SEC vs CFTC: Which Agency Actually Has Authority Over Your Crypto

You've probably seen the shorthand: the SEC regulates securities, the CFTC regulates commodities, and crypto falls somewhere in between. That framing isn't wrong, but it hides the actual conflict. The issue isn't that nobody knows which agency should regulate crypto — it's that both agencies assert overlapping jurisdiction, and Congress hasn't resolved it.

The SEC claims authority over most crypto tokens by arguing they are investment contracts — a type of security under the Securities Act of 1933. The CFTC, meanwhile, has declared since 2015 that Bitcoin and Ethereum are commodities under the Commodity Exchange Act. These aren't compatible positions when applied to the broader market. A token can't easily be both a security and a commodity, yet there's no binding statute that draws the line.

What makes this more than a bureaucratic turf war: the classification of a token determines what rules exchanges must follow, what disclosures projects must make, and what legal risk you carry as a user. If the token you're staking or LPing is later deemed a security, the platform offering that service may have been operating an unregistered securities exchange — and enforcement tends to be retroactive.

The standard explanation says the SEC uses the Howey test — a 1946 Supreme Court framework — to decide if something is a security. That's accurate but incomplete. The four prongs (investment of money, in a common enterprise, with expectation of profit, derived from the efforts of others) sound clean on paper. In practice, the SEC applies them aggressively and inconsistently.

In its 2023 complaints against Binance and Coinbase, the SEC named specific tokens — SOL, ADA, MATIC, FIL, SAND, AXS, and others — as securities. The logic: purchasers bought these tokens expecting the founding teams to build value, which satisfies the "efforts of others" prong. But the SEC has never brought a standalone case against Solana Labs or Cardano's IOHK to formally register SOL or ADA as securities. It named them as securities in complaints against exchanges, which is a different procedural posture.

The SEC v. Ripple Labs case produced the most consequential ruling so far. In July 2023, Judge Torres ruled that XRP sold on exchanges to retail buyers did not constitute securities transactions, while institutional sales did. This split decision challenged the SEC's position that a token is inherently a security regardless of context. The SEC initially sought an interlocutory appeal, ultimately settling the case in 2025 with a reduced penalty of $50 million (down from the original $125 million fine imposed). The Ripple outcome signaled that courts may not defer to the SEC's broadest claims.

⚠ Common mistake: Assuming the Howey test gives a binary answer — "token X is a security" or "token X isn't." The Ripple ruling showed the same token can be a security in one transaction and not in another. Context of the sale matters as much as the asset itself.

The CFTC's jurisdiction works differently than most people assume. The agency does not have general regulatory authority over commodity spot markets the way the SEC oversees securities markets. The CFTC primarily regulates derivatives — futures, options, and swaps. Its power over the spot Bitcoin and Ethereum markets is limited to anti-fraud and anti-manipulation enforcement.

This matters practically. The CFTC approved Bitcoin futures on the CME in December 2017 and Ether futures in February 2021. That regulatory green light is what allowed institutional products like these to exist. But when you buy ETH on Coinbase, the CFTC doesn't regulate that transaction the way the SEC would regulate a stock purchase on Nasdaq. The CFTC can sue if there's fraud or manipulation in the spot market, but it can't require exchanges to register or impose ongoing compliance requirements for spot commodity trading.

The CFTC has brought enforcement actions against DeFi protocols directly. In September 2023, it settled charges against Opyn, ZeroEx (0x), and Deridex for offering leveraged or margined retail commodity transactions without registration. The Ooki DAO case was even more notable — the CFTC successfully obtained a default judgment against a DAO itself, establishing that a DAO can be held liable as an entity. These cases signal that even decentralized protocols are not beyond the CFTC's reach when derivatives are involved.

⚠ Common mistake: Thinking "commodity" means unregulated. Bitcoin being a commodity doesn't mean it's in a regulatory free zone — it means the CFTC has anti-fraud authority and exclusive jurisdiction over BTC derivatives, while the spot market lacks a comprehensive federal regulatory framework.

