SEC Enforcement Actions Against DeFi Protocols

The SEC issued Wells notices to at least 6 DeFi protocol developers and operators between 2023 and 2025, filed enforcement actions against decentralized exchange operators, and proposed rulemaking that would expand the definition of “exchange” under Rule 3b-16 to capture automated market makers and communication protocol systems. These actions represent the SEC’s most aggressive extension of traditional securities regulation into the decentralized technology space — and the most legally contested, because DeFi protocols challenge fundamental assumptions about the identifiable “person” against whom securities laws can be enforced.

The DeFi Enforcement Landscape

What Is DeFi?

Decentralized finance (DeFi) protocols are smart contract-based financial applications that operate on public blockchains (primarily Ethereum) without centralized intermediaries. DeFi protocols provide:

• Decentralized exchanges (DEXs): Automated market makers (AMMs) like Uniswap that match token trades through liquidity pools rather than order books
• Lending protocols: Platforms like Aave and Compound that match lenders and borrowers through algorithmic interest rate mechanisms
• Yield aggregators: Protocols that optimize returns across multiple DeFi protocols
• Derivatives protocols: Platforms that enable synthetic asset creation and derivatives trading

Total value locked (TVL) in DeFi protocols peaked at approximately $180 billion in 2021 and stood at approximately $95 billion in Q1 2026, representing a substantial financial system operating largely outside traditional regulatory frameworks.

SEC Theories of Liability

The SEC has advanced several theories for holding DeFi developers and operators liable under securities laws:

Unregistered exchange operation. The SEC argues that DEXs facilitate securities transactions without registering as exchanges under Section 5 of the Exchange Act or as ATS platforms under Regulation ATS. If tokens traded on DEXs are securities (satisfying the Howey test), then the DEX is operating as an unregistered exchange.

Unregistered broker-dealer activity. Protocol developers who earn fees from facilitating trades, providing liquidity, or managing governance may be operating as unregistered broker-dealers — particularly when they actively develop, promote, and profit from the protocol’s trading functionality.

Unregistered securities offerings. Governance tokens distributed to protocol users, liquidity providers, and early contributors may constitute unregistered securities if they satisfy the Howey test. Many governance tokens were distributed through airdrops, liquidity mining programs, or initial DEX offerings (IDOs) without SEC registration or an exemption.

Investment Company Act violations. DeFi lending protocols that pool user deposits and invest them for yield may qualify as unregistered investment companies — the same theory applied in the BlockFi settlement.

Key DeFi Enforcement Actions

Uniswap Labs (Wells Notice, April 2024)

Uniswap Labs, the primary developer of the Uniswap DEX protocol, received a Wells notice from the SEC in April 2024. The Wells notice reportedly alleged:

• Uniswap’s smart contracts facilitate the trading of unregistered securities (tokens that satisfy the Howey test)
• Uniswap Labs acts as an unregistered exchange by developing and maintaining the protocol’s front-end interface
• Uniswap Labs acts as an unregistered broker-dealer by earning fees from trades executed through the protocol

Uniswap Labs submitted a Wells response arguing that the protocol is autonomous open-source software, that Uniswap Labs does not custody user funds or control the protocol’s operation, and that holding developers liable for protocol usage would chill software development in violation of First Amendment protections.

The case raises fundamental questions about whether software developers can be held liable as exchange operators or broker-dealers when the software they created operates autonomously on a public blockchain. Under the current SEC leadership’s engagement-first approach through the Crypto Task Force, the Uniswap Wells notice has not yet resulted in a filed enforcement action.

EtherDelta (November 2018)

The SEC’s first DeFi-related enforcement action targeted EtherDelta, an early decentralized exchange. The SEC found that EtherDelta operated as an unregistered exchange by matching orders for tokens that constituted securities. Founder Zachary Coburn settled for $388,000 in penalties.

The EtherDelta case established the baseline precedent that decentralized exchange operators can be held liable for unregistered exchange activity — though EtherDelta was significantly more centralized than modern AMM protocols like Uniswap.

