State of the Law: Regulating cryptocurrency - The challenge of fitting a square peg into traditional round holes

India’s cryptocurrency policy so far has been a paradox. The Central government has repeatedly cautioned against ‘stateless’ cryptocurrencies, yet embraced the underlying blockchain technology. Indian users rank first globally in crypto adoption according to the Global Crypto Adoption Index (including retail participation), yet there is no comprehensive legislation recognising or regulating it.

They are taxed at 30% on capital gains under Section 115BBH of the Income Tax Act, 1961; but their legal status can best be described as ‘not illegal’ following the Supreme Court’s decision in Internet and Mobile Assn. of India v. RBI. Virtual Digital Asset Providers are now classified as ‘reporting entities’ under the Prevention of Money Laundering Act, 2002 who are to be mandatorily registered with the Financial Intelligence Unit-India. Yet, the Reserve Bank of India (RBI) is still deliberating a total ban on decentralised cryptocurrencies, foreseeing them as a threat to India’s economic sovereignty.

India’s engagement with crypto is thus oscillating between tolerance and distrust. Crypto is taxed and widely used, but it operates without a coherent regulatory framework to match that participation. In a series of articles on regulating cryptocurrencies, we analyse the following issues: why regulate; who regulates; how does one regulate; and what is the nature of regulation. 

As Satoshi Nakamoto’s famous Bitcoin white paper explains, cryptocurrencies were envisioned to replace trust in central banks with technology. Its design and promised anonymity, however, have also been its pitfall. This anonymity and lack of regulation has resulted in cryptocurrencies being (a) used for money laundering activities and ponzi schemes; (b) subject to hacks and security breaches; (c) used as a tool of market manipulation.

a) Money laundering activities and ponzi schemes

Since its inception, crypto has been at the forefront of money laundering and allied illicit activity. Its borderless transferability, fast settlement and ability to move value through anonymous/pseudonymous wallet addresses make it attractive to scammers and other criminals. The most prominent early example was the Silk Road marketplace. The Silk Road operated on the dark web, allowing users to buy and sell products and services anonymously, with payments made in Bitcoin. The platform obtained a notorious reputation for being at the forefront of the drug trade and other illegal activity, which led to its closure by US law enforcement.

Closer to home, several crypto scams have been unearthed by and investigated into by the Enforcement Directorate. The HPZ Token App scam is a prominent example in which investors across India were allegedly lured to invest in HPZ Token (a token linked to mining cryptocurrencies), whose funds were then routed through mule accounts, shell entities and dummy directors, with exposure estimated at over ₹2,200 crore. Similar features were evident in the Morris Coin case, where an Initial Coin Offering for a cryptocurrency called “Morris Coin” was used to induce investments but payouts were allegedly drawn from money contributed by later investors rather than from any genuine business in a classic ponzi-scheme style. The Bitconnect case and the MLM scam further illustrate how crypto’s regulatory ambiguity has been exploited to carry out fraud against the public at scale.

b) Hacks and security breaches

The lack of oversight has also made crypto exchanges vulnerable to security breaches. Internationally, the collapse of the Tokyo-based Mt. Gox after the theft of hundreds of thousands of bitcoins marked an early warning of how fragile exchange custody can be without oversight. That warning was repeated in later incidents, such as the Bitfinex hack and major thefts from exchanges such as Coincheck and KuCoin. India has not been insulated from cyberattacks, the most notorious instance being the WazirX hack, where nearly ₹230 million was allegedly stolen by North Korean-backed entities.

c) Market manipulation

Crypto has also been subject to various market manipulation techniques (like the notorious automated trading program ‘Willy Bot’ placing massive orders on Mt. Gox without real funds), pump and dump schemes and wash trading (where a person buys and sells the same crypto from different accounts in the same quantity to give a false sense of market liquidity). These account for 70% of trading volume on unregulated exchanges, making the average investor extremely vulnerable.

The argument for the need for regulation does not have any obvious counters. The nature of regulation, however, is far more complex. This complexity stems from the nature of cryptocurrency.

It is difficult to fold cryptocurrency entirely into traditional categories of goods, commodities, securities, currencies, etc, because it does not fit entirely into the assumptions underlying any one of these categories. The problem is further amplified by the fact that cryptocurrency itself cannot be understood in a monolithic way.

In certain instances, cryptocurrency behaves like a commodity. Widely traded cryptocurrencies such as Bitcoin are fungible, scarce by design and priced by market demand rather than by any central issuer’s promise or performance. They are commonly held as investments or stores of value and are actively traded on exchanges, particularly in India, where trading over exchanges dominate its use. Yet, cryptocurrencies differ from traditional commodities in important ways: they are intangible, not consumed in use and exist only as entries on the blockchain ledgers.

