6.4 Utility vs. Security Classification
How the same token can be a security in one transaction and not another, why building functional technology didn't protect Telegram from returning $1.22 billion, and what the Howey Test's fourth prong actually measures when regulators examine a blockchain project.
In October 2019, the SEC halted one of the largest token sales in history 1. Telegram, the messaging app with hundreds of millions of users, had raised $1.7 billion selling GRAM tokens. The company built an impressive blockchain network called TON and was ready to launch. Everything looked good on the technical side.
Then regulators stepped in. The SEC argued that GRAM tokens were securities, not utility tokens, and demanded that Telegram stop the sale. After months of legal battles, Telegram gave up. The company returned $1.2 billion to investors and paid an additional $18.5 million in penalties 2. The TON network, technically complete, never officially launched under Telegram's control.
Why does this matter? Because Telegram called GRAM a "utility token." The company designed it to pay for services on their network. But calling something a utility token doesn't make it legal if regulators disagree. The difference between "utility token" and "security" isn't a marketing choice. It's a legal determination with billion-dollar consequences.
This section explains how regulators draw that line, why it matters for every token project, and what the ongoing uncertainty means for the industry.
The Howey Test: The 78-Year-Old Framework
The legal test determining whether something is a security comes from a 1946 Supreme Court case about orange groves in Florida. SEC v. W.J. Howey Co. established what's now called the Howey Test, a four-prong framework that still governs securities classification today 3.
Under the Howey Test, something qualifies as a security (specifically, an "investment contract") if it involves:
1. An investment of money. Someone pays for the asset. This prong is almost always satisfied when tokens are sold. People buy tokens with dollars, ETH, or other assets.
2. A common enterprise. The fortunes of all buyers are linked together. When you buy tokens, your returns depend on the same factors as everyone else who bought the same token. If the project succeeds, all holders benefit. If it fails, all holders lose.
3. An expectation of profits. Buyers expect the value of what they're buying to increase. This doesn't require guarantees, just reasonable expectations. If marketing materials suggest tokens will appreciate, this prong is satisfied.
4. Derived from the efforts of others. Any profits come primarily from the work of someone else, typically the development team, the foundation, or other promoters.
For a token to be classified as a security, all four prongs must be satisfied. In practice, the first three are almost always true for any token sold to the public. People pay money, they share common outcomes with other holders, and most buyers expect price appreciation.
The real battleground is prong four: does the value come from the efforts of others?
Why Prong Four Matters Most
The fourth prong creates the key distinction between utility tokens and securities. Here's the logic:
If you buy a token because you believe the development team will build something valuable, you're investing in their efforts. That looks like a security.
If you buy a token because you need it to access a service right now, you're purchasing a utility. That looks like buying arcade tokens or phone minutes.
The classic utility token argument works like this: "Yes, people paid money for our token. Yes, all holders share the same token economics. Yes, some buyers might expect price appreciation. But the primary purpose isn't investment, it's accessing our platform. People buy our token to use it, not to profit from our team's work."
This defense has limits. The SEC looks at the economic reality, not just the stated purpose. If 99% of token buyers never use the service and bought purely for speculation, calling it a "utility token" doesn't change what it actually is.
Understanding why prong four matters leads directly to the question: what makes a utility defense actually work in practice?
What Makes a Valid Utility Defense
For the utility defense to work, several conditions typically need to be true:
The utility must exist when tokens are sold. This is the biggest factor in enforcement actions. Selling tokens for a network that doesn't exist yet is almost certainly selling securities. Buyers can only be speculating on future development, since there's nothing to use today.
The utility must be genuine and necessary. A token that provides minor conveniences isn't the same as one required for basic operation. Paying gas fees to run transactions is necessary. Getting a 5% discount on trading fees is nice but optional.
The token's primary use should be access, not investment. If buyers mainly want to use the service, utility dominates. If buyers mainly want price appreciation, investment dominates. The SEC looks at marketing materials, public statements, and actual usage patterns to determine which motive is primary.
Control should be decentralized. If a single company controls the network and determines all outcomes, token value depends entirely on that company's efforts. Decentralized networks where no single party controls outcomes have stronger utility arguments.
The SEC's Position on Utility Claims
The SEC hasn't released formal guidance specifically defining utility tokens. But enforcement actions and official statements reveal their thinking.
