H.R. 3633 and the Idiocy of the Masses
Charles Hoskinson discusses H.R. 3633, the Digital Asset Market Clarity Act of 2025.
Summary
Charles Hoskinson delivers a detailed critique of H.R. 3633, the Digital Asset Market Clarity Act currently passing through Congress, arguing that the bill represents a catastrophic threat to the cryptocurrency industry disguised as regulatory clarity. Hoskinson reveals that the bill would classify all new digital assets as securities by default, requiring projects to petition the SEC to graduate to commodity status — a process he argues is designed to be bureaucratically impossible through numerous procedural traps. He demonstrates how the bill's vague language around "mature blockchain systems" and "common control" creates attack vectors that would allow a hostile SEC to permanently classify projects as securities, effectively destroying liquidity and preventing new American cryptocurrency development. Hoskinson argues that the current political climate makes this particularly dangerous, as Democrats are already campaigning on "crypto equals corruption" messaging for 2026 and 2028 elections, which would bring Gary Gensler-style enforcement but now backed by explicit statutory authority rather than regulatory ambiguity.
Key Takeaways
Full Transcript
Charles Hoskinson: This is Charles Hoskinson broadcasting live from warm, sunny Colorado. Always warm, always sunny, sometimes Colorado. Today we're going to put our hats on and we're going to talk a little bit about H.R. 3633. No matter how many times I try, I always get dragged back in. I guess I'm trending on certain social media platforms about comments I made about a disagreement between Brad Garlinghouse and me. Brad is saying a bad bill is better than no bill. Let's go through it a little bit. I'm actually going to show you guys the bill. We're going to talk about this. We're going to have a fact-based conversation.
Here is the bill, H.R. 3633, the Digital Asset Market Clarity Act of 2025. It's what's passed in the House and what's currently being debated in the Senate. The holdup has nothing to do with developer protections or the balance of power between the SEC and the CFTC. It's that certain people want to have yield on stablecoins. That's all they're talking about. They don't give a shit at all about any of the text inside the bill.
Let's start because the bill is long and in legalese, but a very simple question for the XRP community here. It's a fact-based conversation based upon the bill as written today. Reading the bill as written, would XRP be a security at the time of launch? Based on the text and regulatory framework established by H.R. 3633, XRP would likely have been classified as an investment contract asset, a security at the time of its initial launch rather than a digital commodity.
Security by Default: The Investment Contract Asset Framework
Here's how the bill's mechanics would have applied to a token like XRP at its inception. Security by default, an investment contract asset framework. The Clarity Act was drafted specifically to address the legal puzzle of tokens that started as securities, but later transitioned into commodities as networks grow. Under the bill, when a digital asset is newly created, initially distributed by a centralised founding team or company, often to raise capital or bootstrap a network, it is generally treated as an investment contract asset. At this stage, it falls under the jurisdiction of the Securities Exchange Commission and is subject to securities laws and disclosure regimes, which means no liquidity, no listing on exchanges, security by default, has to have broker-dealer, all this type of stuff.
For a digital asset to be classified as a digital commodity, which exempts it from SEC registration and places it under the Commodities Futures Trading Commission's jurisdiction, the underlying blockchain must be certified as a mature blockchain system. The bill defines a mature blockchain as one that has achieved sufficient decentralisation, meaning it is not controlled by any person or group of people under common control, and its value does not rely solely on the ongoing managerial efforts of the original issuer.
When XRP was launched in 2012, its ledger and distribution of tokens were highly centralised around its founders who subsequently formed OpenCoin, later named Ripple Labs. Because the network was brand new, heavily reliant on the founders' efforts to develop the ecosystem and completely controlled by a concentrated group at a specific moment of time, the XRP ledger would not have met the Clarity Act's definition of a mature, decentralised blockchain system.
Here's what's happened. This bill as written, everything starts as a security. XRP starts as a security, Cardano starts as a security, Ethereum starts as a security, all kinds of things there. Then you have to go to the SEC and tell them, I don't think I'm a security anymore, Securities Exchange Commission. Guess what? The SEC has to agree with you. They can make an argument, no. You know what they can do? They can do the same thing New York State did with BitLicense.
Attack Vector One: The Substantially Complete Trap
Here are some attack vectors that you could set up. Attack vector one, the substantially complete trap, ratcheting the shot clock. The SEC has 60 days. You go to them and you say, I don't think I'm a security anymore. Well, the clock is only as strong as the triggering conditions the SEC defines for when it begins. The bill does not mandate an automatic start upon submission. It defers to the agency upon filing completeness standards, a silence the SEC can exploit architecturally.
