The ICO Enforcement Wave: 2017-2020 SEC Actions

The SEC initiated 76 enforcement actions against ICO issuers between 2017 and 2020, collecting over $1.6 billion in penalties, disgorgement, and prejudgment interest — a four-year enforcement campaign that systematically established the Howey test as the controlling framework for digital asset classification and effectively ended the unregistered token sale model in the United States. This wave was the precursor to even more aggressive enforcement under Chair Gensler: the SEC brought 125 cryptocurrency-related enforcement actions between 2021 and 2024 according to Cornerstone Research, generating $6.05 billion in penalties — before the 60% decline to just 13 actions in 2025 under Chairman Atkins’ Crypto Task Force engagement-first approach. Annual U.S. ICO volume fell from $7.4 billion in 2018 to under $50 million by 2020 as the SEC closed the non-compliant pathway.

Phase 1: The DAO Report and Early Actions (2017)

The DAO Report (July 2017)

The SEC’s Section 21(a) Report of Investigation on “The DAO” (Release No. 81207) was the Commission’s first formal application of the Howey test to a digital asset. The DAO was a decentralized autonomous organization on Ethereum that raised approximately $150 million in ETH through a 2016 token sale. Token holders could vote on investment proposals submitted by “curators.”

The SEC concluded that DAO tokens were securities because investors contributed ETH (investment of money), funds were pooled in the DAO’s smart contract (common enterprise), token holders expected profits from funded investment proposals (expectation of profits), and the curators’ selection and vetting of proposals constituted the “efforts of others.”

The SEC declined to bring enforcement action, instead issuing the report as a public warning. This restraint signaled that the Commission wanted to educate the market before punishing participants — an approach that would not last beyond 2017.

SEC v. Munchee (December 2017)

The SEC’s first actual enforcement action against an ICO targeted Munchee, Inc., a restaurant review app that raised $15 million through a token sale. The Munchee order established a principle that would prove devastating to the ICO industry: utility function does not exempt a token from securities classification.

Munchee argued its token (MUN) was a “utility token” because it could be used within the app to write reviews and receive discounts. The SEC rejected this defense, finding that Munchee marketed MUN as an investment opportunity, highlighted the potential for price appreciation, and touted planned exchange listings — all establishing profit expectations from Munchee’s efforts.

The Munchee order was settled without monetary penalties, but its precedential holding — subsequently reinforced in Kik, LBRY, and other cases — eliminated the “utility token” defense that hundreds of ICO issuers relied upon.

Phase 2: Scaling Enforcement (2018-2019)

The SEC filed 36 ICO-related enforcement actions in 2018 and 28 in 2019, targeting projects across a wide spectrum:

Fraud Cases

Pure fraud ICOs — projects with fabricated teams, falsified partnerships, and misappropriated investor funds — constituted approximately 40% of the 2018-2019 actions. These cases involved traditional securities fraud charges (Section 17(a), Rule 10b-5) in addition to registration violations, and frequently included parallel criminal referrals to the DOJ. Penalties in fraud cases averaged $14.2 million, reflecting the SEC’s enhanced enforcement posture for intentional misconduct.

Good-Faith ICO Actions

Projects with genuine technology development that failed to register their token sales or qualify for an exemption constituted approximately 35% of actions. Key cases:

Paragon Coin and Airfox (November 2018). The SEC settled simultaneously with both companies, each of which had raised approximately $12-15 million through unregistered ICOs. Both companies agreed to register their tokens as securities, offer rescission to investors, pay $250,000 penalties, and file periodic reports with the SEC. These settlements established the “remediation template” — the standard compliance package the SEC imposed on good-faith ICO issuers willing to come into compliance.

Block.one (EOS) (September 2019). Block.one raised $4.1 billion through a year-long token sale — the largest ICO ever. The SEC settled for just $24 million (0.6% of proceeds), without requiring disgorgement, rescission, or token registration. The settlement provoked industry criticism that well-funded issuers could essentially buy their way out of compliance. Commissioner Peirce publicly dissented on the penalty’s inadequacy relative to the offering size.

