Five Unsolved Challenges of Crypto Security Tokensby@julianhosp
2,706 reads
2,706 reads

Five Unsolved Challenges of Crypto Security Tokens

by Dr. Julian HospDecember 12th, 2018
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Security Tokens are the latest hot topic in the craziness of the cryptocurrency ecosystem. Not only in the press, but also among investors who are savvy to find “the next killer application on the blockchain”. At TenX (<a href="" target="_blank"></a>), we recently announced <a href="" target="_blank">our TenX reward token</a> as a mix of a traditional and innovative investment vehicle. While defining this token both from a legal and regulatory perspective however, we did find several challenges that might make a scalable breakthrough for security tokens not as easy as hoped. So, let’s step into Alice’s crypto shoes and climb down the rabbit hole.
featured image - Five Unsolved Challenges of Crypto Security Tokens
Dr. Julian Hosp HackerNoon profile picture

Security Tokens are the latest hot topic in the craziness of the cryptocurrency ecosystem. Not only in the press, but also among investors who are savvy to find “the next killer application on the blockchain”. At TenX (, we recently announced our TenX reward token as a mix of a traditional and innovative investment vehicle. While defining this token both from a legal and regulatory perspective however, we did find several challenges that might make a scalable breakthrough for security tokens not as easy as hoped. So, let’s step into Alice’s crypto shoes and climb down the rabbit hole.

Photo credit:

During events all around the world where I speak on the status quo of TenX, the future of blockchain and how to become #cryptofit, I ask the question, whether the audience knows what this new overly hyped thing called a crypto security token might be. Mostly, less than 10% in the room do. With that in mind let’s first get an overview, of what we are actually talking about here:

What is a crypto security token?

According to Wikipedia, a token is “a thing serving as a visible or tangible representation of a fact, quality, feeling, etc.” ( In crypto terms we mostly call things tokens when such a representation is not its entire own blockchain, such as we have in a cryptocurrency like Bitcoin, but rather when it is part of an ownership on top of another blockchain. The most famous example are tokens on the Ethereum blockchain defined by the ERC20 standard ( Here, any creator does not have to establish their own blockchain, but can use the Ethereum infrastructure by defining six simple functions to generate a new token within minutes.

The next question is, what such a token does or represents. To date, the large majority of all ERC20 tokens created are utility tokens, meaning, these tokens are used for some kind of service. One such example is a loyalty program, which is what we at TenX are using our PAY token for right now (, but they can take other forms like a fictional key to a lock or other claims.

How do tokens get created?

Mostly this happens during Initial Coin Offerings (ICOs), where a token issuer (the company) creates these tokens at almost no cost and sells them to the public. This method has allowed token issuers to earn billions of dollars to date. Since most companies create these tokens to raise funds, it begs the question on why these tokens are created with utility functions and not, instead like during an IPO (, with security like properties. A security is a tradable financial asset where its value is derived from a contractual claim, such as bank deposits, bonds, and stocks and are usually more liquid than other tangible assets, such as commodities or real estate, and may be traded on financial markets ( Going for an IPO is mostly too expensive for a small startup, but especially over the past two years more and more voices came up asking why not create a crypto token that does represent some kind of ownership, right or claim against the company. This is what the crypto community has coined as crypto security tokens.

The major problem with this idea? Just like 90% in a room full of crypto enthusiasts don’t know what a crypto security is, neither do most regulators. The concept of mixing the best out of both worlds, namely the low cost and ease of regulation of the crypto markets on one hand and the possibility of creating a financial security with all its claims on the other hand, does not exist in any legal system. It is an idea that we entrepreneurs came up with in order to drive innovation. While I am personally pro “less regulation” in general, I do see the point on why in this case, some rules are necessary, especially to protect investors’ hard earned money. I am part of many regulatory blockchain workgroups all around the world, and no regulator I have ever raised this to, has an answer to what such a hybrid of non-security and security should look like — yet.

For almost two years “word on the crypto street” was, that this problem will get solved. But today, at the end of November 2018, we are not much further in legally defining this idea, than we were over a year ago. Some companies have been attempting to create security tokens, so why not “just do it”? Because we have to answer the following question first:

“How does a secondary market work with security tokens?”

