Skip to main content

"Rug pull" is a phrase you don't see every day in a statute. In first-of-its-kind legislation, a New York Senate committee is currently considering a bill that would define and make "rug pulls" and other forms of crypto fraud a crime in the Empire State.

A pair of companion bills introduced in the New York Senate and Assembly this week would criminalize virtual token fraud, illegal rug pulls, private key fraud, and failure to disclose interests in virtual tokens. The bill text, as introduced, can be found here.

Virtual Token Fraud

Section 191.10 of the bill defines "virtual token fraud" as engaging in any "deceptive or fraudulent practice with the intent to deceive another in relation to the purchase, sale, exchange, transfer, offering, storage, destruction, or any relevant act related thereto of virtual tokens." This seems straightforward. The clarity breaks down, however, when delving into the meaning of "virtual token."

"Virtual token" is defined in Section 191.00 the bill as encompassing to categories of tokens: "security tokens" and "stablecoins."

The bill defines "security tokens" far more broadly than that concept is known in the industry, to include basically any token sold for profit. The definition, however, is unclear. It begins by focusing on tokens involving "any form of fungible and non-fungible computer code by which all such forms of ownership of said computer code is determined through verification of transactions or any derivative method, and that is stored on a peer-to-peer computer network or any other such computerized system." Clearly, this is intended to capture NFTs, blockchain assets generally and, perhaps, native cryptocurrencies. Those actually steeped in the details of how these things work on various platforms, however, may be left scratching their heads at the language. The legislature would do well to engage with experts in the field in defining the scope of this important provision.

The bill goes on to limit "security tokens" to those in a class where (a) the developer or agent advertises that the token is to be bought or sold "for the purpose of profit"; (b) the public reasonably understands the token is being bought or sold "for the purpose of profit"; and (c) the value is determined "by the supply and demand of the virtual token." Many things are purchased or sold for the purpose of profit. Art comes immediately to mind as one example. But art is not a security, even though it would fit within this definition of "security token" if the ownership of the artwork happens to be reposited on the blockchain (i.e., an NFT). This is unfortunate. It would be better for the legislature to define a class of tokens bought and sold for profit without implying those things are all securities (often, they are not).

Scroll to Continue

Recommended for You

Section 191.00 defines "stablecoin" as tokens that are of a class not sold (or understood to be sold) for profit and do not fluctuate in value based on supply and demand for the token, but which are "pegged to an external source other than another class of virtual tokens" or "employ technology" that prevents fluctuations of price "and "succeeds in preventing the same." Again, this definition seems both over- and under-inclusive if the the goal is to capture what we commonly refer to as stablecoin.

Putting aside issues with these definitions, however, the clear import of Section 191.10 is to criminalize intentionally fraudulent conduct in connection with the purchase, sale, exchange, transfer, offering, storage, and destruction of a broad swath of virtual tokens.

"Rug Pulls"

Section 191.15 of the bill criminalizes "rug pulls."  An "illegal rug pull" is defined as a situation where a developer "develops a class of virtual token and sells more than ten percent of such token within five years from the date of the last sale of such token."  This broad definition does not fit neatly with the industry conception of a classic rug pull. Instead, if passed, it would criminalize the sale of any significant developer holdbacks within a five year period after any initial sale. The provision contains exclusions for NFTs where the "same series or class" involves fewer than 100 tokens or less than $20,000 "at the time the rug pull occurs."

Private Key Fraud

Section 191.20 of the bill criminalizes "private key fraud." This includes stealing or misusing another person's private key without affirmative consent of the private key owner.  "Affirmative consent" under the bill must be conspicuous and "inform[] the person of the consequences associated with disclosing their private key to another."

Failure To Disclose Interest In Virtual Tokens

The final section of the bill, Section 191.25, would make it a crime for any developer of a class of virtual tokens to fail "publicly and conspicuously" disclose the number of tokens they own "on the landing page of such developer's primary website."  Excluded from the scope of the statute are developers or their agents or employees who own more than 10% of the class of virtual tokens who does not create or maintain virtual tokens offered for purchase in New York.

Severe Penalties

If passed, the consequences of running afoul of this statute will be severe. Section 191.10 of the bill would impose a fine of up to $5 million or 20 years in prison for natural persons, and a fine of up to $25 million for corporations and other entities.

Watch This Bill

Those who develop in the blockchain space should pay close attention to this bill. On its face, the bill appears to tackle some of the most egregious frauds that have occurred in the crypto sphere. This is a laudable goal. But in the law words matter. The scope of the legislation is unclear in many respects, and the catch-phrase definitions used in the bill (e.g., "security tokens" and "stablecoins" and "rug pull") do not necessarily comport with the well-known concepts that underlie them.