DeFi Money Market (February 2021)

The SEC brought an enforcement action against DeFi Money Market (DMM), a protocol that sold “mTokens” promising 6.25% annual interest funded by real-world auto loan collateral. The SEC found that mTokens were securities under the Howey test and that the protocol operators — identified as Gregory Keough and Derek Acree — were responsible for the unregistered offering.

The DMM case demonstrated that the SEC will look through the “DeFi” label to identify the individuals who developed, deployed, and profited from the protocol.

Tornado Cash (Sanctions and Enforcement)

While primarily a Treasury Department sanctions case, the enforcement actions against Tornado Cash (a crypto mixing protocol) established that smart contract developers can face criminal liability for the operation of autonomous code. Developer Alexey Pertsev was convicted in the Netherlands, and developer Roman Storm faces criminal charges in the Southern District of New York.

For the security token market, the Tornado Cash precedent reinforces that software development is not a shield against regulatory liability when the software facilitates unlawful activity.

The Proposed Rule 3b-16 Amendment

Background

In January 2022, the SEC proposed amendments to Exchange Act Rule 3b-16 (Release No. 34-94062) that would expand the definition of “exchange” to include systems that use “communication protocols” to bring together buyers and sellers of securities.

Impact on DeFi

The current Rule 3b-16 definition requires that an exchange “bring together” orders using “established, non-discretionary methods.” The SEC’s proposed amendment would replace “orders” with “trading interest” — a broader term that could encompass DeFi liquidity provision, automated market making, and protocol-mediated matching.

If finalized, the amended rule would require DeFi protocols that facilitate trading in securities to either:

1. Register as national securities exchanges
2. Register as ATS platforms (requiring broker-dealer registration and FINRA membership)
3. Cease facilitating U.S. securities transactions

The proposed rule has not been finalized, and the SEC’s Crypto Task Force has indicated that DeFi-specific rulemaking will be reconsidered through the public comment process.

Governance Tokens: The Classification Challenge

Most major DeFi protocols distribute governance tokens that grant holders voting rights over protocol parameters. The SEC’s analysis of whether governance tokens are securities examines:

Investment of money. Satisfied when governance tokens are purchased (on DEXs or centralized exchanges) or obtained through liquidity mining that requires depositing capital.

Common enterprise. Protocol treasuries funded by token holder governance decisions may constitute common enterprises, particularly when treasury funds are used for development and marketing.

Expectation of profits. Governance tokens that appreciate in value as the protocol’s TVL, fee revenue, and user base grow satisfy this prong — even if the tokens’ nominal function is governance rather than investment.

Efforts of others. This is the most contested prong. If the protocol is truly decentralized and governed by dispersed token holders, the “efforts of others” prong may not be satisfied per the sufficient decentralization framework. However, most DeFi protocols are developed and maintained by identifiable core teams (Uniswap Labs, Aave Companies, Compound Labs) that exercise significant influence over protocol development.

Implications for Security Token Market Structure

Compliance Advantage of Registered Infrastructure

The SEC’s DeFi enforcement actions reinforce the value proposition of compliant security token infrastructure. By using registered ATS platforms like tZERO, Securitize Markets, and INX, security token issuers and investors operate within the regulatory framework rather than in the enforcement gray zone occupied by DeFi protocols.

Programmatic Compliance vs. Protocol Autonomy

Security tokens use smart contract compliance (like Securitize’s DS Protocol or Polymath’s ERC-1400) to enforce transfer restrictions, accredited investor verification, and regulatory holds — proving that blockchain compliance and decentralization are not inherently incompatible. The security token approach to compliance-by-design stands in contrast to DeFi’s permissionless model and provides a regulatory template that DeFi protocols may eventually need to adopt.

For the SEC enforcement statistics tracking DeFi enforcement alongside other categories, see our data dashboard. For the Section 3(a)(1) exchange definition analysis relevant to the Rule 3b-16 proposal, see our regulatory framework. For ATS registration requirements that DeFi protocols would need to meet, see our market structure analysis.

