About the author:

Outset Legal Lens is led by Alice Frei, Outset PR’s head of security & compliance. In this series, she draws on years of experience in legal, compliance, and due diligence work across Web3 projects to show where teams most often get it wrong, and how to build communication that supports growth without quietly creating liabilities.

‍

If you treat regulatory risk as an afterthought when promoting a Web3 project, a lot can go wrong. Unchecked narratives, vague promises, and overconfident claims can turn a marketing campaign into a liability – and sometimes even land a company in court. 

But what does that actually mean in practice? 

‍

The product narrative collapses in litigation: The Terraform Labs case

Terraform Labs is one of the most illustrative examples of how a crypto project’s public story can become central to a court case. When TerraUSD lost its dollar peg and the Terra ecosystem crashed, the issue was how they had described the system beforehand: 

• the stability of UST, 
• the demand for LUNA, 
• the role of Anchor Protocol, 
• the supposed real-world adoption of the blockchain, 
• and the reliability of the mechanism behind the product.

The SEC later accused Terraform and its founder, Do Kwon, of having “orchestrated one of the largest securities frauds in U.S. history.” It also focused on claims that Terraform had achieved a real, non-speculative use case and had created an “algorithmic stablecoin.” In the SEC’s words: “That was a lie.”

‍

What’s the problem here

Terraform and Kwon allegedly marketed UST as a “yield-bearing” stablecoin and emphasized Anchor returns of up to around 20%. The SEC also argued that they misled investors about whether a Korean payment app was using the Terra blockchain in a way that would create value for LUNA.

These were far more than just some loose promotional statements, they formed the record. In the end, regulators interpreted words about stability, adoption, utility, and yield as representations made to investors.

‍

What could have reduced the risk

• Legal and technical stress tests for stablecoin claims. If the peg depends on market incentives, liquidity, arbitrage, third-party support, or demand for another token, those limits have to be visible before users build expectations around “stability.”
• Clear separation between yield and safety. Anchor made UST attractive as both a stablecoin and an income-generating product. That mix needed stricter messaging controls: return-related language shouldn’t make UST sound unusually profitable and low-risk unless the team can prove the model is sustainable.
• Evidence for adoption and utility. If a project says or implies that a major app, partner, merchant network, or payment system is using its blockchain, those assertions require proof before they go public. In Terraform’s situation, adoption narratives appeared relevant as they helped support the broader story around LUNA’s value.‍
• Founder and executive statements. External communications don’t stop at official marketing materials. Interviews, podcasts, conference panels, AMAs, social media posts, and community discussions can all become part of the record. Founders often carry more credibility than corporate accounts, which means their words may receive even greater scrutiny if a dispute later reaches regulators or courts.

‍

We consider Terraform a landmark case not because Terra failed, but because the SEC contended that the company had presented the system as more stable, more widely adopted, and more reliable than it actually was.

‍

Other cases show more versions of the same problem

Regulations can intervene at different stages and in different ways. Sometimes the product never sees the light of day, sometimes the project survives but pays a penalty, and sometimes the consequences move from the company to the founder personally.

‍

Legal risk that stops the launch itself: Telegram TON

With Telegram’s TON, a crisis hit before the product could reach the market. Telegram had raised around $1.7 billion through sales of Grams, but the SEC treated the private sale and the expected public distribution as connected parts of one larger securities offering.

The court blocked the delivery of Grams. Telegram’s original launch plan failed, and the company further agreed to return more than $1.2 billion to investors and pay an $18.5 million civil penalty.

What went wrong:

• The private sale structure was embedded in a broader path to public token distribution.
• Early purchasers were expected to profit from resale into secondary markets.
• Technical readiness moved faster than legal readiness.

‍

The TON case showed that a product can be fully built while the conditions required to launch it remain unresolved.

‍

Massive ICO ending in a costly settlement: Block.one

Block.one’s EOS isn’t typically framed as a collapse or criminal fraud story. The company ran a year-long ICO that raised the equivalent of several billion dollars, but afterward, the SEC found that the sale was an unregistered offering of digital tokens. The result was a $24 million civil penalty.

