H.R. 3633 and the Idiocy of the Masses

Hi, everyone. This is Charles Hoskinson broadcasting live from warm, sunny Colorado. Always warm, always sunny, sometimes Colorado. Let me go ahead and grab this over Twitter to verify that we're broadcasting. For some reason, it is having issues.

So let me just make sure. It shows zero viewers, so unfortunately, it is not. Today, we're going to put our hats on and talk a little bit about HR 3633. No matter how many times I try, I always get dragged back in. I guess I'm trending on certain social media platforms about comments I made regarding a disagreement between Brad Garlinghouse and me.

Brad is saying a bad bill is better than no bill. Let's go through it a little bit. I'm actually going to show you guys the bill, and we're going to have a fact-based conversation. Here is the bill, HR 3633, the Digital Asset Market Clarity Act of 2025, which has passed the House and is currently being debated in the Senate. The holdup has nothing to do with developer protections or the balance of power between the SEC and the CFTC.

It's that certain people want to have yield on stablecoins. That's all they're talking about. They don't care at all about any of the text inside the bill. So let's start, because the bill is long and in legalese, but I have a very simple question for the XRP community. Based on the bill as written today, would XRP be a security at the time of launch?

Reading the bill, XRP would likely have been classified as an investment contract asset, a security at the time of its initial launch, rather than a digital commodity. Here's how the bill's mechanics would have applied to XRP at its inception. Security by default: the investment contract asset framework. The Clarity Act was drafted specifically to address the legal puzzle of tokens that started as securities but later transitioned into commodities as networks grew. Under the bill, when a digital asset is newly created and initially distributed by a centralized founding team or company, often to raise capital to bootstrap the network, it is generally treated as an investment contract asset.

At this stage, it falls under the jurisdiction of the Securities and Exchange Commission (SEC). It is subject to securities laws and disclosure regimes, which means no liquidity and no listing on exchanges. Security by default has to have a broker-dealer and all that type of stuff. For a digital asset to be classified as a digital commodity, which exempts it from SEC registration and places it under the Commodities Futures Trading Commission's (CFTC) jurisdiction, the underlying blockchain must be certified as a mature blockchain system. The bill defines a mature blockchain as one that has achieved sufficient decentralization, meaning it is not controlled by any person or group of people under common control, and its value does not rely solely on the ongoing managerial efforts of the original issuer.

When XRP was launched in 2012, its ledger and distribution of tokens were highly centralized around its founders, who subsequently formed OpenCoin, later named Ripple Labs. Because the network was brand new, heavily reliant on the founders' efforts to develop the ecosystem, and completely controlled by a concentrated group at a specific moment in time, the XRP ledger would not have met the Clarity Act's definition of a mature, decentralized blockchain system. Here's what has happened: this bill, as written, starts everything as a security. XRP starts as a security, Cardano starts as a security, Ethereum starts as a security, and many others. Then you have to go to the SEC and tell them, "I don't think I'm a security anymore.

" And guess what? The SEC has to agree with you. They can make an argument that you are still a security. They can do the same thing New York State did with BitLicense. Here are some attack vectors you could set up.

Attack vector one: the substantially complete trap, ratcheting the shot clock. The SEC has 60 days. You go to them and say, "I don't think I'm a security anymore." The clock is only as strong as the triggering conditions the SEC defines for when it begins. The bill does not mandate an automatic start upon submission.

It defers to the agency upon filing completeness standards, a silence the SEC can exploit architecturally. The SEC promulgates a two-stage completeness doctrine. Stage one requires an administrative pre-review of up to 30 days, during which staff determines whether a filing is eligible to even begin the 60-day period. Stage two imposes a rolling substantially complete standard defined by a 500-page regulatory disclosure matrix maintained internally by SEC staff, subject to revision without notice and comment rulemaking under the interpretive guideline exemption to the APA. The deficiency cascades.

Staff issues a deficiency letter on day 59, identifying a single missing disclosure, say a hardware supply chain audit for a validator node produced by more than 1% of the network globally. The 60-day clock pauses when the issuer cures the deficiency 45 days later at enormous legal cost. The staff acknowledges receipt but then issues a second deficiency letter. Welcome to what the FDA does, and welcome to what New York State did with BitLicense. And of course, you can double down on this.

Attack vector two: weaponizing the common control, the open-source criminalization framework, the statutory hook. The bill's common control exemption protects formal DAOs and explicitly registered organizations. It does not define, and therefore leads to agency interpretation, the boundary between protected decentralization coordination and prohibited common control. The SEC's traditional affiliation doctrines under the investment rules are transplantable here. The SEC issues a behavioral affiliation rule defining common control to include any two or more parties who share a funding source, including not-for-profit grants, contribute code to the same canonical repository without independent code reviewed by non-affiliated persons, or have coordinated on upgrade timelines within the previous 18 months as evidenced by shared communication channels, including public Discord servers, GitHub issue threads, or recorded governance calls.

Intent to coordinate is irrelevant. The behavior pattern alone suffices. The SEC hires a quantitative network analyst to map the contributor graph, generating a coordination coefficient measuring the frequency and recency of co-commits between developer pairs. Any coefficient above a threshold the SEC sets, calibrated post hoc to capture the specific network under review, is deemed evidence of behavioral common control. This metric sounds technical and objective while being entirely circular.