Current Enforcement Outlook

The SEC’s DeFi enforcement trajectory reversed course in 2025. Under Chair Paul Atkins — who declared digital assets the SEC’s “top policy priority” upon his April 2025 swearing-in — the Commission dropped nearly all non-fraud enforcement actions from the prior administration. Total SEC enforcement actions fell from 583 (FY2024) to 313 (FY2025), with remedies plummeting from $8.2 billion to $808 million according to Harvard Law’s year-in-review analysis. The Crypto Task Force conducted its second roundtable — “Between a Block and a Hard Place: Tailoring Regulation for Crypto Trading” on April 11, 2025 — directly addressing the regulatory framework for crypto trading platforms including DEXs. No new DeFi enforcement actions were filed in Q1 2026.

However, this enforcement pause should not be interpreted as blanket immunity. The SEC retains authority to pursue DeFi protocols that:

• Facilitate trading of tokens that are clearly securities under the Howey test
• Operate yield-generating programs analogous to the BlockFi lending model
• Engage in market manipulation, wash trading, or fraud through protocol mechanisms
• Market governance tokens with explicit profit expectations

The DeFi enforcement landscape remains fluid, and protocol developers should monitor both the SEC enforcement tracker and the Crypto Task Force’s guidance publications for updates to the Commission’s approach. For the SEC vs. CFTC jurisdictional question that intersects with DeFi oversight, see our comparative analysis.

DeFi Protocol Insurance and Investor Protection

A significant gap in DeFi investor protection — one that the SEC’s enforcement actions implicitly address — is the absence of the institutional safeguards that regulated securities markets provide:

No SIPC protection. Securities held at registered broker-dealers are protected by the Securities Investor Protection Corporation (SIPC) up to $500,000 per customer. DeFi protocols offer no equivalent protection. When DeFi protocols experience smart contract exploits, oracle manipulation, or governance attacks, users have no recourse to an insurance fund — losses are permanent and typically unrecoverable.

Smart contract risk. DeFi protocols are subject to smart contract vulnerabilities that do not exist in traditional securities markets. The approximately $3.8 billion in DeFi exploits and hacks recorded between 2020 and 2025 demonstrates a systemic risk that the SEC views as requiring regulatory intervention. For security token issuers whose tokens trade on DeFi protocols (or whose token contracts interact with DeFi infrastructure), smart contract audit and security disclosure are critical compliance considerations.

Governance attack vectors. DeFi governance tokens that control protocol parameters — including fee structures, collateral ratios, and supported assets — create governance attack surfaces where concentrated token holdings can be used to manipulate protocol operations. The SEC has indicated that governance tokens may constitute securities when they provide economic rights and voting power analogous to corporate equity.

Compliance Pathways for DeFi-Adjacent Security Tokens

For security token issuers whose tokens interact with DeFi infrastructure — for example, tokenized real estate assets that are pledged as collateral on DeFi lending protocols — the enforcement landscape creates specific compliance considerations:

Permissioned DeFi. Several projects have developed “permissioned DeFi” infrastructure that combines smart contract automation with compliance controls. These systems use identity verification (accredited investor status, KYC/AML checks) as prerequisites for protocol access, allowing compliant securities to participate in DeFi-like markets while maintaining the transfer restrictions required by Rule 144 and offering exemption conditions.

Institutional DeFi protocols. Platforms like Aave Arc (which requires KYC verification for participants) and Maple Finance (which serves institutional lending) demonstrate that DeFi protocol architecture can accommodate regulatory requirements. For security tokens, these institutional DeFi channels may provide secondary market liquidity beyond traditional ATS platforms — provided that the smart contract compliance infrastructure enforces the applicable transfer restrictions.

The Crypto Task Force’s engagement-first approach — exemplified by the six roundtables conducted through Q1 2026, including the April 11, 2025 session specifically addressing crypto trading platforms — has created a window for DeFi protocols to engage constructively with the SEC rather than face enforcement. Total SEC enforcement actions fell from 583 (FY2024) to 313 (FY2025), with monetary remedies declining from $8.2 billion to $808 million. The GENIUS Act’s stablecoin framework, if enacted, could provide regulatory clarity for stablecoin-based DeFi liquidity pools that interact with compliant security token markets.

For the SEC’s proposed Rule 3b-16 amendment, see SEC Release No. 34-94062.