The securities-vs-commodity question isn't abstract. It changes the legal status of platforms you use daily. If a token is a security, any platform listing it for trading likely needs to register as a national securities exchange or an alternative trading system (ATS) with the SEC. No major crypto exchange has that registration for crypto tokens. Coinbase's SEC complaint hinged exactly on this: the SEC alleged Coinbase operated as an unregistered exchange, broker, and clearing agency.

For DeFi, the implications are sharper. If the tokens in a Uniswap liquidity pool are securities, then Uniswap Labs (or potentially even the smart contract itself) could be an unregistered exchange. The SEC issued a Wells notice to Uniswap Labs in April 2024, signaling potential enforcement. This hasn't produced a finalized action yet as of mid-2025, but it forced Uniswap Labs to restrict certain tokens from its frontend interface — even while the underlying smart contracts remained fully accessible.

Staking adds another layer. The SEC's February 2023 action against Kraken resulted in a $30 million settlement over its staking-as-a-service program, which the SEC characterized as offering unregistered securities. Coinbase's similar program was included in its June 2023 complaint. If staking yields constitute securities, every centralized platform offering them needs SEC registration. Self-custodial staking (running your own validator) isn't targeted — the distinction is whether an intermediary is pooling assets and offering returns.

⚠ Common mistake: Believing that using a decentralized frontend protects you legally. The SEC and CFTC target the entities and people behind protocols, not the smart contracts. But token classification still affects you: if a token is deemed a security, exchanges may delist it, liquidity dries up, and your exit options shrink.

Neither the SEC nor the CFTC designed their frameworks for crypto. Securities law dates to the 1930s, commodity law to the 1930s–1970s. Both agencies are applying old statutes to new technology, which is why enforcement has been inconsistent and court outcomes unpredictable.

The most significant legislative effort was the FIT21 Act (Financial Innovation and Technology for the 21st Century Act), which passed the House in May 2024 with bipartisan support (279-136). FIT21 would have created a formal framework: the CFTC would regulate digital assets deemed commodities (those with sufficiently decentralized networks), and the SEC would regulate those that are securities (those still dependent on a centralized team). The bill defined a "decentralization" test based on factors like token distribution and governance control. However, FIT21 did not advance through the Senate in the 118th Congress. Successor proposals continue to circulate, but no comprehensive crypto market structure bill has been signed into law as of mid-2025.

Without legislation, regulation continues through enforcement — the so-called regulation by enforcement approach that both industry participants and some CFTC commissioners have criticized. Each court ruling (Ripple, the Grayscale SEC lawsuit that forced Bitcoin ETF approvals, ongoing Coinbase litigation) incrementally shapes the rules, but the resulting patchwork is inconsistent across jurisdictions and circuits.

• SEC EDGAR and Litigation Releases: sec.gov/litigation shows active complaints and settlements. Search by entity name to find specific crypto enforcement actions with actual complaint documents.
• CFTC Enforcement Actions: cftc.gov/LawRegulation/CFTCEnforcement lists all filed cases, including DeFi-related actions.
• Court dockets on PACER or CourtListener: The SEC v. Coinbase (1:23-cv-04738, S.D.N.Y.) and SEC v. Ripple (1:20-cv-10832, S.D.N.Y.) dockets contain the primary judicial rulings shaping crypto regulation.
• Congressional bill tracker: congress.gov — search for "digital asset" or "FIT21" to see active legislative proposals and their committee status.

⚠ Common mistake: Relying on crypto media summaries of court rulings instead of reading the actual opinions. Headlines routinely overstate or mischaracterize legal outcomes. The Ripple ruling, for example, was widely reported as "XRP is not a security" — the actual holding was far more narrow and context-dependent.

• Read the SEC's Coinbase complaint (filed June 2023) — it's the most comprehensive document laying out the SEC's theory of which tokens are securities and why. Available on sec.gov under litigation releases.
• Review the CFTC's Ooki DAO order to understand how enforcement applies to decentralized governance structures — directly relevant if you participate in DAO voting.
• Track FIT21 successor bills through congress.gov — any market structure legislation that passes will fundamentally redraw the SEC/CFTC boundary and change which assets need registration.
• Check whether tokens you hold have been named in SEC complaints — the specific tokens cited in the Binance and Coinbase cases face ongoing legal uncertainty, which creates real delisting and liquidity risk on US-regulated platforms.