Telegram (October 2019)

The SEC obtained an emergency temporary restraining order blocking Telegram’s $1.7 billion Gram token distribution, which had been structured as a SAFT (Simple Agreement for Future Tokens) sold to 171 institutional accredited investors under Reg D.

Judge Kevin Castel (SDNY) ruled that the Gram token sale was an integrated scheme where the SAFT and the subsequent token delivery constituted a single unregistered securities offering. The court rejected Telegram’s argument that the SAFT qualified for Reg D because the tokens would inevitably flow to non-accredited secondary market purchasers — making the Reg D exemption unavailable.

Telegram returned $1.22 billion to investors and paid an $18.5 million penalty. The case established that SAFT-based offerings are not automatically exempt and that the integration doctrine applies to token sales structured in phases.

Promoter Liability Actions (2018-2019)

The SEC brought actions against celebrities and influencers who promoted ICOs without disclosing compensation:

• Floyd Mayweather and DJ Khaled (November 2018): Both settled charges for promoting Centra Tech ICO without disclosing payments ($100,000 and $50,000 respectively).
• Steven Seagal (February 2020): Settled charges for promoting Bitcoiin2Gen ICO without disclosing $250,000 payment.

These cases established that paid token promotion constitutes securities marketing subject to Section 17(b) anti-touting provisions, which require disclosure of the nature, source, and amount of compensation received for promotion.

Phase 3: The Kik and Ripple Climax (2019-2020)

SEC v. Kik Interactive (June 2019)

Kik’s messaging platform sold $100 million in Kin tokens, arguing they were utility tokens for use within the Kik ecosystem. Judge Hellerstein (SDNY) ruled on summary judgment that the Kin sale constituted an unregistered securities offering, applying the Howey test to find:

1. Investment of money: Purchasers paid fiat or crypto for Kin tokens
2. Common enterprise: Offering proceeds were pooled to fund Kik’s operations
3. Expectation of profits: Kik’s marketing emphasized potential token appreciation and exchange listings
4. Efforts of others: Kik’s development of the Kin ecosystem drove the anticipated returns

Kik paid a $5 million penalty. The ruling reinforced the Munchee principle that utility function does not defeat Howey and established that marketing materials are the primary evidence of profit expectations — a principle that security token issuers must account for in all general solicitation communications.

SEC v. Ripple Labs (December 2020)

The ICO enforcement wave culminated with the SEC’s complaint against Ripple Labs, alleging $1.3 billion in unregistered XRP sales spanning seven years (2013-2020). The Ripple case — the largest ICO-era enforcement action — remains the most consequential and contested digital asset securities case. Judge Torres’ 2023 bifurcated ruling, distinguishing institutional sales (securities) from programmatic sales (not securities), created a precedent subsequently rejected by Terraform Labs.

Aggregate Impact of the ICO Wave

Precedent Summary

The 76 enforcement actions collectively established:

1. The Howey test applies to all token sales regardless of label or purpose
2. Utility function does not defeat securities classification (Munchee, Kik, LBRY)
3. SAFTs are not automatic exemptions (Telegram)
4. Promoters face independent liability for undisclosed paid promotion
5. Exchanges listing unregistered tokens face platform liability
6. The compliant alternative is the offering exemption framework — Reg D 506(c), Reg A+, Reg S

Market Restructuring

The enforcement wave effectively created the conditions for the compliant security token market to emerge. As the unregistered ICO pathway closed, capital formation migrated to compliant channels — platforms like tZERO, Securitize, INX, and Republic built ATS infrastructure for properly registered securities. The security token market that exists today — 47 registered ATS platforms, 284 active listings, $12 million daily volume — is a direct consequence of the ICO enforcement wave eliminating the non-compliant alternative.

For enforcement statistics tracking the evolution from ICO enforcement through current priorities, see our data dashboard. For the Wells notice process that preceded most ICO settlements, see our enforcement guide. For the SEC’s Crypto Task Force approach to post-ICO regulatory development, see our regulatory framework section.