In 2018, SEC Director William Hinman gave a speech that crypto lawyers still analyze today 4. He said: "If the network on which the token functions is sufficiently decentralized, where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts, the assets may not represent an investment contract."
The translation: if a network is decentralized enough and tokens serve genuine utility, they might not be securities. The word "might" is doing heavy lifting here. Hinman's speech wasn't official rulemaking, and the SEC hasn't provided specific criteria for "sufficient decentralization."
The SEC has also been clear about what doesn't work:
Future utility isn't utility. Promising that tokens will be useful someday doesn't make them utility tokens today. Telegram learned this lesson the hard way.
Marketing matters. If you tell buyers they'll make money holding your token, you've established investment expectations regardless of any utility features.
Economic reality trumps labels. Calling something a utility token is irrelevant if it functions like a security. The SEC looks at substance over form.
Setting Realistic Expectations
Before examining specific cases, an honest assessment: most tokens called "utility tokens" during the 2017-2018 ICO boom were securities. Projects slapped "utility" labels on fundraising rounds where buyers had zero ability to use tokens for anything. The utility was theoretical, the investment was real, and the marketing was about price appreciation.
Regulators know this. Courts know this. The industry's credibility on utility claims is compromised by years of obvious mischaracterization.
For legitimate projects with genuine utility in functioning networks, classification remains genuinely uncertain. Ethereum appears safe. Filecoin operates. Many others exist in gray zones where the answer isn't clear. The following cases illustrate where regulators have drawn lines, and why.
Case Studies: Where Regulators Drew Lines
Case 1: Telegram (TON), The Legal Reasoning
As described in this section's opening, Telegram's $1.7 billion GRAM token sale became a landmark enforcement action. The court's reasoning 5 illustrates exactly how the Howey Test applies:
No utility at sale. The network didn't exist when tokens were sold. Buyers couldn't use GRAM for anything. They were speculating on Telegram's ability to build and launch the network.
Investment-focused marketing. Telegram targeted wealthy investors with promises of returns. The pitch centered on investment opportunity, not accessing services.
Total dependence on team efforts. With no functioning network, no developer community, and no decentralization, GRAM's value depended 100% on Telegram's work.
Investor profile. The $1.7 billion came from sophisticated investors expecting profits, not users wanting to pay for services.
Case 2: Kik (KIN), Marketing Mismatch
Kik, a messaging app company, raised $100 million in 2017 selling KIN tokens 6. The claimed utility was enabling tipping and payments within the Kik app and a broader ecosystem of applications.
The SEC sued in 2019, and Kik lost in 2020. The company paid $5 million in penalties and agreed to register future token offerings 7.
Why did the utility defense fail?
Timing mismatch. Kik sold tokens before utility existed. The network wasn't ready, and the "ecosystem" of apps accepting KIN was theoretical.
Internal communications exposed intent. Discovery showed Kik employees discussing the token sale as a way to raise money when traditional investors weren't interested. They explicitly discussed price appreciation as a selling point.
Minimal actual usage. Very few people used KIN for tipping or payments. The token served primarily as a speculative asset.
Investment-focused marketing. Kik promoted the token as an investment opportunity, not a utility purchase.
Case 3: Ethereum, The Implicit Success
Ethereum's token sale in 2014 raised about $18 million selling ETH before the network launched 8. By the Howey Test analysis above, this looks like a textbook securities offering: money exchanged for tokens in an unfinished network with no current utility.
Yet in 2018, SEC Director Hinman stated that "current offers and sales of ether are not securities transactions" 4. Notice the word "current." He didn't say the 2014 sale wasn't a securities offering. He said today's ETH transactions aren't securities sales.
Several factors support ETH's current classification:
Functioning network. Ethereum launched in 2015 and has operated continuously since. ETH is required to use the network. You cannot execute transactions without paying gas fees in ETH.
Substantial decentralization. Thousands of validators secure the network. No single entity controls Ethereum. Development happens across multiple independent teams.
Primary utility demand. Developers, DeFi users, and application builders need ETH to operate on Ethereum. While speculation exists, genuine utility demand is massive.
Time and evolution. The team that launched Ethereum no longer controls it. Vitalik Buterin has influence but not control. The Ethereum Foundation is one voice among many.