The primary market is during the STO (Security Token Offering), when the company sells the tokens to the public. Nevertheless, anyone who buys such a token, wants to have an exit strategy — a plan on how to actually benefit from the token. Something that is completely illiquid is not worth much as anyone whose frozen assets worth millions of dollars might confirm to you when he cannot cash out the funds. We need a secondary market to do so, and for this we have to solve some questions first — five, to be exact:

Question 1: What are the rules to transfer a token from Person A to Person B?

In order to send bitcoins from one person to another, one just needs to send it to the other person’s address. The same applies to utility tokens. When it comes to securities however, we need to consider KYC/KYB (Know your Customer/Business), age, residency etc. For example, a twelve-year old is not allowed to buy securities in most jurisdictions. How would such limits of transfer be enforced in a system that is open-source, borderless and censorship resistant by design? If I wanted to transfer Apple shares to another person it gets registered in a central database — this gets completely flipped on top of its head when this database is decentralized. But, there is light at the end of the tunnel (hopefully not an oncoming train though…): The ERC token standard 1400 and its sister 1462, which is also the standard we are using for the TenX token would allow whitelisting of addresses for transfers and could solve this problem to stay compliant — maybe even within 2019.

ERC 1400: The transfer of security tokens can fail for various reasons in contrast to utility tokens, where in general a transaction only fails because of insufficient account balance.

Question 2: How would exchanges handle deposits & withdrawals?

Trading security tokens on an exchange is quite straight forward from a KYC/KYB perspective, since they could require any user to get registered and verified upfront, similar to what most crypto exchanges are doing already anyways. However, how do tokens get onto an exchange and how could a user withdraw them. At the end it is: NYKNYM — Not Your Keys, Not Your Money — and the crypto ecosystem participants like to stay in control of their own private keys, which means storage of tokens on an exchange where one does not control the private key is not a desired solution. So, how can I trade security tokens on an exchange but then withdraw and/or deposit them? Here, lots of uncertainties pop up in regards to “source of funds”. How did you get the tokens in the first place? What if there was no proper whitelisting done with your address? How can you prove ownership of a token? Only few of these questions have answers today. Furthermore, we at TenX contacted 23 crypto security token exchanges, that claimed that they are either live already or close to live, to see what their requirements for listing a security token is. The answer? The majority replied, that they are not ready (yet) — but would be soon. The same answer I have received a year ago, when we contacted 9 crypto security exchanges to get further details. My prediction: Even in 2019 it will be very difficult to see progress here. Some sandboxes might pop up, like it is envisioned in Singapore, but not the all-access crypto-security-token exchanges that we would like to see.

Still, we are quite optimistic in that regard that we can trailblaze as a positive example in partnerships with exchanges.

Question 3: As a token holder, who do I bring a claim against?

The next challenge to tackle is to find an answer to the problem who to go to, when you are unhappy with your token. If you bought your token during the STO from the company, this answer is quite easy, since there is only you and the company. What to do however, when you buy the token on the open secondary market? If a trade doesn’t go as planned, is it the company’s fault? Probably not, rather the exchange or in an Over the Counter (OTC) trade, the other party. What if you are of the belief that the seller has overcharged you for the token? What if the token performance is not as planned? In unregulated utility token markets, which comprise 100% of all traded tokens as of now, the answers are quite clear: There are not many rules, hence the term unregulated. These tokens are not expected to bring any returns but rather serve a utility function, so there is not much of a claim against the issuing company. There is no insider trading and if something goes wrong with a trade, the only party to go to is the exchange — who may or may not help you out. Then we have the exact opposite in regulated security markets like a stock exchange. Here we have clear rules on when to trade, when not to, what is allowed and what is not. Responsibilities are clearly defined. How could this work in a security token example? This is a heck of a problem because while we want as many freedoms as possible we also want as many certainties. Both stand at odds. For example, how is insider trading regulated? If I bought a token on the secondary market and I am unhappy with the token, who do I go to? These and many questions have yet to be answered. The hardest part here is, that the answers are very subjective and not as objectively solvable as the questions before. There is no right or wrong about who is responsible. Yes, while the exchange might be responsible, it could also be the seller or the company. It will be interesting to see if this gets solved in 2019 at all and if it does, how — will a standard get established among various exchanges? Part of the answers will only be possible if the following two questions get answered.

