Your weekly legal update: April 29

SEC Backs Off Nova Labs | Oregon Sues Coinbase | Phantom Wallet Lawsuit

Author

Nick Pullman
April 29, 2025

gm from the Day One Law team!

This week’s crypto law update covers:

  • 1/3 SEC dismisses claims against Nova Labs, the founding team behind Helium

  • 2/3 Oregon sues Coinbase, alleging 31 assets are unregistered securities

  • 3/3 Phantom sued by a user over alleged wallet vulnerabilities and unregistered platform claims

Let’s dive in:

1/3: SEC dismisses claims against Nova Labs (Helium)

In another sign of the SEC’s shifting approach to crypto under the new administration, the agency dismissed all claims* against Nova Labs, the creator of DePIN project Helium.

*One exception: They obtained final judgment about Nova Labs’ misrepresentations in connection with a private placement, but the SEC dismissed all other alleged claims.

The litigation started in January 2025, just prior to the change in administration, with the SEC alleging that Nova Labs breached securities rules when:

  • Selling “Hotspots” (which the project refers to as wireless gateways) that are incentivized to provide and handle wireless coverage via the Helium token.

  • Offering “Discovery Mapping,” a program that allows users to exchange their private data for Nova Labs’ crypto assets — the SEC claimed this was an investment contract because Nova Labs promised investors that participation in the program would earn them tokens.

Since the dismissal is made with prejudice, the agency is barred from making these charges again. You can read Helium’s blog post here.

You should know: Helium launched in 2019 and has now survived multiple SEC enforcement cycles — an important contextual marker for DePIN projects considering token incentives today. This dismissal signals a broader shift: founders can structure token-incentive models for real-world networks with reduced SEC risk, but the private placement misrepresentation claim here is a reminder that federal regulators will still enforce traditional securities fraud rules, even if broader tokenization strategies are treated more leniently.

2/3: Oregon sues Coinbase

Oregon Attorney General Dan Rayfield filed a lawsuit against Coinbase, alleging violations of state securities law.

Key allegations:

  1. Coinbase offered and sold 31 unregistered securities to Oregon residents, including assets like AAVE, MATIC, XRP, and ADA.

  2. Coinbase’s core functions — including settling trades, facilitating transactions, operating a marketplace, charging fees, and offering staking — allegedly furthered illegal securities sales.

The press release announcing the complaint cited the dropping of the SEC’s lawsuit against Coinbase as a reason to bring the case: “Attorney General Rayfield says the states must fill the enforcement vacuum being left by federal regulators who are giving up under the new administration and abandoning these important cases.”

The Oregon AG is seeking to fine Coinbase $20,000 for every violation of Oregon Securities Law, plus a permanent ban from offering their services to residents of the state, among other penalties.

Coinbase responded by noting that “Oregon’s lawsuit directly undermines constructive policymaking happening in DC,” per Chief Legal Officer Paul Grewal, who also noted that Coinbase will continue to operate in the state of Oregon despite the lawsuit.

You should know: State regulators are moving aggressively where the SEC is backing off. Companies need to plan ahead for rapid offboarding — particularly from “hotspot states” such as New York, California, Texas, and now Oregon — to avoid getting caught flat-footed if lawsuits or state-level bans hit. Projects should build technical and procedural offboarding pathways now.

3/3: Phantom Wallet Lawsuit

On April 14, 2025, 14 plaintiffs filed a lawsuit against Phantom in the Southern District of New York.

The lawsuit also includes allegations that Phantom’s wallet functions as “an unregulated cryptocurrency trading platform” and is in breach of the Commodity Exchange Act because it:

  1. Routes token swaps;

  2. Matches trade algorithmically;

  3. Charges fees on execution; and

  4. Connects users to third-party liquidity pools

The lawsuit also alleges security vulnerabilities on Phantom’s browser application (which stores decrypted private keys) led to the theft of over $500,000 worth of tokens from a developer's account.

They add that Phantom has never warned consumers of the vulnerability nor disclosed it in user agreements. Blog posts from Phantom’s website are cited throughout the full claim.

You should know: Private litigation is fast becoming a bigger risk than regulators. Class action lawsuits over platform vulnerabilities, consumer protection issues, and trading functionality will likely escalate. Founders should proactively review and tighten Terms of Service, reinforce clear risk disclosures, and include binding arbitration and class action waivers where possible.

As always, please reach out if you have questions about how the above relates to your ongoing work. 

We’ll be back with your next update in a week. Talk soon.

Nick Pullman
Day One Law