Similarly, cryptocurrency can resemble a security in certain contexts, such as where cryptotokens are issued to raise funds, promoted with profit expectations and managed by identifiable entities, as seen in many Initial Coin Offerings or ICOs. However, this character is often temporary. A cryptotoken may initially resemble a security but later become decentralised and widely traded, making it difficult to regulate under securities law, which assumes a continuing issuer-investor relationship. Cryptocurrency also exhibits money-like features. It can function as a store of value and, within limited ecosystems, as a medium of exchange.

This difficulty is evidenced when surveying how various jurisdictions have treated cryptocurrency.

In the United States, each regulatory body has characterised crypto to extend its jurisdiction. The Internal Revenue Service (IRS) treats cryptocurrency as property for tax purposes, subjecting gains from trading or disposal to capital gains tax. FinCEN, responsible for anti-money-laundering oversight, has taken a different view. As early as 2013, it characterised “virtual currency” as a medium of exchange with some features of fiat currency and, on that basis, regulates crypto exchanges and intermediaries as money transmitters under the Bank Secrecy Act.

In effect, nearly all cryptocurrencies are treated as ‘currency’ from a regulatory point of view. The US Securities and Exchange Commission (SEC) has repeatedly relied on the Howey Test to classify certain crypto assets as investment contracts and, therefore, securities. In SEC v. Terraform Labs Pte Ltd, the SEC successfully contended that the tokens under consideration, like TerraUSD (UST) and LUNA, qualify as investment contracts. A similar approach was adopted in SEC v. Ripple Labs Inc, where it was held that certain sales to institutional investors qualified as securities transactions under the Howey test, as investors reasonably expected profits based on Ripple’s efforts.

Concurrently, the Commodity Futures Trading Commission has consistently characterised major cryptocurrencies such as Bitcoin and Ether as commodities, asserting jurisdiction over crypto-derivatives and market manipulation. As a result, the same cryptocurrency may be treated as property, currency, security, or commodity, depending on the regulatory context, reflecting an approach that may be understood as ‘functional’ but fragmented.

The United Kingdom has adopted a more use-based framework. Rather than shoehorning cryptocurrencies into traditional categories, UK regulators focus on how a cryptoasset is used. The Financial Conduct Authority classifies cryptoassets into exchange tokens, security tokens and utility tokens, with only security tokens falling within mainstream financial regulation. Exchange tokens such as Bitcoin are largely regulated through anti-money-laundering laws. In parallel, the UK courts have also recognised cryptocurrencies as property, capable of ownership, transfer and legal protection; this has recently been made part of UK legislation.

Japan and Singapore occupy a middle ground. Japan’s Payment Services Act defines cryptocurrencies as crypto-assets, recognising them as property-like values that may be used for payment but are not legal tender. Singapore regulates cryptocurrencies as digital payment tokens under its Payment Services Act, licensing exchanges and wallet providers. It excludes crypto from currency or securities regulation unless it has investment-like features.

From a survey of the positions taken by various jurisdictions, a large number of them are more ready to recognise cryptocurrency as property in contrast to other forms.

Indian courts have also grappled with the question. Most prominently, in Internet and Mobile Assn of India v. RBI, before the Supreme Court, it was argued that cryptocurrency does not qualify as currency or legal tender and, therefore, the RBI lacks jurisdiction to regulate/ban it. After extensively surveying the character of ‘virtual currencies’ across various jurisdictions, the Supreme Court explicitly accepted its fluid nature. In paragraph 6.85, the Court summarised that virtual currencies have been categorised as commodities, non-traditional currencies, payment instruments, money and funds. It rightly concluded that ‘none of these constitute the whole truth’.

Accepting further that they can function like money, the Court held that users and traders of virtual currencies carry on an activity that can be regulated by the RBI. Following this decision, in Rhutikumari v. Zanmai Labs Pvt Ltd, the Madras High Court in held that virtual currencies are ‘property’ capable of being held in trust, while in the course of its reasoning, identifying that it cannot be just ‘property’. It is to be noted that the judgment is under challenge before a division bench.

Cryptocurrency thus resists a single traditional legal identity. It is neither purely a commodity nor purely a currency; neither wholly a security nor mere property, but a digital asset capable of assuming multiple economic roles depending on context and use. This functional fluidity lies at the heart of the difficulty in regulating crypto. Attempts to force it into a single legal category risk either under-regulation or overreach. Understanding its true nature is of paramount importance to determining the nature of regulation and who the regulator should be.

These are aspects that will be addressed in subsequent posts.

Anirudh Krishnan, Anuraag Rajagopalan and S Hasthisha Desikan are Advocates at the Madras High Court and AK Law Chambers.