The rule: the SEC promulgates a two-stage completeness doctrine. Stage one requires an administrative pre-review of up to 30 days, during which staff determines whether a filing is eligible to even begin the 60-day period. Stage two imposes a rolling substantially complete standard defined by a 500-page regulatory disclosure matrix maintained internally by SEC staff subject to revision without notice and comment rulemaking under the interpretive guideline exemption to the APA.
The deficiency cascades. Staff issues a deficiency letter on day 59, identifying a single missing disclosure, say a hardware supply chain audit for a validator node manufacturer produced by more than 1 per cent of the network infrastructurally globally. The 60-day clock pauses. When the issuer cures the deficiency 45 days later at enormous legal cost, the staff acknowledges receipt, but then issues a second deficiency letter. Welcome to what the FDA does, and welcome to what New York State did with BitLicense. Of course you can double down on this.
Attack Vector Two: Weaponising Common Control
Attack vector two, weaponising the common control, the open-source criminalisation framework. The statutory hook: the bill's common control exemption protects formal DAOs and explicitly registered organisations. It does not define and therefore leads to the agency interpretation, the boundary between protected decentralisation coordination and prohibited common control. The SEC's traditional affiliation doctrines under the Investment Company Act are transplantable here.
The rule: the SEC issues a behavioural affiliation rule defining common control to include any two or more parties who share a funding source, including not-for-profit grants, contribute code to the same canonical repository without independent code review by non-affiliated persons, or have coordinated on upgrade timelines within the previous 18 months as evidenced by shared communication channels, including public Discord servers, GitHub issue threads, or recorded governance calls. Intent to coordinate is irrelevant. The behaviour pattern alone suffices. They can just look at the GitHub graph.
The SEC hires a quantitative network analyst firm. The firm generates a coordination coefficient measuring the frequency and recency of co-commits between developer pairs. Any coefficient above a threshold the SEC sets, calibrated post hoc to capture the specific network under review, is deemed evidence of behavioural common control. This metric sounds technical and objective while being entirely circular. The threshold is selected to produce the desired outcome. In other words, if everybody's committing to the same repo, it's a security.
Attack Vector Three: The Pseudonymity Burden of Proof
Attack number three, the pseudonymity burden of proof, engineering an unfulfillable evidentiary standard. The bill places the burden of proving maturity and decentralisation on the filer. XRP would have to prove to the SEC it's not a security. They act as judge, jury, and executioner. They start as one by default by this bill. No judge gets to decide otherwise. The bill makes them one. This is what bad bill means.
The SEC promulgates a beneficial ownership sufficiency standard requiring that any issuer filing for digital commodity graduation must demonstrate that no single beneficial owner or undisclosed group of coordinating holders controls more than 20 per cent of the network stake. By the way, right now, that would mean XRP is a security under that standard. Perfectly legitimate to do in rulemaking, especially for proof-of-stake systems where your tokens are connected to control voting power or otherwise.
To affirmatively prove this negative, filers must either provide KYC documentation for all wallets holding more than 0.5 per cent of supply — so how would they do that in an open system? They can't — or submit a third-party forensic blockchain analytics report certified by an SEC-registered blockchain forensic auditor, of which there are none, a registration category the SEC has not yet opened for applications. You have to come in and register, but you can't register. The Gary Gensler circular speech we lived with for three years.
Option A is technically impossible for a public blockchain. The issuer does not control wallet addresses they did not create. Soliciting KYC from pseudonymous holders is legally equivalent to demanding it from an anonymous public. Option B requires certification from a category of professionals that the SEC has defined, but not licensed, making compliance with the rule literally impossible.
Attack Vector Four: The Utility Versus Speculation Decomposition
Attack vector four, the utility versus speculation decomposition, falsifying the value attribution test. The bill's definition of digital commodity ties the asset status to "derived from the use of the blockchain system." This requires a causal theory of value attribution, which the SEC is positioned to define through rulemaking and can define adversarially. It's not defined in the bill. The SEC gets to define it any way they want. That will be the linchpin to decide whether you graduate from being a security or not.
The SEC creates a primary value attribution framework requiring issuers to demonstrate that over the preceding 24 months, more than 50 per cent of the asset's price appreciation net of a broader crypto market beta is attributable to on-chain utility demand rather than secondary market speculation. Every cryptocurrency, including Bitcoin, by the way, would fail that test. Filers must submit a certified economic attribution study using a methodology defined by the SEC in a release that will be issued in, quote, "due course."
