#06 - Decentralized Insiders, Trading?
Exploring Theories of Liability for Insider Trading in DeFi
Stanford Blockchain Review
Volume 1, Article No. 6
📚 Sabina Beleuz – Stanford Law School
🌟 Technical Prerequisite: Low/Moderate
Introduction
This DeFi winter, crypto definitely got rugged—even from the inside.
In January 2022, the first-ever charges were brought for a crypto insider trading case when Coinbase executive Ishan Wahi tipped off his brother, Nikhil Wahi, and friend, Sameer Ramani with material, nonpublic information regarding the dates that Coinbase would soon list certain tokens. In parallel indictments, the DoJ and the SEC alleged that from June 2021 to April 2022, this allowed tippees Nikhil Wahi and Ramani to take advantage of the surge in token prices post-listing, generating profits of approximately $1.1 M.
If we back up a bit, the Ishan Wahi case was the first charge for insider trading of tokens, though it is certainly not the last—or even the first incidence of insider trading—in crypto. Beyond the amateur sleuthing shared in crypto Twitter exposés, there’s also scholarly research that illustrates the extent of the phenomenon. For instance, by using on-chain data to track wallets that systematically engage in statistically significant trade run-up patterns ahead of Coinbase listings and ruling out alternative explanations, researchers Ester Félez-Viñas, Luke Johnson, & Talis Putninš estimate that insider trading occurs in 10-25% of crypto listings, resulting in profits of at least $1.5M to said insiders [1].
We can be certain of one thing: insider trading of crypto assets is a real thing, and the legal charges brought thus far are just the tip of the iceberg. The trickiest question in the Wahi case was whether the insider trading regime of securities fraud applies to tokens that may or may not be securities—but it was ultimately still a plain vanilla case of insider trading. Indeed, Wahi looks like a typical TradFi insider trader: though the assets traded are tokens, the tipper is a clear corporate insider that owes a duty to his employer to protect material nonpublic information. This puzzle gets much fuzzier as we think about the realm of decentralized finance, where bad actors hold a far less explicit duty to protect information than they would in a traditional corporate setting.
The question is, does the current securities fraud regime that underlies the law of insider trading accommodate DeFi, or could it instead be leveraged as a policy hook to over-regulate the space?
SEC v. Ishan Wahi: Understanding Insider Trading Theories of Liability
The Wahi case provides a clear example of the theories of liability for insider trading in action. First comes the catch-all: wire fraud. When charging Wahi and his tippees, the DoJ took the approach of claiming wire fraud—a backstop provision for criminal activity including insider trading that leverages the use of electronic communication.
On the other hand, the SEC went the route of claiming insider trading under a securities regulation regime under Section 10b and its implementing rule, 10b-5. There are two theories for insider trading liability under this rule: the classical theory and the misappropriation theory.
Before either of these two theories of liability can apply, a prerequisite is that the fraud or deceit happens “in connection with the purchase or sale of any security”—opening up the Howey Test and the barrel of monkeys that always ensues when trying to appropriately classify crypto-assets. This adds a further layer of complexity when trying to understand what liabilities attach to insider trading with any particular crypto-asset. Though there is also an insider trading regime for commodities (see Rule 17 CFR § 180.1), it is largely based off of 10b-5 and misappropriation theory, leading us to the same quandaries as described below.
Classical Theory: Corporate Insider Relationships
The former, classical theory, applies in the traditional corporate insider context, when there is “(i) the existence of a relationship affording access to inside information intended to be available only for a corporate purpose, and (ii) the unfairness of allowing a corporate insider to take advantage of that information by trading without disclosure.” Chiarella v. United States [2]. Applying classical theory to this case, Wahi was an employee at Coinbase meaning he had a fiduciary duty to act primarily for the benefit of his employer, and Coinbase’s policies, according to the complaint [3], required that “company insiders maintain the confidentiality of the company’s material, nonpublic information and prohibited them from using such information to trade for their own accounts or disclosing this information to others.”
Though this is the most straightforward pathway for insider trading liability, it is also easiest to poke holes in within the context of decentralized finance. To be clear: for assets designated as equity securities with officers or directors, the logic for insider trading committed by these individuals is the same as in the traditional context.
But for decentralized protocols governed by DAOs, things become murky. Decentralization dilutes theories of fiduciary duty, say, between a developer and token holder, that would normally exist in the traditional finance context. For instance, if a DeFi protocol is managed by a DAO, and the individual insider trading is merely a DAO contributor (not an employee) that has obtained material nonpublic information by virtue of their role as a contributor, who is their fiduciary duty owed to? Some scholars advance the rationale that developers may owe a classical theory duty to the holders of the crypto assets they develop, but this hasn’t yet been advanced in any case [4]. In the status quo interpretation, however, decentralization dilutes the relationship necessary to bring a claim under classical theory.
Misappropriation Theory: Breaching a Duty of Trust and Confidence
On the other hand, the misappropriation theory for insider trading under 10b-5 relies on a duty of trust and confidence between the source of the information (here, Wahi), and those with whom the information is shared. Here, no breach of explicit fiduciary duty (e.g. to an employer or shareholder) is required; rather, it is the deception of the source of information that is relevant for this theory. See United States v. O’Hagan to see the origins of this theory in action [5].