Case 4: BNB, The Open Question
Binance Coin presents an interesting middle case that regulators haven't resolved. (Section 6.3 examines BNB's utility model and market success in detail.)
BNB launched in 2017 through an ICO that raised $15 million 9. Initially, it offered trading fee discounts on Binance. Over time, it evolved into the native gas token for Binance Smart Chain (now BNB Chain), making it genuinely necessary for network operations.
The evolution creates complexity:
Original sale looks problematic. The 2017 ICO offered trading fee discounts, which is weak utility. Most buyers were speculating on Binance's growth.
Current BNB has stronger arguments. It's required for gas on BNB Chain, similar to ETH on Ethereum.
Centralization remains significant. Binance has substantial control over BNB Chain development and governance. This weakens the decentralization argument.
As of 2024, the SEC has charged Binance with various violations but hasn't definitively ruled whether BNB itself is a security. The token operates in regulatory limbo, with significant trading volume continuing despite legal uncertainty.
Case 5: Ripple (XRP), A Split Decision
The SEC sued Ripple Labs in December 2020, alleging that XRP was an unregistered security 10. After nearly three years of litigation, Judge Analisa Torres delivered a split decision in July 2023 that sent shockwaves through the crypto industry 11.
The court found that XRP could be a security in some contexts and not in others, depending on how it was sold.
What the court ruled:
Institutional sales were securities. Ripple's direct sales of $728 million in XRP to institutional investors met the Howey Test 11. These buyers signed contracts, received marketing materials emphasizing Ripple's efforts, and clearly expected profits from Ripple's work building the XRP ecosystem.
Programmatic sales on exchanges were not securities. Secondary market buyers purchasing XRP on Coinbase or Binance didn't know whether they were buying from Ripple or other sellers. They had no contract with Ripple and no expectation tied specifically to Ripple's efforts.
Why this outcome happened:
The ruling hinged on the fourth Howey prong: expectation of profits from others' efforts. Institutional buyers had a direct relationship with Ripple. They knew their money was funding Ripple's development work and expected returns from that work.
Exchange buyers had no such relationship. They might have been buying from other traders, market makers, or anyone else. Without a direct connection to Ripple's promotional efforts, the securities analysis broke down.
Why this case matters:
The Ripple ruling introduced context-dependent analysis. The same token can be a security in one transaction and not in another. This creates new complexity for the utility vs. security question. A project's initial token sale might violate securities law, while later secondary market trading might be fine. The case is still being appealed, so the final implications remain uncertain.
The Practical Checklist
For projects trying to assess their regulatory position, here are the key questions:
Does utility exist at token sale?
The ideal situation: the network is live and functioning before any public token sale. Users can actually use tokens for their stated purpose. This is the strongest position.
The risky middle ground: the network is launching soon, with utility coming shortly after sale. This weakens the defense but isn't automatically fatal.
The danger zone: the network is theoretical, with tokens sold based on promises about future development. This is where most enforcement actions have targeted.
Is the utility necessary or optional?
Necessary utility means users cannot accomplish their goals without the token. Gas fees are the clearest example. You literally cannot use Ethereum without ETH.
Optional utility means users could accomplish similar goals without the token. A 10% trading discount is nice but not necessary. Premium features that could also be purchased with dollars are optional.
How was the token marketed?
Marketing materials create evidence about buyer expectations. If promotional content emphasizes investment returns, price appreciation, or "moon" potential, regulators will treat buyers as investors.
If marketing focuses on functionality, services, and usage, the utility narrative is stronger.
Who controls the network?
Single company control over network development, governance, and key decisions suggests all value comes from that company's efforts. This satisfies Howey prong four.
Distributed control across many independent parties suggests no single effort creates value. This weakens the security argument.
What do buyers actually do with tokens?
If 95% of tokens sit in exchange wallets with owners hoping for price appreciation, economic reality suggests investment, not utility.
If tokens actively circulate through the network with users consuming services, utility is real.
Geographic Variation in Classification
Different countries classify tokens differently. The same token might face different treatment across jurisdictions.
