Emerging Legal Questions for the Post-Merge Ethereum Network
On September 15, 2022, the Ethereum blockchain transitioned from a proof-of-work (PoW) consensus mechanism to proof-of-stake (PoS) consensus by merging the Ethereum Mainnet with the PoS Beacon Chain. This event, commonly referred to as the “Merge,” is a historic moment for Ethereum, as well as a monumental development for the broader blockchain space. The Merge dramatically reduced the Ethereum network’s energy consumption, which has long been a salient criticism against the mainstream adoption of the largest programmable blockchain. The introduction of PoS consensus to Ethereum is the first step in a phased plan to increase the network’s efficiency, security, and scalability. The following is an overview of the Merge and its implications for investors and developers with respect to the Ethereum ecosystem.
A consensus mechanism is an algorithm used by blockchain networks to maintain an accurate and current record of data. A PoW consensus mechanism requires distributed computer nodes participating in the network to apply significant computing power to solving complex mathematical equations—an activity known as “mining”—and thereby earn the right to add a new block of transactions to the chain. Miners help to ensure network security and accuracy, for which they earn tokens as compensation. Although PoW consensus is extremely secure, it consumes an extraordinary amount of energy, which has led blockchains such as Bitcoin to amass a carbon footprint comparable to those of entire countries. In contrast, a PoS consensus mechanism requires validator nodes to “stake,” or pledge, digital assets as collateral to the network in order to earn the right to propose new blocks of transactions. PoS consensus is relatively new compared to PoW (which dates back to the launch of Bitcoin) but is widely viewed as cause for excitement: Ethereum’s much anticipated transition to PoS consensus reduced the network’s energy consumption by about 99.9% overnight.
The Ethereum Merge is an ambitious and unprecedented endeavor in the blockchain space, and although the Merge has been consummated without any material issues, some uncertainty remains as to how Ethereum’s transition to PoS will affect the network and the many digital assets and applications that make up the Ethereum ecosystem. Of the many issues that might arise in light of the Merge, four types that are particularly worthy of consideration involve environmental, social, and corporate governance (ESG), securities law, intellectual property, and cybersecurity.
Environmental, Social, Governance (ESG):
Within the realm of ESG, a major criticism of PoW blockchains is the effect of their intense energy demands on the global climate crisis. Bitcoin alone is widely believed to use as much electrical power as the entirety of the Netherlands each year.1 On September 8, 2022, the Biden Administration’s Office for Science and Technology Policy (OSTP) issued a 45-page report recommending that (1) the Environmental Protection Agency and the Department of Energy develop environmental standards for the cryptocurrency industry, and (2) federal legislation may be needed to limit or eliminate the use of high-intensity mining rigs. With the Merge, Ethereum has made significant strides to green itself and possibly keep critics, and regulators, at bay.
The Merge may provide an initial opportunity for ESG-conscious investors to jump into Ethereum and the broader crypto ecosystem, including Decentralized Finance (DeFi). However, the broader crypto ecosystem may still face a negative reputation due to its environmental impact, since many of the largest cryptocurrencies by market cap still rely on the energy consuming PoW consensus model.2 Further, there are not clearly defined standards for measuring and reporting carbon emissions globally, and it may take significant data from multiple sources before Ethereum is truly deemed to be environmentally friendly by ESG-conscious investors and institutions.