The issue was whether the token sale complied with securities law. For regulators, the project’s own labels didn’t resolve the question: a company can promote its token as a utility asset or network resource, but if the sale gives buyers an investment-like exposure to the issuer’s efforts, registration risk stays on the table.

A “we’re not scammers” disclaimer alone is not a risk management strategy. Even if you avoid accusations of wrongdoing, you are not automatically immune from enforcement action if you build the offering itself on weak assumptions.

‍

The EOS case demonstrated that labels don’t determine regulatory treatment. A utility token can still face securities-law scrutiny if the composition of the sale creates expectations of profit.

‍

Trust claims that turn into personal exposure: Celsius / Alex Mashinsky

Celsius built its public message around trust, encouraging users to “unbank” themselves while pushing rewards, loans, and custody services. At its peak, the platform held around $25 billion in assets. Then withdrawals stopped, Celsius filed for bankruptcy, and founder Alex Mashinsky pleaded guilty to commodities fraud and securities fraud. In 2025, he was sentenced to 12 years in prison.

Prosecutors said Mashinsky misled users about:

• Celsius’s financial stability, profitability, and investment strategy;
• the sustainability of rewards;
• the risks of depositing crypto on the platform;
• as well as CEL’s price and market activity, while secretly selling his own tokens.

‍

The Celsius case made clear what can happen when public trust, founder statements, and business reality drift apart. In the most severe situations, regulatory exposure becomes personal.

‍

Cheat sheet: What in-house lawyers should review before anything Web3 goes live

Almost everything that shapes user, investor, or market expectations deserves legal review.

• Product claims: landing pages, whitepapers, documentation, FAQs, app screens, onboarding copy, and any language around safety, stability, security, decentralization, audits, guarantees, reserves, pegs, liquidity, or redemption.
• Return language: APY/APR, reward explanations, referral campaigns, influencer scripts, and anything that sounds like expected profit, passive income, fixed yield, guaranteed ROI, or low-risk earnings.
• Token sale structure: private sale documents, SAFTs (Simple Agreements for Future Tokens), lockups, vesting, resale rights, exchange plans, geographic access, and the project’s registration, exemption, or jurisdiction-exclusion strategy.
• Utility, adoption, and traction statements: partnership announcements, ecosystem maps, tokenomics pages, usage metrics, TVL, user counts, “used by,” “integrated with,” “trusted by,” and “real-world use cases”.
• Executive, community, and third-party communications: founder posts, interviews, podcasts, AMAs, conference or ambassador scripts, Discord/Telegram conversations, KOL briefs, paid posts, affiliate terms, and referral programs.
• Customer asset treatment: custody or lending terms, withdrawal or rehypothecation rights, insolvency provisions, and how those align with any public message about user protection or platform safety.
• Risk disclosures and crisis responses: disclaimers, terms, onboarding confirmations, and prepared statements for depegs, exploits, withdrawal pauses, liquidity events, delistings, or regulatory inquiries.

‍

Bottom line: Why this matters now

The common thread across Terraform, Telegram, EOS, and Celsius is that none of these cases were ultimately about a single tweet, interview, roadmap, or marketing campaign. They were about the gap between what companies communicated publicly and what regulators ultimately believed to be true.

As the industry matures, that gap is getting harder to ignore. Authorities have more precedent, more enforcement history, and a clearer understanding of how crypto businesses raise money, attract users, and create demand.

The practical implication is simple: external messaging can no longer be treated as something separate from compliance, product design, or business strategy. The narratives teams build around stability, adoption, utility, growth, and future plans increasingly become the evidence used to evaluate them.

The strongest players will not be the ones that make the biggest promises. They will be the ones that can prove them.

‍

This article is part of Outset Legal Lens. In this series, we’ll keep unpacking the legal side of Web3 communication, with a focus on helping teams speak clearly, responsibly, and in a way that supports the long-term growth of the industry.