Example: A governance token with fee-sharing
A token granting voting rights and protocol fee distributions might be:
- Treated as a security in the US under the Howey Test (investment contract with profit expectations)
- Classified as a utility token under EU's MiCA framework 12 if the governance function is primary
- Evaluated on its specific features by Singapore's MAS 13, potentially qualifying as a utility token
- Categorized as a utility token under Swiss FINMA rules 14 if functionality exists at sale
The US maintains the most aggressive enforcement posture. Most token projects avoid selling to US persons because registration requirements are expensive and restrictive 3.
Practical implications
Many projects block US users while allowing participation from other jurisdictions. Some incorporate in Switzerland or Singapore. But the SEC claims jurisdiction over securities offerings targeting US investors, regardless of origin. Moving offshore doesn't eliminate US regulatory risk if American buyers participate.
Geographic differences aside, projects face another challenge: what happens when a token doesn't fit neatly into one category?
The Hybrid Token Problem
The most successful tokens often blend multiple functions, creating classification challenges.
Uniswap's UNI provides governance rights over the protocol. Token holders vote on treasury allocation, fee switches, and protocol upgrades. But UNI also relates to fee earnings on the largest decentralized exchange. Is it a utility token (governance participation) or a security (claim on fee revenue)?
Aave's AAVE serves as the safety module for the lending protocol. Stakers earn rewards and provide insurance against protocol shortfalls. It's also a governance token for protocol decisions. The insurance function looks like utility. The staking rewards look like investment income.
Curve's CRV offers liquidity incentives to earn emissions, governance to direct those emissions, and revenue sharing through the veCRV system (vote-escrowed CRV, where users lock tokens for governance power and fee earnings). Multiple features create multiple potential classifications.
The trade-off projects face:
Pure utility tokens with no governance or economic rights often have weak token economics. Why would anyone hold a token that only grants access to a service? Just buy the token when you need it and sell immediately after.
Adding value capture through governance, fees, or revenue sharing makes tokens more attractive to hold. But these features push toward securities classification.
Projects must choose between regulatory safety and economic strength. There's no perfect solution.
The Progressive Decentralization Theory
One legal theory suggests tokens can transition from securities to non-securities over time. Here's how it might work:
Phase 1: Clear security. Pre-launch token sale to fund development. No functioning network exists. Team controls everything. This is almost certainly a securities offering.
Phase 2: Transitional period. Network launches and begins operating. Real utility emerges. Team still maintains significant control over development and key decisions. Probably still a security because team efforts remain essential.
Phase 3: Sufficient decentralization. Network operates independently. Multiple teams contribute to development. Governance is distributed. No single party controls outcomes. Possibly no longer a security because buyer returns no longer depend on any particular party's efforts.
The theory draws from Hinman's speech suggesting that assets can change character as circumstances change 4. A token sold to fund development might become sufficiently decentralized that later transactions aren't securities sales.
The problems with this theory:
The SEC hasn't explicitly endorsed progressive decentralization. Hinman's speech wasn't official guidance, and subsequent SEC leadership hasn't confirmed this interpretation.
"Sufficient decentralization" has no clear definition. How decentralized is decentralized enough? No one knows.
The initial sale might still violate securities laws. Even if current tokens aren't securities, the original ICO might have been illegal. Projects could face liability for past sales even with clean current status.
This creates uncertainty for projects trying to follow the progressive decentralization path. They might do everything right going forward and still face consequences for their token launch.
Current Enforcement Reality (2025-2026)
Based on SEC actions to date, we can observe patterns:
Clear enforcement targets:
Pre-launch token sales where no product exists attract the most attention. Marketing emphasizing investment returns almost guarantees scrutiny. Centralized projects controlled by a single team face higher risk. Retail-focused sales with aggressive promotion draw regulatory attention.
Lower enforcement priority:
Functioning networks with genuine utility see less immediate pressure. Tokens sold only to accredited investors (individuals meeting income or net worth thresholds that qualify them for private offerings) through proper exemptions face less public action. Sufficiently decentralized projects create more difficult cases for regulators.
Unresolved questions:
The exact threshold for sufficient decentralization remains undefined. Whether major tokens like BNB, UNI, or SOL are securities hasn't been definitively resolved. The validity of progressive decentralization as a defense remains untested in court. How much utility is enough to outweigh investment characteristics has no clear standard.