Question 4: As a company issuing a Security Token, what do I have to report?

This question is targeted towards the company performing a STO and what reporting measures it has to perform afterwards. In most stock markets these reports happen on a quarterly basis and are completely standardized. In the crypto ecosystem so far they are pretty much nonexistent, since they are not required for issuing a utility token and no clear rules are established (yet) for security tokens. Even though we were not required to do so, we at TenX published a transparency report one year after our tokensale in order to inform the public about various topics like financials, further plans and challenges: To date only a handful of companies have followed suit, even though they have received billions of dollars in exchange for mostly close to worthless tokens. While I completely agree that strict reporting arrangements such as for mature publicly traded companies would be way too stringent and short-sighted for startups, some oversight is definitely necessary to provide transparency for investors. Yet, the devil lies in the details: Need such reports get audited? How detailed would they have to be? Is it fair to measure a startup that might take a decade to disrupt an industry on a quarterly or annual basis? These and many more questions are yet to be answered.

TenX Transparency Report — Q2, 2018:

TenX Transparency Report — Q2, 2018:

Question 5: What is the legal connection between token and underlying asset?

The fifth and final question surrounds the legal connection between controlling a token and having a valid claim against the underlying asset. A simple question on what ownership actually is, is not as easy to answer. With gold, ownership is owning the physical piece. With shares, it is having them registered to someone’s name. With real estate it is about having the title in your name. But on a blockchain? On these decentralized databases you cannot even own anything other than a private key that lets you add entries into the database. If you can prove ownership of the key, you can cryptographically prove ownership to the digital token. But this is a completely new concept and it has yet to be shown, if and how this would hold in court. Would a regulator accept a lawsuit based on a mathematical formula that shows, that yes, you do hold some security token to some company even though these tokens are not registered in anyone’s name? What if two or more people can prove ownership because they both know the private key? Liechtenstein seems to be the first country in the world to start tackling these difficult questions in a new blockchain law, that hopefully goes into effect in 2019:

It would lay the foundation on how a legal connection between ownership of a token and its underlying asset is truly established.

“Consultation launched on Blockchain Act” published by the Government Principality of Liechtenstein from 29th August, 2018

Yay or Nay?

So, what does all that mean for security tokens as the next killer app on the blockchain? A famous quote that is rightly/wrongly attributed to Y-combinator Founder Paul Graham says: “If you want to know what tech play to invest into next, look at what kids and software developers are playing with!” Following this quote, you would have been right in 2011, when kids were playing with bitcoins to buy in-game items and you would have been right with Ethereum in 2015. However, I have yet to hear of a kid or software engineer that is playing with security tokens. Still, I do believe there is massive merit in crypto security tokens, especially in comparison to the utility token model, where investors don’t have many rights but lots of risks.

How do you see these challenges around security tokens? Will they get solved in 2019? If yes, how and if no, why not? Let me know in the comments below and I am looking forward to a fruitful discussion on this exciting topic in the future.

Follow me on Twitter ( for more updates on this and many other topics.

— — —

Dr. Julian Hosp is the co-founder and president of the Singapore based company TenX (, a leading blockchain company that makes cryptocurrencies spendable anytime, anywhere in everyday life. To date, TenX has received over 100M USD in funding.

Prior to TenX, Julian was a 10-year professional athlete and a medical doctor. He co-authored COMIT (, an open-source protocol that allows interoperability between blockchains, connecting them to an agnostic network.

He is the author of several bestsellers such as „Cryptocurrencies simply explained” and “Blockchain 2.0 — more than just Bitcoin”, which have been translated into 15 languages and has sold over 100,000 copies.

He was named one of the world’s top Blockchain and Cryptocurrency experts and also works in blockchain groups with the European Union on topics such as regulation, social impact and economics.

As a Speaker of the Washington Speakers Bureau, he is frequently invited to global tech and entrepreneur events as well as government summits around the world and he is also a regular commentator in the media on current blockchain trends, the future of cryptocurrency and best practices.