These issues are sure to be on ESG investors’ minds, especially given the United States Securities and Exchange Commission (SEC)’s campaign against greenwashing (it has already fined an institutional investor $1.3 million for fraudulent ESG claims). The SEC’s proposed “investor rule,” if adopted, would require ESG-focused funds and firms to disclose specifics about ESG fund-management strategies.3 Similarly, the SEC’s “issuer rule,” slated for adoption later this year, would require public companies to disclose emissions and provide climate-related financial data in the interest of investor transparency.4
In the wake of the Ethereum Merge, some have argued that the shift to PoS could make ETH (the currency of Ethereum) look more like a security under U.S. securities law. The primary test for determining whether something constitutes an investment contract (and thus a security under U.S. law) is the Howey Test, which asks whether: (1) there is an investment of money (2) in a common enterprise (3) with a reasonable expectation of profits that is (4) derived from the managerial efforts of others, such as the issuer or promoter. On the day of the Merge, SEC Chairman Gary Gensler signaled that staking models might cause tokens to qualify as investment contracts under the Howey Test, stating that “from the coin’s perspective…that’s another indicia that under the Howey Test, the investing public is anticipating profits based on the efforts of others.”5 Chair Gensler appears to be questioning whether the “efforts of others” prong could be met due to Ethereum’s shift to staking, although, historically, this prong has been interpreted to focus on the efforts of an issuer or promoter. Although neither Chair Gensler nor the SEC has articulated a full analysis of the issue, he appears to be suggesting that holders of ETH who share in block validation rewards may be doing so as a result of the efforts of others (e.g., the node operators to which those holders have staked their ETH, who are, in turn, expending resources and effort to set up and run validator nodes in order to secure the network and earn rewards). However, staking ETH is an optional activity for ETH holders, and many may forego these rewards by choosing not to participate in staking at all (particularly those that do not want to be subject to an “unbonding” period, which will require a waiting period before selling staked ETH). Chair Gensler also suggested that a staking service provider that pools customer assets in order to stake on their behalf and generate rewards may be offering a security.6
The SEC has been clear, through recent statements and enforcement actions, that it views most digital assets as securities. However, since 2018, many have relied on statements from a speech by former SEC Director William Hinman as evidence that ETH is not a security due to its “sufficiently decentralized” nature.7 If Ethereum is truly a decentralized network, it cannot be said that the success of the network relies on the efforts of a core centralized team under Howey, but rather a dispersed network of individuals or groups of individuals who contribute their efforts to maintain and grow the network. It is also difficult to point to an issuer or promoter responsible for making requisite disclosures under securities laws if ETH were to be deemed a security by the SEC. Further, both the proposed Lummis-Gillibrand Responsible Financial Innovation Act and the Digital Commodities Consumer Protection Act contemplate that ETH would be regulated as a commodity.
Whether the SEC pursues action against ETH as an unregistered security post-Merge, or whether the argument is truly valid, has yet to be seen, but the effects of such an action on the second largest cryptocurrency in the world would be far reaching. Doing so would require disclosures and other required filings for transactions involving ETH. Any exchange listing ETH would technically need to be registered with the SEC. Not only would these new obligations change the landscape of the digital assets business, but they could also result in significant uncertainty for other PoS blockchains and protocols operating on them, since it is not clear which parties would be held responsible (and under what conditions) or how the SEC would enforce these obligations within such a decentralized system.
Given that neither the Lummis-Gillibrand bill nor the Digital Commodities Consumer Protection Act has yet to pass the Senate, for now, questions of who has jurisdiction over ETH and what actions, if any, could be taken remain unresolved.
The Merge, and the events following shortly thereafter, may also have implications for certain intellectual property (IP) rights. Not long after the Merge, a sizable community of crypto miners banded together to create ETHPoW (or “ETHW”), a spinoff network continuing to use proof-of-work methods, also called a “hard fork.” A hard fork results in distinct Ethereum blockchains existing at once, meaning that preexisting tokens on the Ethereum Mainnet are duplicated on the new ETHW network. When this happens, each version of the token plays the same role relative to its respective network—the token that persists on the Ethereum network will continue to operate as a typical token on Ethereum, and the spinoff token on the ETHW fork will operate in the same way on the ETHW fork. The result is twin tokens in parallel networks.
This token twinning creates an interesting dilemma, especially where non-fungible tokens (NFTs) are concerned. NFTs are unique and singular digital assets on the blockchain, and the vast majority of the NFT market (76% of total NFT volume) runs on Ethereum. NFTs are often paired with contractual terms that grant the purchaser various rights associated with some underlying property. These terms can be as broad as granting full copyright, rights to derivative works, and rights to commercialize underlying NFT artwork, or they can be as narrow as a limited, non-exclusive license to display the artwork or media in the purchaser’s token wallet for purely personal purposes. A hard fork creates a situation where NFTs running on the Ethereum Mainnet are duplicated onto the forked ETHW chain, resulting in confusion as to which token the associated contractual terms and IP rights apply to.
Suppose, for example, that a musician created an NFT of one of her works in 2021, intending to give the purchaser an exclusive license to create derivative works. A hard fork may result in a second copy of the NFT existing on the ETHW network. If the terms of the exclusive license only refer to the “Ethereum network” without specifying which NFT the rights are associated with in the event of a hard fork, two separate parties could have a claim to the rights associated with the NFTs. Not only would this create uncertainty as to who has the right to utilize the work, but it could also potentially reduce the value associated with the NFT, as the intended holder may become limited in their ability to utilize the work or may even have to share that ability with another party.