Lessons for Current Token Issuers

The ICO enforcement wave provides a clear historical roadmap for what not to do and, more importantly, what compliance infrastructure is required for lawful token issuance:

Registration or exemption is non-negotiable. Every token sale that involves an investment of money, common enterprise, expectation of profits, and efforts of others is a securities offering. The appropriate path is Reg D 506(c) for accredited investor offerings, Reg A+ for retail-accessible offerings, or Reg S for offshore offerings. No ICO-era issuer that used these frameworks was the subject of SEC enforcement.

Marketing creates the evidentiary record. In case after case — Munchee, Kik, LBRY, Telegram — the SEC relied primarily on the issuer’s own marketing materials to establish the “expectation of profits” prong. Security token issuers must treat all public communications as potential exhibits in enforcement proceedings and ensure compliance with general solicitation rules.

Self-regulatory compliance provides defense. Issuers who engaged FINRA member broker-dealers, retained registered transfer agents, and listed on compliant ATS platforms demonstrated good-faith compliance that substantially reduced enforcement risk. The SEC’s enforcement resources are finite, and the Division of Enforcement prioritizes targets that disregard the regulatory framework entirely.

Enforcement Methodology and Resource Allocation

The ICO enforcement wave required the SEC to develop new investigative capabilities and allocate significant resources to digital asset cases:

Blockchain analytics adoption. The Division of Enforcement invested in blockchain analytics tools (Chainalysis, Elliptic) to trace token flows, identify investor addresses, and quantify the proceeds of unregistered offerings. These tools enabled the staff to reconstruct token distribution patterns from public blockchain data, even when issuers failed to maintain adequate records. By 2019, blockchain analytics had become a standard component of the SEC’s digital asset investigation toolkit.

Specialized staff development. The SEC created a dedicated Cyber Unit (later renamed the Crypto Assets and Cyber Unit) within the Division of Enforcement in 2017, staffed with attorneys and investigators with specific expertise in blockchain technology and digital asset markets. The unit grew from approximately 30 staff members in 2017 to over 50 by 2020, reflecting the growing volume and complexity of ICO enforcement cases.

Penalty calibration. The SEC developed an informal penalty framework that distinguished between fraud cases (higher penalties, disgorgement, and potential criminal referrals) and registration-only cases (lower penalties, compliance undertakings, and potential rescission requirements). The $24 million Block.one settlement (0.6% of $4.1 billion raised) and the $5 million Kik penalty (5% of $100 million raised) bookend the range for non-fraud registration violations, while fraud cases regularly resulted in full disgorgement plus penalties exceeding 10% of proceeds.

Coordination with state regulators. The SEC coordinated ICO enforcement with state securities regulators through NASAA’s Operation Cryptosweep. This multi-state effort resulted in 70 enforcement actions across 40 states and territories in 2018 alone, demonstrating that state blue sky enforcement operates independently of and in addition to SEC enforcement. Token issuers who resolved SEC actions sometimes faced additional state enforcement proceedings for failure to file state notice filings.

Legacy Infrastructure: From ICO Enforcement to Compliant Markets

The ICO enforcement wave’s most lasting impact is the compliant infrastructure it catalyzed. As the SEC closed the unregistered pathway, capital formation migrated to platforms that embraced SEC registration: Securitize (now $4 billion+ in tokenized AUM, dual U.S.-EU licensing, announced SPAC merger at $1.25 billion valuation), tZERO (near-24/7 trading since December 2025, FINRA approval for tokenized mutual fund retail distribution), INX (acquired by Republic for $60 million in April 2025), and Prometheum (first SEC-registered SPBD and Qualified Custodian, approved 2024). The STO market grew from $5.6 billion in 2024 to $6.66 billion in 2025, with BlackRock’s BUIDL fund reaching $1.87 billion AUM — demonstrating that institutional-scale tokenization is possible within the enforcement framework the ICO wave established. The December 11, 2025 DTC no-action letter for tokenization on permissionless blockchains and the GENIUS Act’s stablecoin framework represent the next phase of infrastructure development that builds directly on the regulatory clarity the ICO enforcement wave created.

For the DAO Report, see SEC Release No. 81207.