Guys, this is me just off the top of my head for a few minutes looking at the bill for attack vectors. Do you understand that for an adversarial SEC, this is a fucking wet dream? You start as a security, all new cryptocurrency projects. The legacy ones like Cardano and Ethereum and XRP will likely be grandfathered in. Everybody else starts as a security, all new projects. Then rulemaking in a room with people, eventually the Democrats who are right now campaigning on all crypto is corruption. Crypto equals Trump equals bad will kick into effect. It'll take years to get through and then these standards will come out.
Why This Bill Is a Wet Dream for Hostile Regulators
Instead of having Gary Gensler rolling the dice with no law and ambiguity in a court that's favourable to us, they now have H.R. 3633 with no developer protections. They were stripped out. Everything starting as a security by default and numerous procedural attack vectors to keep you as a security forever. As a security, you can't get liquidity. So how do you broaden the ownership of the token? As a security, there's no token go up. So how do you get people to invest in your ecosystem and build in your ecosystem when they have non-security standards that exist?
They could trap us like they did with BitLicense, like the FDA does with approvals, and like the SEC did previously under Gensler with bureaucratic nonsense. This is why I'm opposed to the bill. It's not sour grapes that I wasn't in the room. I was in the room for three fucking years since the FIA in 2022 with Lummis's staff. We started with a principles-based approach. 137 amendments later, including Elizabeth Warren, and they stripped out the developer protection. So Tornado Cash plus plus. They made everything a security by default.
Because it looks like XRP might get a pass, and be one of the grandfathered in, including Cardano, in this whole process, I guess we just have to pass a horrific trash bill that makes everything a security by default and it creates attack vectors through bureaucratic nonsense for the SEC to destroy all future American cryptocurrency projects. Also, there's nothing in this for DeFi. Nothing. Uniswap doesn't get anything. Prediction markets don't get anything. Armstrong can't even get his yield-bearing stablecoins. This is not a good bill. Through rulemaking, it can become horrific and weaponised, and it doesn't cover the core of what's going on in the industry right now.
Then they say we can always amend the bill later. Then why is there such a rush to pass it? Why do we have to pass it now if you believe at any time we can change the bill?
The Three-Year Fight for Principles-Based Regulation
When we started this process three years ago, I asked a very simple question. Why don't we upgrade the Securities Exchange Act of 1933 to include a different definition of a security that allowed blockchain-based disclosure so you can be a digital security, a blockchain-based security, and the registration can be done by anybody and it can be done with the blockchain as a disclosure mechanism, which would then cover DeFi, real-world assets, and have a completely different category of regulation? No, we can't touch the SEC. We can't amend the bill.
In other words, what we're going to do is give them all the power for all new projects. Then we're going to create a miniature Securities Exchange Commission at the CFTC. Then we're just going to behave and act as if the CFTC can run that, which by the way, they are a principles-based regulator, very different kind of regulator than the SEC, with no funding increases, and they're going to be able to serve the needs of our industry in a timely manner. Somehow the CFTC and the SEC who don't get along through rulemaking are going to come together magically and make a great set of rules for our industry that we all love and agree with and are certainly, we pinky swear promise, not written by the banks.
Really? It's just going to happen because they've always worked for us throughout all the other things, right? They've always been great for us year after year after year. They've just been nothing but straightforward, honest, kind, not bureaucratic, easy to talk to, easy to work with, easy to issue a no-action relief, right? You just wake up every day, wrap yourself in a warm blanket, say, God, I love those bureaucrats. They're just so kind and they want this industry to exist, especially when after they get out of office, they go work for the people who run the banks.
What a Bad Bill Really Means
A bad bill enshrines into law every single thing Gary Gensler was trying to do to the industry. A bad bill, through rulemaking, allows the SEC to arbitrarily and capriciously kill every new project in the United States. A bad bill exposes all DeFi developers to personal liability. A bad bill destroys all liquidity for the people who aren't anointed by the government, which, yes, right now is pro-crypto.
If Gavin Newsom wins in 2028, running on crypto equals corruption, and I'm going to get that crypto industry down, and our DOJ is going to look into all that crypto corruption, and they're lobbing bombs at us, and he gets to appoint Gary Gensler 2.0, now with this bad bill. Does that mean that it's all copacetic and sunshine and rainbows? Jesus Christ, people, use your heads.