Some parties anticipated the IP implications of a hard fork and clarified their intent well before the Merge. For example, Circle, Tether, and OpenSea8 stated their intent to support the Ethereum proof-of-stake chain exclusively and to only recognize tokens that exist on the Mainnet and not the ETHW fork. Yuga Labs (best known for creating the Bored Ape Yacht Club) announced on Twitter that they would support the proof-of-stake chain only,9 though their CryptoPunks license agreement allows them to choose which version of the NFT in question holds the valid license in the event of a hard fork.10 Others chose a more inclusive approach: Rarible wrote its Standard Collectibles Sale and License Agreement in such a way as to extend licensed rights to those on the ETHW fork alongside those on the main Ethereum network.11 But artists, casual NFT creators, and others who do not routinely engage in cryptocurrency activity may not have thought to take steps to prevent uncertainty in the event of a merge. Support for the ETHW fork since the Merge has not been strong, but it remains to be seen how ETHW fares in the days ahead and whether other hard forks are soon to follow.
With reports of hacks and exploits surrounding cryptocurrency appearing frequently in the news, cybersecurity remains a critical consideration for the mainstream adoption of blockchain technology. The removal of a PoW method for authenticating transactions has led some to speculate as to whether the Merge could result in increased cybersecurity risks for Ethereum users. Some security concerns involve the potential for hackers to exploit bugs in the new code. Other concerns involve the centralization of validator nodes and the potential to censor or delay certain transactions. However, one function of the Merge is to lower the barrier of entry for those who intend to participate in validating transactions, and increased participation in consensus could lower the risk of a 51% attack, in which a malicious actor seizes control of a blockchain and is able to alter its transaction record by prohibitively increasing the cost to do so. Further, the completion of the Merge now allows Ethereum developers to devote their time to adding “sharding” capabilities, or the splitting up of transactional data, to the network. Sharding would promote scalability by allowing individual nodes to validate subsets of all transactions submitted for a block simultaneously (e.g., breaking transactional data into smaller chunks). Increased scalability on the Ethereum network would reduce users’ need to interact with layer-2 scaling solutions and bridges, many of which expose users to potentially risky smart contracts and have been the subject of high-profile attacks.12
Although most participants in the Ethereum ecosystem have expressed support for the Merge, a minority have continued operating Ethereum PoW chains. A forked PoW chain contains duplicates of assets on the Ethereum network, which allows for so-called “replay attacks,” in which bad actors use duplicated transactions to steal assets hosted on the PoW network (the “real” assets). If a duplicate asset is sold, a hacker could duplicate the sale on the PoW network and fool the blockchain into validating this second transaction by using the same chain ID. The ETHW chain has already experienced a replay attack in which attackers used the Omni bridge on the Gnosis chain to replay the call data from a PoS chain transfer on the PoW chain, and the bridge did not correctly verify the chain ID.13
Vitalik Buterin, a co-founder of Ethereum, has stated that there will be many ongoing phases of development of the Ethereum network, which he estimates is only about 55% complete post-Merge. The Ethereum network plans to make incremental upgrades over the next few years to further improve the security and scalability of the network. Developers and researchers are monitoring the security of the chain in real time, and there could be technical updates to the network as any issues arise. As things stand, it is too early to predict how Ethereum will fare post-Merge. But with the emergence of a PoW fork almost immediately after the Merge, many legal and cybersecurity issues, including those covered above, are sure to be tested.
The changes made to the Ethereum blockchain may not be apparent to the average user, but parties who are engaged (or who are considering whether to engage) in activity on the Ethereum network should continue to keep an eye out as they navigate the post-Merge environment. Parties should always be cautious when reviewing electronic communications relating to cryptocurrency (especially those containing hyperlinks), should conduct extensive research before using new apps or protocols, and should be vigilant in protecting the private keys to their crypto wallets. Parties interested in transactions involving NFTs should consider researching NFT marketplaces to determine which marketplaces have provided acceptable guidance as to how to proceed in the event of a hard fork (in addition to traditional due diligence). And as always, parties should reflect on their personal tolerance for risk and uncertainty—both with respect to the cryptocurrency market as a whole and with respect to transactions with specific market actors.
For firms dealing with or looking to enter into the digital asset space, please contact the Ropes & Gray team.
- https://www.ropesgray.com/en/newsroom/alerts/2022/06/SEC-Proposes-ESG-Related-Disclosures-by-Registered-Funds-and-Investment-Advisers; see also https://www.sec.gov/rules/proposed/2022/33-11068.pdf.
- https://cointelegraph.com/news/ethw-confirms-contract-vulnerability-exploit-dismisses-replay-attack-claims. back to top