This form of liability arises when an individual communicates material nonpublic info and in doing so, “breaches a duty of trust and confidence,” which exists when (i) someone agrees to maintain that information in confidence, (ii) when there is a pattern of sharing this kind of information between two people and there’s an implicit or reasonable expectation of understanding that this information should be kept confidential, or (iii) when someone receives information from their spouse, parent, child, or sibling unless they can prove there was no duty of trust and confidence that arose in that relationship. Applied to the Wahi case, Ishan “misappropriated this information from Coinbase by tipping Nikhil and Ramani with material, nonpublic about the timing and content of those announcements, in violation of Coinbase’s policies and in breach of the duty of trust and confidence he owed to the company as a source of the information about the planned listings.”
When attempting to apply this theory in a DeFi context, again, things are murky. Recall that a breach of trust and confidence of the source of the information is crucial to liability under O’Hagan misappropriation. Oftentimes, however, insider information in crypto is not leveraged under false pretenses. Protocols rarely have evolved compliance practices in place on the use of material nonpublic information, and arguably, crypto assets without a defined issuer do not have a source to whom an agent might owe a duty.
Back to the DAO example: if one DAO contributor obtains material nonpublic info from another DAO contributor, just once, is that enough of a relationship of trust and confidence to trigger misappropriation liability? Also, given that a massive swathe of crypto data is available publicly on-chain, would the tippee even have a reasonable expectation that the info they have is nonpublic in the first place?
Again, here, crypto-fluent academics such as Andrew Verstein point to potential solutions by carving out pockets of strict liability for specific insiders in crypto [6]. For instance, explicitly designating miners in mining pools as insiders with nonpublic information given their concentrated control of computing power, and their knowledge (slightly before the broader market) as to what transactions will be executed. And yet, it’s still unclear how courts would approach this context or any of the aforementioned edge cases—leaving market participants not only potentially unprotected in the event of insider trading, but confused, as well.
Rugged by Regs? Insider Trading as a Policy Hook for Classifying Tokens as Securities
The indirect impact of insider trading from a regulatory perspective is that it provides yet another opportunity for agencies to conduct regulation-by-enforcement—that is, a tendency to clamp down on cases as they come by bringing charges instead of drawing a clear line in the sand and drafting proactive and forward-looking legislation. It’s unclear how DeFi-native actors, such as DAO contributors, will be held liable for insider trading. However, from a regulator’s perspective, it may be in the best interest to draw that line and define liability in fear that bad actors might attempt to walk right up to that line and obfuscate their illegal activity.
Arguably, the SEC named just that, by filling their complaint with references to the nine tokens in question as “securities”, without relying on any precedent that actually states they are. Coy Garrison, Alan Cohn, and Jacob M. Weinstein, lawyers at Steptoe, agree [7], suggesting that "the SEC’s investment contract allegations are jurisdictional; that is, the SEC must obtain a holding that at least one of the tokens is in fact a security for its insider trading case, based on frontrunning securities listings under US securities laws, to succeed. This creates strong incentives for the SEC to drive the case towards such a finding [of all referenced tokens as securities], and gives little opportunity for the projects at issue—or the industry at large—to effectively refute the SEC’s claims or to contest the SEC’s methods.”
A war on insider trading is the perfect campaign to justify the overbroad application of securities regulation. Undoubtedly, insider trading is considered objectively immoral in virtually all contexts, as a promoter of inequity and unfairness. As such, the enforcement and mitigation of insider trading in crypto provides a policy hook for regulators to broadly classify tokens as securities regardless of whether or not they can formally meet every prong of Howey under deeper scrutiny.
It’s not like the teams behind these tokens can actually voice their case, either. Since the creators of the tokens in question are not named as parties to the litigation proceedings, they have no opportunity in court to argue their case that they are not securities. As the Blockchain Association states, in their amicus brief filed in the Wahi case [8], “Taken together, the allegations attempt to carve out new rules for a variety of different tokens, used for a variety of different purposes (some vastly different from others), and assert that they are still securities even when they are tokens being traded on a spot market, far away from their initial issuance.”
It’s fair to say that with decentralization comes a fundamentally different paradigm of relationships—some of which might trigger legal liability, should one breach their duties of trust and confidence to others. Without defining these relationships and liabilities at the outset and giving DeFi stakeholders a voice in this conversation, post-facto enforcement of morally pointed crimes such as insider trading gives rise to a chilling effect, improper due process, and ultimately, a slippery slope of rugging by regulation that may be hard to come back from.
About the Author
Sabina Beleuz is a student at Stanford Law School and crypto policy researcher. She currently works with the DeFi Education Fund to educate policymakers and technologists on cutting-edge legal issues, and previously worked on investment research at Bain Capital Crypto. As the Managing Editor of the Stanford Journal of Blockchain Law & Policy Sabina also loves collaborating with legal academics and builders in the space, and would love to hear from you.
References
[1] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4184367
[2] https://supreme.justia.com/cases/federal/us/445/222/
[3] https://www.sec.gov/litigation/complaints/2022/comp-pr2022-127.pdf
[4] See Angela Walsh’s In Code(rs) We Trust: Software Developers as Fiduciaries in Public Blockchains for more on this theory.
[5] https://supreme.justia.com/cases/federal/us/521/642/
[6] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3339551
[8] https://storage.courtlistener.com/recap/gov.uscourts.wawd.312176/gov.uscourts.wawd.312176.39.0.pdf