The Stakes of Misclassification
The consequences of getting classification wrong are severe:
If your token is a security, you cannot sell it publicly without SEC registration or proper exemptions. US exchanges cannot list it. Institutional investors cannot buy it. You might face enforcement actions years after the fact. Telegram returned $1.22 billion 2. Kik paid $5 million in fines 7. Ripple has spent years and tens of millions on legal defense 11.
Getting classification right enables ecosystem growth. Ethereum's implicit non-security status allowed it to become the foundation of decentralized finance. Clear utility status opens doors to broader adoption.
The safest approach for new projects: build working products before selling tokens, make tokens genuinely necessary for usage, decentralize control as quickly as possible, and market responsibly with focus on functionality rather than returns. Even then, regulatory risk exists because the rules aren't clear.
For investors and users, understanding the utility versus security distinction helps assess project risk. Tokens from decentralized networks with genuine utility face lower regulatory risk than tokens from centralized projects selling promises about future development.
This isn't academic legal theory. It's the difference between protocols that thrive and projects that die in court. Every participant in the token economy needs to understand where regulators draw these lines, even when those lines remain frustratingly unclear.
Practical Guidance for Projects
For teams building token-based protocols, several strategies can reduce, though not eliminate, securities risk:
1. Launch the network before selling tokens. If utility exists at the point of sale, the utility defense is strongest. Telegram and Kik both failed because they sold tokens before their networks functioned.
2. Ensure genuine, necessary utility from day one. Gas tokens and required staking tokens have the strongest utility arguments. Optional fee discounts and loyalty rewards have weaker claims.
3. Market utility, not investment returns. Every communication, from whitepapers to social media posts, should focus on what the token does, not what the token might be worth. Internal communications matter too, as the Kik case showed.
4. Decentralize quickly and publicly. Reduce the founding team's control over the network as fast as practical. Document the decentralization process transparently.
5. Restrict U.S. participation if uncertain. Many projects geoblock U.S. users until regulatory clarity improves. This is not a guarantee of protection, but it reduces the SEC's jurisdictional claims.
6. Get specialized legal counsel. Token classification requires lawyers who understand both securities law and blockchain technology. General corporate counsel is not sufficient for this analysis.
7. Consider SAFT agreements for early investors. Simple Agreement for Future Tokens (SAFT) frameworks provide a structured way to raise funds from accredited investors before a network launches, while acknowledging the securities nature of the initial offering.
8. Document utility-focused intent throughout development. Create a paper trail showing that the token was designed for utility, not investment. This documentation matters if regulators come asking questions later.
These strategies don't guarantee safety. The regulatory environment remains uncertain, and enforcement can be unpredictable. But following these principles puts projects in the strongest possible position if regulators do come calling.
Conclusion: Utility Tokens in Perspective
This section traced utility tokens from definition through implementation to regulation. The journey reveals a category more complex than marketing materials suggest.
Calling a token "utility" provides no legal protection. The distinction between utility token and security depends on economic reality—when the network launched, how tokens were marketed, who controls development, and what buyers actually do with their holdings. Projects ignore these factors at billion-dollar risk.
The utility token thesis works when tokens enable services that couldn't exist without them. Decentralized storage, oracle networks, and smart contract platforms justify native tokens because traditional payment systems cannot coordinate global, permissionless participation. The thesis fails when tokens are grafted onto services that work fine with credit cards, when utility exists only in whitepapers, or when "utility" is just a label to avoid securities registration.
For builders evaluating utility token models, the questions are interconnected: Does the platform solve a real problem? Is the token genuinely necessary? Can the project achieve adoption despite cryptocurrency friction? Will regulators agree with your classification? Getting any of these wrong undermines the others.
For investors and users, the framework matters because most utility tokens will fail. The survivors share common traits: genuine necessity, functioning utility at launch, platform-market fit, and regulatory defensibility. Speculation dominates utility token markets today, but over time, price should converge toward utility reality—whatever that reality turns out to be.
- Any token sale satisfies three Howey prongs automatically; whether buyer returns depend on promoter effort or on the buyer's direct use is what matters.
- Telegram lost because buyers depended entirely on the team's future development, satisfying the exact Howey prong that utility claims exist to defeat.
- Ripple's ruling showed context matters: institutional XRP sales were securities, but secondary exchange purchases of the same token were not.
- The SEC accepts that sufficiently decentralized tokens escape securities law but hasn't defined the threshold; projects betting on progressive decentralization accept unresolved legal risk.