Variant: Balancing Legal Risks and Commercial Value in the Encryption Industry

Founders seem to generally view "control" as a "minefield," but how can we break down the risk logic involved?

Written by: Daniel Barabander, Deputy General Counsel of Variant Fund

Compiled by: Saoirse, Foresight News

Founders in the crypto space are well aware that the issue of "control" carries significant legal risks. While I am pleased to see that everyone has finally recognized the importance of "control" (there has indeed been considerable progress in recent years), I also notice that there is still some confusion about how to reasonably view "control." Founders generally seem to believe that "control = minefield," but they are not quite clear on how to analyze the logic behind it.

I believe a more appropriate understanding is that control is essentially a spectrum (spectrum, in this article referring to the concept of viewing control as a continuous gradient range from one end (strong control) to the other end (weak control)). To clarify your position on this spectrum, you need to ask yourself two core questions:

• Who is exercising control?
• What is the scope of control?

Regarding "Who is Exercising Control"

Its core variable is the degree of decentralization, and the spectrum is as follows (control from strong to weak):

• Single entity control → Internal multi-signature control → Independent multi-party multi-signature control → Decentralized Autonomous Organization (DAO) control → Completely tamper-proof

Regarding the "Scope of Control"

The core variable is the boundary of authority, and the spectrum is as follows (control ranges from strong to weak):

• Full upgrade rights → Time-locked full upgrade rights → Specific external dependency upgrade rights (e.g., changing oracles) → Pause function rights → Fully immutable

After clarifying the spectral positioning of the above two dimensions, it can be applied to the target legal system. I firmly believe that control analysis applies to almost all areas of law. The core logic of legal accountability usually revolves around "who has control over what."

Taking the legal definition of money transmission as an example: I once proposed that unilateral control over user funds is a necessary condition for determining whether an entity constitutes a money transmitter (although the ruling in the Tornado Cash case holds a different view, I have expressed my dissent regarding this legal interpretation in relevant papers). When defining "unilateral control," it is necessary to consider: (1) the degree of decentralization; (2) the boundaries of authority.

• Scenario A: A single administrator holds the key but can only pause the protocol in emergency situations;
• Scenario B: A truly decentralized DAO has complete upgrade control.

Neither of these two scenarios constitutes unilateral control by insiders, therefore it can be legally argued that the relevant projects do not constitute currency transmitters.

This analysis of control can also be extended to other legal fields. Taking the Howey test in securities law as an example, the core of the "efforts of others" requirement is essentially to determine whether there are managers with control, and the technical hierarchy of control in the agreement is an important basis for this determination.

As for how to position within the spectrum of control, it requires careful decision-making in conjunction with specific legal systems and legal advisors. However, from a macro perspective: control brings convenience from a business standpoint, but carries costs from a risk perspective. The key lies in ensuring the balance of cost-benefit analysis and clarifying the core purpose of retaining control. For example, if the primary demand for retaining control is to respond to emergencies, then merely retaining the "control cost" of the pause function (in terms of legal liability) will be significantly lower than full upgrade rights. It is essential to accurately identify the truly indispensable control needs in the business and then match them with the corresponding levels of control.