Led by Penn Law professor David Hoffman, researchers at the University of Pennsylvania reveal the first detailed analysis of “Initial Coin Offerings” (ICOs) of virtual currencies, known as cryptocurrencies. They have found that the estimated $25-billion-dollar industry’s protections against self-dealing may leave investors exposed to risks they don’t anticipate from issuers.
Initial Coin Offerings are an example of financial innovation, placing it in kinship with venture capital contracting, asset securitization, and initial public offerings (IPOs). Unlike IPOs, however, an ICO does not typically involve the sale of equity or shares in a corporation. Instead, ICO participants are buying an asset from ventures or firms that are selling digital currency, namely a coin or “token,” which is a string of computer code of which there is a restricted supply, that enables its holder to use, or govern, a network that the ventures’ promoters plan to develop using funds raised through the sale.
“Our main finding is, in a financial ecosystem built around the proposition that regulation is unnecessary because code is the final guarantee of performance, often ICOs are not embedding the governance promises they make—which protect investors against exploitation—in software code,” said Hoffman, a contracts law expert. “We also show that at least some popular ICOs have retained the power to modify their currency’s rights but have failed to disclose that ability to investors in plain language.”
The research team includes Shaanan Cohney (a Penn Ph.D student in computer science), Jeremy Sklaroff (a recent graduate of Penn’s JD/MBA program), and David Wishnick (a fellow at Penn Law’s interdisciplinary Center for Technology, Innovation and Competition). Together, the study authors surveyed the 50 ICOs that raised the most capital in 2017 and analyzed the relationship between the contractual promises made by ICO promoters in their offering documents and the actual functionality of the cryptocurrencies they deliver.
The study authors first collected online contracts, a range of “soft law” documents made available digitally by the projects to investors and which, collectively, helped to raise $2 billion alone for these projects.
Next, the authors then audited the software code associated with each of projects to determine if the code matched, or failed to match, firms’ contractual promises. That is, because cryptocurrencies are entirely digital and accessible through a global network of computers, the authors examined the automated “if-this-then-that” code for each ICO governing how their cryptoassets function, along with the associated network-based ledger systems known as “blockchains” that track and authenticate a currency’s transactions.
“The automated mechanisms found in code—known as ‘smart contracts’—are not the only way entrepreneurs can deliver on their promises,” Wishnick noted. “But, according to proponents, they are what make ICOs innovative.”
The study revealed that for those ICOs surveyed, the ICO code and ICO contracts often do not match. Of the 50 ICOs from 2017, only about 20 percent had code which matched their promises 100 percent of the time, while nearly 60 percent made a least one governance promise that was missing from the code, and 20 percent had two or more mismatches.
“Surprisingly, in a community known for espousing a techno libertarian belief in the power of ‘trustless trust’ built with carefully designed code, a significant fraction of issuers retained centralized control through previously undisclosed code permitting modification of the entities’ governing structures,” the authors write.
Hoffman and his team examined the ICOs surveyed based on three qualities that economic theory suggests should be salient to investors. First, they looked at whether ICO promoters made any promises (with those assurances encoded into the currency and blockchain) to restrict the supply of their cryptoassets, as a limited supply of a virtual currency is assumed to drive up its value. Second, they examined if ICO promoters pledged to restrict or prevent insider self-dealing. And third, they examined if ICO promoters retained the power to modify the smart-contract code governing the tokens they sold, and if so, whether these firms disclosed to investors that they had allocated themselves that power.
“My co-authors and I found some of these tokens have code which is not disclosed in the soft law promises, which permits the firms to modify the rights the tokens give you at the will of the originator of the currency,” Hoffman said. “That does not mean ventures are going to exploit investors or commit fraud, but it does give firms that power to change the rights investors have bought at the firms’ will.
The authors recommend regulators and scholars spend more time looking at the buy-side of the ICO market and learn more about the actual drivers of demand in this burgeoning space. “Are buyers relatively unsophisticated individual investors?” who are buyers in a bubble, Hoffman queried. “Or, is this an illicit market driven by money launders or tax evaders - or is ICO demand driven by legitimately smart money? How this market should be regulated, or not, depends on how scholars and regulators answer these questions.”
University of Pennsylvania Law School