A case filed on November 30, 2021 in Federal Court in the Eastern District of New York, is making the assertion that the cryptocurrency based “no-loss lottery” of Pool Together, Inc. (PoolTogether) is unlawful.
The case is one of the first involving cryptocurrency, and the Complaint touches upon several issues in this new area, including the following:
- Consumer and investor protection
- Control of decentralized finance (DeFi) protocols; and
- National security
No-loss lottery & The PoolTogether Protocol
According to its website, PoolTogether as a protocol, is a “decentralized open source blockchain based prize savings account,” that offers all depositors a chance to win prizes without needing to risk their deposited funds.
Said to replicate “no-loss lotteries,” the process involves selling “tickets” not limited by geography, with interest earned on such ‘deposits’ by “automatically [routing them] to other decentralized finance protocols like Aave.” Then prizes are generated from this interest, with the goal of enabling people to save money at the same time. The Complaint somewhat simplifies this by stating that other than the purchase of tickets using cryptocurrency, the process is otherwise, “materially identical to an old-fashioned numbers racket.”
Protocols like Aave are said to be “fully liquid,” with deposits being able to be withdrawn at any time. To ensure that loans are not defaulted upon, borrowers from Aave must “deposit collateral that is greater in value than what they are borrowing.”
It should be noted that while PoolTogether’s site says that deposited funds are not at risk, it also states that various risks are nevertheless involved, “including, but not limited to, losses while digital assets are being supplied to the PoolTogether protocol. ” It also states that the protocol is provided “as is,” and at a ticket purchasers’ “own risk and without warranties of any kind.”
The Complaint takes the position that “all of the money delivered to PoolTogether is at risk of loss,” and quotes additional information on PoolTogether’s site saying, “You should not deposit any money you are not comfortable losing.”
At the time of the filing of the Complaint, 14 lotteries were in operation with more than 11,900 people participating and PoolTogether’s founder, Leighton Cusack’s stated long term goal is to ultimately replace savings accounts and lotteries, by becoming the first viral decentralized finance (DeFi) protocol to break into the mainstream.
Consumer & Investor Protection
According to the Complaint, PoolTogether’s “no-loss lottery” is unlawful under N.Y. Banking Law § 9-v because it has not received government authorization.
It notes that under the American Savings Promotion Act, states were given the ability to authorize banks and credit unions to create prize-linked savings accounts, subject to oversight by state and federal banking regulators and at effectively zero transaction costs. New York Banking Law § 9-v then granted banking organizations, federal credit unions, federal savings banks, federal savings and loan associations, and national bank associations within the state, the ability to offer ‘savings promotions prize giveaways.”
At the time of the filing, PoolTogether did not qualify as being any of the above entities, while its “no loss lottery” is said by the Complaint to be “exactly like” such savings promotion prize giveaways. The Complaint also says it is riskier and more expensive than the regulated options already available to “genuine retail investors.”
Concerns have arisen as PoolTogether is able to accept deposits worldwide and the process under which the deposits are then lent out is said by the Complaint to have “no restrictions of any kind,” constituting a “liquidity pool” from which “unrelated people and entities can borrow or exchange cryptocurrencies,” without being regulated. The technology is said to allow the timing to be “immediate.”
Also at issue, is whether PoolTogether’s “no loss” lottery, in fact, involves no actual loss to users. In the Consumer Financial Protection Bureau (CFPB)’s case against LendUp Loans, LLC, the government did not take issue with the new “LendUp Ladder” approach the company took in providing online loans, but instead, found fault with the failure to deliver on stated claims. It took the position that the failure to do so constituted deceptive acts and/or practices under the Consumer Financial Protection Act of 2010 and also stated there were violations of the Equal Credit Opportunity Act.
Here the Complaint asserts that contrary to involving no loss, those who purchase tickets from PoolTogether must be aware of the following:
- The simple act of sending cryptocurrency to PoolTogether is remarkably expensive
- Only large deposits in PoolTogether or deposits that are left for a very long time could possibly have expected value
- PoolTogether keeps up to 50% of each weekly prize as a “reserve” which may never be paid out;
- A “gas” fee is required due to the significant computing power required by each transaction
- In some cases, it could take decades after the initial deposit to receive it back; and that
- PoolTogether may never offer a positive expected value
The PoolTogether site itself, as of the date of this article, says on the one hand that, “assuming the protocol operates as intended, there is no risk of losing your money,” but immediately after qualifies this by stating that, “However, there are still many risks inherent in using a blockchain based protocol like this,” and that “These risks could result in losing some or all of your money.” It then directs readers to the “Risks” page, for more details on “specific risks” to be aware of.
