passing the Arie Test).

All other forms of crypto coins and tokens must be individually examined to determine what category they fall into.

In the cases where third parties make a derivative centralized coin or token from a decentralized coin or token, the category for that new token is determined independently from the original token or coin.

In the case of a proxy that is imposed on a centralized token or coin, that proxy is also independently categorized.

Passing the Arie Test guarantees that a crypto asset is not a security.

Failing this test guarantees that the asset is not a Decentralized Currency or Commodity, but does not speak to whether it is a Currency, Security, Contract, Organization or any other possible category. Any of these asset categories, including decentralized currencies and commodities, may (and probably should) be regulated, but a decentralized asset should not be regulated as a security, since it is impossible for it to be a security.



Arie Trouw

Entrepreneur, husband, father, Dataist, engineer, human.