The threshold is selected to produce the desired outcome. In other words, if everybody's committing to the same repository, it's a security. Attack number three: the pseudonymity burden of proof engineered an unfulfillable evidentiary standard. The bill places the burden of proving maturity and decentralization on the filer. So XRP would have to prove to the SEC it's not a security, and they act as judge, jury, and executioner.

They start as one by default by this bill. No judge gets to decide otherwise. The bill makes them one. This is what "bad bill" means, but we just have to pass it. The SEC promulgates a beneficial ownership sufficiency standard requiring that any issuer filing for digital commodity graduation must demonstrate that no single beneficial owner or undisclosed group of coordinating owners controls more than 20% of the network's stake.

By the way, right now, that would mean XRP is a security under that standard. It is perfectly legitimate to do in rulemaking, especially for proof-of-stake systems where your tokens are connected to control voting power or otherwise. To affirmatively prove this negative, filers must either provide KYC documentation for all wallets holding more than 0.5% of the supply, which is impossible in an open system, or submit a third-party forensic blockchain report certified by an SEC-registered blockchain forensic auditor, of which there are none. A registration category the SEC has not yet opened for application.

So you have to come in and register, but you can't register. Option A is technically impossible for a public blockchain. The issuer does not control wallet addresses they did not create. Soliciting KYC from pseudonymous holders is legally equivalent to demanding it from an anonymous public. Option B requires certification from a category of professionals that the SEC has defined but not licensed, making compliance with the rule literally impossible.

Attack vector four: the utility versus speculation decomposition falsifying the value attribution test. The bill's definition of digital commodity ties the asset status to its derived use from the blockchain system. This requires a causal theory of value attribution, which the SEC is positioned to define through rulemaking and can define adversarially. It's not defined in the bill. The SEC gets to define it any way they want, and that will be the linchpin to decide whether you graduate from being a security or not.

The SEC creates a primary value attribution framework requiring issuers to demonstrate that over the preceding 24 months, more than 50% of the asset's price appreciation, net of a broader crypto market beta, is attributable to on-chain utility demand rather than secondary market speculation. Every cryptocurrency, including Bitcoin, would fail that test. Filers must submit a certified economic attribution study using a methodology defined by the SEC, a release that will be issued in due course. This is me just off the top of my head for a few minutes, looking at the bill for attack factors. Do you understand that an adversarial SEC?

This is a nightmare. You start as a security. All new cryptocurrency projects, the legacy ones like Cardano and Ethereum and XRP will likely be grandfathered in. Everybody else starts as a security, all new projects. Then rulemaking in a room with people, eventually the Democrats, who are currently campaigning on "all crypto is corruption," will kick into effect.

It'll take years to get through, and then these standards will come out. Instead of having scary Gary rolling the dice with no law and ambiguity in a court that's favorable to us, they now have HR 3633 with no developer protections. Everything starts as a security by default, and there are numerous procedural attack vectors to keep you as a security forever. As a security, you can't get liquidity. So how do you broaden the ownership of the token?

As a security, there's no token appreciation. How do you get people to invest in your ecosystem and build in your ecosystem when they have non-security standards that exist? They can trap us they did with BitLicense, the FDA does with approvals, and the SEC did previously under Gensler with bureaucratic nonsense. This is why I'm opposed to the bill. It's not sour grapes that I wasn't in the room.

I was in the room for three years since the FIA in 2022 with Lummis' staff. We started with a principles-based approach, 137 amendments later, including Elizabeth Warren, and they stripped out the developer protections. So TornadoCash++, they made everything a security by default. Because it looks like XRP might get a pass and be one of the grandfathered in, including Cardano in this whole process, I guess we just have to pass a horrific trash bill that makes everything a security by default and creates attack vectors through bureaucratic nonsense for the SEC to destroy all future American cryptocurrency projects. Also, there's nothing in this for DeFi.

Uniswap doesn't get anything. Prediction markets don't get anything. Armstrong can't even get his yield-bearing stablecoins. This is not a good bill. Through rulemaking, it can become horrific and weaponized, and it doesn't cover the core of what's going on in the industry right now.

Then they say, "We can always amend the bill later." Then why is there such a rush to pass it? Why do we have to pass it now if we believe at any time we can change the bill? When we started this process three years ago, I asked a very simple question: why don't we upgrade the Securities Exchange Act of 1933 to include a different definition of a security that allowed blockchain-based disclosure? This would allow you to be a digital security, a blockchain-based security, and the registration could be done by anybody, using the blockchain as a disclosure mechanism, which would then cover DeFi, real-world assets, and have a completely different category of regulation.

No, we can't touch the SEC. We can't amend the bill. So in other words, what we're going to do is give them all the power for all new projects. Then we're going to create a miniature Securities Exchange Commission at the CFTC. We're just going to behave as if the CFTC can run that, which, by the way, they're a principles-based regulator, a very different kind of regulator than the SEC with no funding increases.

