O’Melveny Worldwide

State UDAP Enforcement Poses New Risk for Crypto Companies

January 27, 2023


In years past, State Attorneys General have largely taken a hands-off approach to policing cryptocurrency investing, viewing it as an exotic venture undertaken by sophisticated actors. But that was before. Now, after a wave of celebrity endorsements and a steep market downturn, cryptocurrency is very much on the radar of State AGs, who have taken a fresh interest in protecting consumers from alleged deceptive practices. In recent months, both New York State Attorney General Letitia James and California Attorney General Rob Bonta have issued strong warnings to consumers who are considering investing in cryptocurrency markets, and they have encouraged people to come forward to report any company wrongdoing. 

Attention from State AGs exposes cryptocurrency companies to the risk of massive penalties. State Attorneys General have broad authority to investigate or sue companies for violations of state “UDAP” laws, which prohibit unfair, deceptive, or abusive acts and practices. Given the ubiquity of cryptocurrency investment opportunities and the onslaught of advertising for cryptocurrency products, we expect State AG enforcement to significantly ramp up this year. It is important that crypto companies understand the unique features and liabilities of state UDAP claims.

UDAP Statutes Give State AGs a Formidable Weapon

State AGs’ powers are supercharged when they pursue consumer-protection complaints. While UDAP statutes vary from state to state, they tend to share one feature: a relaxed standard of proof for State AGs to establish violations of the law. In October, California became the first state to apply UDAP laws to cryptocurrency exchanges when its Department of Financial Protection issued a desist and refrain regulatory order against GMO Global, an organization operating cryptocurrency exchange websites. In many jurisdictions, courts have held that AGs bringing UDAP claims do not have to prove actual harm to consumers, or reliance on the communications at issue, or knowledge or intent by defendants. And, this standard is frequently exacerbated by a lack of appellate case law. 

This has led to significant penalties in reported decisions, and AGs often use the threat of exposure to exact multimillion-dollar settlements, even before filing litigation.

Tracking the Rise of UDAP Exposure for Crypto Companies 

Lawsuits against cryptocurrency companies have largely focused on alleged securities law violations, but now private plaintiffs are beginning to add state UDAP claims—even in securities-based litigation challenging initial coin offerings (ICO). For example, in 2020, when Hoard, Incorporated, failed to publicly launch its network, it was sued for violating the Securities Act of 1933 and California’s Unfair Competition Law (UCL), which prohibits unfair, unlawful, and fraudulent business acts or practices. See Crypto Asset Fund, LLC v. Hoard, Inc., No. 20-CV-438-MMA (AHG), 2020 WL 13556128, at *1 (S.D. Cal. June 19, 2020).

It is only a matter of time before State AGs take a closer look at crypto companies’ allegedly deceptive conduct that falls outside of security transactions (such as consumer-facing public statements and advertisements). Such UDAP actions may ultimately prove successful. In 2020, a California court concluded that when a cryptocurrency transaction is “factually determined not to be a security [transaction] . . . [it] may still be actionable under” California’s UCL—“under, for example, a theory of false advertising.” Zakinov v. Ripple Labs, Inc., 2020 U.S. Dist. LEXIS 32982 at *64 (N.D. Cal. 2020). New York AG James recently took to Twitter to announce a lawsuit on behalf of New York consumers against the former CEO of cryptocurrency platform Celsius Network, who allegedly defrauded investors out of billions by lying “about the risks of investing in Celsius [and] hid[ing] its deteriorating financial condition.” The suit against Celsius is premised on New York’s Martin Act, which gives the AG the ability to seek redress for securities law violations on behalf of consumers. Just last week, AG James and a multistate coalition also secured a US$24 million settlement from cryptocurrency companies Nexo Inc. and Nexo Capital Inc. for allegedly engaging in unregistered securities sales and deceiving investors on their registration status. The SEC secured an additional US$22.5 million settlement against these same companies on similar claims.

And, State AGs are not in this alone; the federal government is taking action, too. In 2021, the Consumer Financial Protection Bureau (CFPB) opened a first-of-its-kind investigation into Nexo Financial to determine whether the company was abiding by consumer-protection laws. CFPB also recently published a bulletin analyzing the rise in crypto-asset complaints by consumers. The CFPB’s new interest in tracking crypto companies’ alleged deceptive practices is clear. 

To avoid UDAP actions, crypto companies should thoroughly review, not only their contracts, but also any public-facing statements or representations, including marketing materials and advertisements. State AGs may particularly scrutinize consumer agreements, marketing materials, and disclosures that mention (1) fees; (2) material risks; (3) costs or conditions; or (4) other substantive disclosure and unfair practices issues. State AGs will also be carefully monitoring how crypto companies advertise their products to consumers or investors, especially any representations about profit margins. 

This memorandum is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. Daniel R. Suvor, an O'Melveny partner licensed to practice law in California, William K. Pao, an O'Melveny partner licensed to practice law in California, Steve Brody, an O'Melveny partner licensed to practice law in the District of Columbia and Virginia, Ross B. Galin, an O'Melveny partner licensed to practice law in New York, Elizabeth L. McKeen, an O'Melveny partner licensed to practice law in California, Pamela A. Miller, an O'Melveny partner licensed to practice law in New York, Lauren Kaplan, an O'Melveny counsel licensed to practice law in California, and Indiana Garcia, an O'Melveny law clerk, contributed to the content of this newsletter. The views expressed in this newsletter are the views of the authors except as otherwise noted.

© 2023 O’Melveny & Myers LLP. All Rights Reserved. Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York’s Rules of Professional Conduct to O’Melveny & Myers LLP, Times Square Tower, 7 Times Square, New York, NY, 10036, T: +1 212 326 2000.