They're getting addicted to the prestige of going to the White House and thinking that if they cut $35 million cheques, $25 million cheques, $5 million cheques, and go get to have dinner with the president and go get to be in the room, that somehow magically they have a say in the matter. If the Democrats win in 2026, this president is a lame duck. No legislation, no cabinet changes are going to get through. The whole government's going to shut down for two years, like the last two years of the Obama administration. Everybody's just going to hate each other.
The talking points of the Democrats, and you can already Google it, crypto corruption, Democrat congressional report. They're already writing it. They're campaigning on it. Crypto equals Trump equals corrupt. Trump made $5 billion from crypto. Trump coin, World Liberty, they're all going to run on this. They're not running on crypto has some bad actors and we have to get rid of them. They're running on crypto itself is a scam. Crypto itself is corruption. Crypto is unnecessary. That's what they're running on. Gary Gensler plus plus, the new model. We're going from the T-800 to the T-1000 liquid metal man, Gary Gensler. Doesn't even have the Austrian accent. Walks through bars. Superhuman Gary and the law will be on his side.
Why We Can't Trust the Government Anymore
That's why I'm not supporting this bill. We can't trust the government anymore. We can't. They passed the Epstein Transparency Act bipartisan. The DOJ doesn't even follow the laws. They released the files late, heavily redacted, missing 3 million of them. They say, that's all you're going to get. Go fuck yourself. They're in inherent contempt of the law. They don't have the right to pick and choose what laws to follow but that's where we're at in 2025.
Every single thing has to be written in crayon. Explain it to me like I'm five years old, explicitly listed. We have to modify our tax code, the Securities Exchange Commission and yes absolutely do things with the CFTC, but you don't start with everything being a security by default because no new project will pass the mature blockchain test. There's no objective criteria to graduate. There was no discussion of what the rulemaking needs to look like and guidance to the rulemaking process to prevent it from being weaponised.
We're going to pass it, roll the dice and hope to God that people don't do the four things I just said, which are four things I just came up with. There are thousands of bureaucratic nightmares, Kafka-esque bureaucratic circles that the government can install if they don't want to do something. What you're doing is basically rolling the dice that somehow the pro-crypto people can stay in power long enough to create some modicum of stare decisis, so we say that this is the way it is, hoping to God that the change in government doesn't corrupt this process.
The Consumer Financial Protection Act under Obama, they're still making rules 15 years later. No, bad bill is not better than no bill. You start from a principles-based approach. You don't make everything a security by default and you upgrade modernised securities laws so that's not so bad. You create hooks for disclosure and you create hooks for tax compliance and hooks for modern-day KYC and KYT and KYB and AML and these other things. Liability protections for the developers and DeFi projects. You explicitly exclude certain attack vectors and you create an appeals process that the SEC doesn't control. Somebody beyond them holds them accountable because we can't trust them. That was what we learned under Gary Gensler. We can't trust them. But now we're just going to move back to trust me, bro. Don't worry, we're the standard. Somehow we'll be immune to all of this stuff. Yeah, you are until you're not.
Have a Fact-Based Conversation
People have a fact-based conversation. Read the bill. Start from source material, H.R. 3633. Just ask a question. If it starts as a security, what stops them from keeping it as a security forever? Are we really sure that we can trust that to rulemaking that has yet to happen by people who have yet to be appointed by agencies that spent the last four fucking years suing everybody and throwing everybody in prison? Honestly speaking. Does that make any sense at all to you? None.
I tried to include NIST into the process so at least the government would have engineers and scientists and we could create objective standards like a decentralisation index. We'd at least have some grounding in reality and a third party who's not involved in financial regulation, who doesn't have a dog in the fight to introduce some objectivity to the conversation. That was also stripped out.
For years, we've been talking about this, been in many rooms, hundreds of meals, many office visits, round tables with everybody there, trying really, really hard to get everybody aligned. We're here now. The only thing holding this bill up from passing has nothing to do with the principles. It has to do with a yield-bearing stablecoin because Circle and Coinbase want it. That's it.
It's nice to be on the outside sometimes because at least somebody gets to tell you what's going on in the inside and has some principles to say, this is not about my project. What they'll do in practice is grandfather in the top 10 projects that have been around for a long time. Cardano, this doesn't impact it. But every new blockchain project moving forward has to blacklist the United States and grow outside of the United States. After five years, 10 years, maybe enter the US market and no one in DeFi gets any coverage whatsoever. They can't even get a yield-bearing stablecoin. This is our market structure bill.
Sorry guys, doesn't taste good to me. You don't believe me? Read the bill.