Control of DeFi Protocols
The Complaint also touches upon the question of who has control over DeFi protocols and therefore, who can be held accountable.
According to PoolTogether’s site, “no one has the ability to control the funds deposited,” as “all deposits and withdraws are conducted automatically by the smart contracts making up the PoolTogether protocol.” It refers to this as a “non-custodial protocol.”
On its “Risks & Audits” page, the use of the word “no one” is given more clarity as it is stated that “no individual, or institution,” has control over the PoolTogether protocol. Instead, it is the “POOL token holders,” that control the protocol, with POOL said to be the governance token of the PoolTogether protocol. The parameters of governance are said to consist of managing the distribution of the POOL token; managing the protocol treasury; and determining the parameters of prize pools.
Changes to the protocol can be submitted by “anyone holding or delegated 10,000 POOL tokens,” and once a change has been submitted it is voted on by POOL token holders.”
Additionally, while it says that there are “many different websites and applications that provide access to the protocol … these websites simply provide an interface and do not control the protocol in any way.” However, the protocol itself uses several other protocols, which can potentially fail.
Allegations Found in the Complaint
The Complaint disputes the above, asserting that Leighton Cusack who founded PoolTogether, “at all times has controlled its operations.”
It further says that control was exercised to the extent that some of the investors in PoolTogether engaged in a conspiracy to promote the lottery in exchange for a financial interest in its operations. Specifically, Defendants such as Kain Warwick, ParaFi Capital, LP and Stanislav Kulechov, who’s firm is Aave, mentioned above, were said to have provided funds to PoolTogether in exchange for ownership interests such as an ownership share (or right to purchase an ownership share) in PoolTogether, Inc., and/or voting rights in governance protocols.
The Complaint also says that PoolTogether’s cryptocurrencies are lent out through Defendant Compound Labs, Inc., who takes a portion of the interest earned that goes back to users as lottery prizes.
It is likely not fully known at the time of the filing of the Complaint whether the behavior of the above investors fully conformed to PoolTogether’s established procedures or whether certain aspects failed to do so. It can also be noted that even if the investors were in compliance and were valid POOL token holders, this doesn’t mean they are able to lawfully agree to engage in activity that is unlawful.
The outcome of the case may shed further light on whether PoolTogether, the company, can be held accountable for the actions of the protocol, and if so, to what degree.
Accordingly, if there are issues concerning the ability to identify POOL token holders, it can be difficult to hold them accountable. Of course, it is also not clear yet from a legal standpoint whether they can or should be held accountable.
Interestingly, this case also shows the potential for better accountability through the use of cryptocurrency as the Complaint mentions the following characteristics of the PoolTogether protocol:
- It keeps a publicly accessible record of every transaction any gambler has ever executed with it
- Each gambler is assigned a unique identification code
- It can communicate with all of its gamblers, ensuring the ability to provide notices
- It can determine the amount of money owed to each gambler without any complex individualistic calculations; and
- It can pay the money it owes them easily by crediting the accounts associated with each identification number
The relatively simple change – at least from a technological standpoint – of requiring disclosures sufficient to properly identify ticket purchasers could potentially allow for a mechanism to hold them accountable, or a subset of them, such as those holding or are delegated the 10,000 tokens needed to submit changes to the protocol, and make a large difference as to whether courts allow the continued use of such DeFi protocols.
As the Complaint states, federal and state banking regulations also exist to protect “broader national interests,” such as national security and preventing tax evasion.
As to national security, it provides the example that anti-money-laundering laws were strengthened concerning regulated institutions after the September 11 terrorist attacks as follows:
- They had to know the identity of their customers
- They were required to report transactions of a certain size or type to the government; and
- They had to verify that they are not working directly or indirectly with sanctioned entities and people.
It is an open question whether PoolTogether must comply with such laws, and based upon the information it had available at the time of filing, the Complaint takes the position that it had not complied in practice.
As covered above, PoolTogether’s procedures as to the disclosure of identity are currently at issue and the process under which the deposits are lent out are said by the Complaint to have “no restrictions of any kind,” and constitute a “liquidity pool” from which “unrelated people and entities can borrow or exchange cryptocurrencies.”
However, the publicly available record of each depositor maintained, as mentioned above, along with the other four capabilities listed in the Complaint that go beyond what traditional banking currently offers, shows that from a technological standpoint, the protocol could be modified to comply with anti-money laundering regulations applicable to financial institutions and possibly provide enhanced protections when it comes to national security.