Somehow, the CFTC and the SEC, who don't get along, are going to come together magically and make a great set of rules for our industry that we all love and agree with and are certainly not written by the banks. Really? That's just going to happen because they've always worked for us throughout all the other things, right? They've always been great for us. Year after year, they've just been straightforward, honest, kind, not bureaucratic, easy to talk to, easy to work with, and easy to issue no-action relief, right?

They've done that for us. You just wake up every day, wrap yourself in a warm blanket, and say, "God, I love those bureaucrats. They're just so kind, and they want this industry to exist," especially when, after they get out of office, they go work for the people who run the banks. A bad bill enshrines into law every single thing Gary Gensler was trying to do to the industry. A bad bill through rulemaking allows the SEC to arbitrarily and capriciously kill every new project in the United States.

A bad bill exposes all DeFi developers to personal liability. A bad bill destroys all liquidity for the people who aren't anointed by the government, which, yes, right now is pro-crypto. If Gavin Newsom wins in 2028, running on "crypto equals corruption," and I'm going to get that crypto industry down, and our DOJ is going to look into all that crypto corruption, and they're lobbing bombs at us, does that mean that it's all copacetic and sunshine and rainbows? People, use your heads. They're getting addicted to the prestige of going to the White House and thinking that if they cut $35 million checks, $25 million checks, $5 million checks, and go have dinner with the president, somehow magically they have a say in the matter.

If the Democrats win in 2026, this president is a lame duck. No legislation, no cabinet changes are going to get through. The whole government is going to shut down for two years, the last two years of the Obama administration, and everybody's just going to hate each other. The talking points of the Democrats, and you can already Google it, are "crypto corruption." They're already writing it.

They're campaigning on it. Crypto equals Trump equals corrupt. Trump made $5 billion from crypto. They're all going to run on this. They're not running on "crypto has some bad actors, and we have to get rid of them.

" They're running on "crypto itself is a scam. Crypto itself is corruption. Crypto is unnecessary." That's what they're running on. Gary Gensler, plus plus, the new model.

We're going from the T-800 to the T-1000. Liquid metal man, Gary Gensler. Doesn't even have the Austrian accent. Walked through bars. Superhuman, Gary, and the law will be on his side.

That's why I'm not supporting this bill. We can't trust the government anymore. They passed the Epstein Transparency Act, bipartisan. The DOJ doesn't even follow the laws. They released the files late, heavily redacted, and missing 3 million of them, and they say, "That's all you're going to get.

Go fuck yourself." They're in inherent contempt of the law. They don't have the right to pick and choose what laws to follow, but that's where we're at in 2026. Every single thing has to be written in crayon. Explain it to me I'm five years old, explicitly listed.

We have to modify our tax code, the Securities Exchange Commission, and yes, absolutely do things with the CFTC, but you don't start with everything being a security by default. No new project will pass the mature blockchain test, and there's no objective criteria to graduate. There was no discussion of what the rulemaking needs to look and guidance to the rulemaking process to prevent it from being weaponized. We're going to pass it, roll the dice, and hope to God that people don't do the four things I just said, which are just four things I came up with. There are thousands of bureaucratic nightmares, Kafka-esque bureaucratic circles that the government can install if they don't want to do something.

What you're doing is basically rolling the dice that somehow the pro-crypto people can stay in power long enough to create some modicum of stare decisis, hoping to God that the change in government doesn't corrupt this process. The Consumer Financial Protection Act under Obama, they're still making rules 15 years later. So no, a bad bill is not better than no bill. You start from a principles-based approach. You don't make everything a security by default.

You upgrade modernized securities laws so that's not so bad, and you create hooks for disclosure, tax compliance, modern-day KYC, KYT, KYB, AML, and other things. You provide liability protections for developers and DeFi projects, explicitly exclude certain attack vectors, and create an appeals process that the SEC doesn't control. Somebody beyond them must hold them accountable because we can't trust them. That was what we learned under Gary Gensler. We can't trust them.

But now we're just going to move back to "trust me, bro," and don't worry, we're the standard. Somehow, we'll be immune to all of this stuff. Yeah, you are until you're not. So people, have a fact-based conversation. Read the bill.

Start from the source material, HR 3633, and just ask a question: if it starts as a security, what stops them from keeping it as a security forever? Are we really sure that we can trust that to rulemaking that has yet to happen by people who have yet to be appointed by agencies that spent the last four years suing everybody and throwing everybody in prison? Honestly speaking, does that make any sense at all to you? None. I tried to include NIST into the process so at least the government would have engineers and scientists, and we could create objective standards, a decentralization index.

So we'd at least have some grounding in reality and a third party who's not involved in financial regulation, who doesn't have a dog in the fight, to introduce some objectivity to the conversation. That was also stripped out. For years, we've been talking about this, been in many rooms, hundreds of meals, many office visits, and round tables with everybody there, trying really hard to get aligned. And we're here now. The only thing holding this bill up from passing has nothing to do with the principles.

It has to do with a yield-bearing stablecoin because Circle and Coinbase want it. That's it. It's nice to be on the outside sometimes because at least somebody gets to tell you what's going on on the inside and has some principles to say, "This is not about my project.