Following on from our look at what is a Security Token, we’d like to to look at token history and why we need Security Tokens in the first place.

Outright scams tend to be identified and shared publicly by the community, however there have still been examples of projects not doing the right thing by their community.

No single event brought about these requirements, however there were three significant events which happened in the second half of 2017 which brought increased regulatory attention.

ICOs were the hottest investment of the time

“Government’s view of the economy could be summed up in a few short phrases: If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it.”

-- President Ronald Regan, 1986

The money being raised by blockchain startups (and maybe a few standard startups who wedged the blockchain in there to gain access to ‘crypto money’) was at an all-time high. Initial Coin Offerings (ICOs) were surpassing early stage Venture Capital (VC) seed investments. In the June-July period, almost USD 1 billion was raised via ICOs, or double that raised by VC seed investment.

ICO’s had opened investing opportunities to a much broader audience. Whereas previously, only accredited investors had access to early-stage deals, Blockchain technology democratised investing. Now anybody with discretionary capital could invest in these tech projects. While this gives incredible opportunities to smaller investors, it also brought out the sharks looking to take advantage of enthusiastic newcomers.

During the rush of ICOs that followed, there were no limits on what projects would say or do to get attention. There were no controls on where the investments came from or who was accepting the money. Critically, investors were buying nothing. They didn’t own a piece of the organisation and they were not entitled to any benefits if the organisations performed well. They held a token that was hopefully tied to the success of the project.

Bitconnect made promises it couldn’t keep

“Welcome to Wonderland / Where everything you see / I mean from ‘A’ to ‘Z’ / Ain’t what it seems to be. / Welcome to Wonderland / Set phasers up to stun / Turn off the lights when done / Good luck and thanks a ton / Ciao, baby, gotta run!”

-- Opening line of the [Class action case](https://www.scribd.com/document/369956633/Class-Action-Complaint-BitConnect)

Bitconnect (BCC) was a blockchain project sold as a ‘high yield investment scheme’. At best it was a blockchain-based Multi-Level Marketing (MLM) program, however it is considered to be a straight out Ponzi scheme by many. It attracted a lot of token holders and at one point was a top 20 token by market cap. Its key marketing point was a promise of a 1% + daily compounding return on the users’ investment.

To put this in perspective:

1. Imagine giving a recent school finisher the option of paying $20,000+ for a three-year University Bachelors Degree. On graduation, they would be entitled to a graduate employment salary of $60,000 per year.

2. Now imagine if Bitconnect offered the same student a 1% daily compounding interest rate for that same $20,000. In three years time, the investment would be worth more than $1,000,000,000. This would give the student an annual income of $30,000,000 per year with a standard 3% savings account interest rate.

This just was not sustainable and a reckless promise made by the Bitconnect team.

The ‘spirited’ video of Carlos Mateos was one of the final optimistic times for Bitconnect. Shortly after the Bitconnect Convention in Thailand, multiple agencies sent Bitconnect cease-and-desist requests. Bitconnect were making promises of future profits without the required documentation, licenses or approvals to do so. The organisation was accused of being a fraudulent operation and even individuals who promoted Bitconnect were breaking the law.

BCC ended up losing 95% of its value overnight, as the law caught up to them, and many of the team members stopped providing updates and disappeared.

The Decentralized Autonomous Organisations (DAO) was hacked

A DAO was meant to be a group of entities that operated through a smart contract. The idea was to build a platform which enabled the organisations to conduct trades with the security of the blockchain. Deployed by the Ethereum community and created by Slock.it, the DAO was one of the first big ICOs back in 2016. Interestingly, they weren’t sure about the demand for such a system, so opened it up to allow anybody to send ETH to an address and receive 100x DAO in return. It was unexpectedly popular, raising 12.7 Million Ether, or about USD 150m at the time.

Problems started shortly after. In June 2016, a hacker identified a loophole in the smart contract. The coders had allowed for a refund system, but they must have rushed to implement this feature as it had two critical flaws.

1. It sent the refund, before updating the internal contract balance.
2. It did not account for repetitive refund requests.

The attacker identified these flaws and sent repetitive requests to have a refund processed. They were able to withdraw 3.6 million ETH before halting their attack. However, there was a safety clause that required the refunded funds remain locked for 28 days. This created an interesting dilemma for the Ethereum community. 3.7m stolen tokens were locked up for 28 days, the hacker could not run away with the money (yet), but the Ethereum community wasn’t able to access the wallet which contained them either (ever).

This was when the controversial decision was made to fork the Ethereum blockchain. To prevent the hacker gaining access to the tokens in 28 days time the Ethereum project decided to fork* their blockchain to gain access to the wallet containing the tokens. Many considered that this broke one of the core tenants of an open blockchain system. If one organisation could do this, it could hardly be called a genuinely decentralised system. This action aligned more with the controlling banking and financial institutions. This situation garnered a lot of attention from not only the community but also the Securities and Exchange Commission (SEC).

* As a side note, this is why we have the Ethereum (ETH) and Ethereum Classic (ETC) blockchains today.

The SEC took a year to investigate if the DAO had offered investors in the token an appropriate level of information and protection. In July 2017, they released their ruling stating.

“Tokens offered and sold by a “virtual” organisation known as “The DAO” were securities and therefore subject to the federal securities laws. The Report confirms that issuers of the distributed ledger or blockchain technology-based securities must register offers and sales of such securities unless a valid exemption applies. Those participating in unregistered offerings also may be liable for violations of the securities laws.”

Essentially saying that the DAO should have been considered a security and should have adhered to the same regulatory principles as any other organisation who was raising money. While this may not have prevented the critical flaw in the smart contract, the additional technical controls and information required for a security may have allowed investors to better understand the risks of such an investment.

The Wild West needs a Sheriff.

With the rise in popularity of tech projects raising funds using virtual currencies, it has become clear that some form of regulation will be needed to assist new investors. Security regulations bring a specific set of conditions, assurances and reputation to the sector.

• Investors, especially new investors, need to be made aware of the risks involved in any investment scheme.
• Project team members need to provide adequate personal documentation and business plans to demonstrate they are a bonafide organisation who have the best intentions to use the raised capital wisely.
• Institutional investors need to mitigate some of the risks involved in investing in cutting-edge technology projects like this. Their current methodology relies on the regulations already applied to the existing framework.