Initial coin offerings (ICOs) once promised open, global fundraising. In 2025, they sit at the intersection of securities law, consumer-protection rules, platform ad bans, and very real cybercrime risk. This guide explains how regulators now treat token sales, highlights fresh enforcement and crime data, and gives you a practical checklist to avoid today’s most common investment hazards.
What is an ICO—legally speaking?
In the United States, many ICOs meet the definition of a “security” under the Howey test if purchasers invest money in a common enterprise with an expectation of profit from others’ efforts. If so, registration or a valid exemption applies, and promotions must be truthful and not misleading. The SEC’s framework remains the primary reference for this analysis.
In the European Union, the Markets in Crypto-Assets Regulation (MiCA) standardizes rules across member states. MiCA requires token issuers to publish a compliant crypto-asset white paper and ensure fair, clear, non-misleading marketing; ESMA is building a public register and issuing detailed guidelines that began taking effect from December 30, 2024, with more in 2025.
In the UK, since October 8, 2023, most retail-facing crypto promotions fall under the FCA’s financial promotion regime: ads must be “fair, clear and not misleading,” with specific rules on risk warnings, incentive bans, and approver responsibilities. The FCA has continued supervisory and enforcement updates through 2024–2025.
The investment risks that matter most today
1) Unregistered or non-compliant offerings
Historic enforcement actions (e.g., Telegram’s 2018–2020 token sale and Block.one’s EOS sale) show that even large, high-profile issuers can be forced to return funds or pay penalties if their sales violate securities laws. Similar theories underpin actions against staking/lending programs that resemble investment contracts.
2) Misleading promotions and illegal financial advertising
Even before you analyze a token, check whether its marketing would be allowed. Google’s current ads policy explicitly disallows ads for initial coin offerings and related pre-sales/IDOs; X (Twitter) also prohibits ads for ICOs/IEOs/IDExOs. Promoters working around these rules are immediate red flags.
3) Growth in scams and fraud losses
Investment scams remain the top category of reported consumer losses in the U.S. for 2024 at $5.7 billion, with many victims paying by bank transfer or cryptocurrency. The FBI’s 2024 Internet Crime report likewise attributes more than $6.5 billion of losses to investment fraud, particularly involving crypto.
4) Hacks and smart-contract failures
Through mid-2025, crypto services have already lost over $2.17 billion to hacks—worse than the whole of 2024—with one record-setting exchange breach dominating the totals. Audits and formal verification reduce risk but cannot eliminate it; admin-key misuse and bridge exploits remain systemic.
5) Fake “regulatory approvals” and impersonators
Fraudsters often claim their offering is “SEC-approved” or impersonate real firms/regulators. The SEC’s PAUSE list catalogs unregistered soliciting entities and impersonators—use it to spot fakes quickly.
6) Cross-border marketing traps
Under MiCA, issuers and crypto-asset service providers face new disclosure, competence, and market-abuse standards; the UK bans many forms of retail incentives. If a sale’s website geotargets the EU or UK without meeting these rules, you’re seeing regulatory risk—not sophistication.
How regulators have acted (and why it matters to investors)
- Staking/lending programs: U.S. actions against custodial “staking as a service” show that yield programs marketed as effortless returns can be treated as unregistered securities offerings. Treat any “X% APY” promises with caution.
- ICO settlements: Telegram returned more than $1.2B to investors; Block.one paid a civil penalty for an unregistered ICO. Historic, but still instructive on how courts and regulators analyze crypto fundraising.
- UK promotions: Since late 2023, the FCA has repeatedly warned and taken action over non-compliant crypto promos and reminded firms that enabling illegal promotions can itself pose criminal-property risks.
ICOs after MiCA and new ad rules: what “good” looks like in 2025
- Clear legal basis: If targeted at U.S. investors, expect registration or a valid exemption; in the EU, look for a MiCA-compliant white paper and CASP authorizations; in the UK, check that any retail marketing satisfies the FCA’s rules. Absence of these signals is a major risk flag.
- No prohibited ads: Genuine issuers avoid ad formats that platforms ban (e.g., Google Ads for ICOs, ICO ads on X). They rely on disclosures, documentation, and investor education rather than sensational claims.
- Transparency artifacts: A public repo, third-party smart-contract audits, and named team members with verifiable history—plus honest, plain-English risk sections—are table stakes under modern rules and investor expectations. (Pair these with the official disclosures required by MiCA/SEC/FCA where applicable.)
Investor due-diligence checklist (fast but rigorous)
- Regulatory posture
- U.S.: Does the sale claim registration or a clear exemption consistent with the SEC’s framework? Beware any claim of being “SEC-approved.”
- EU: Is there a MiCA-format white paper? Can you find the issuer/CASP in ESMA’s emerging registers or guidance materials?
- UK: Are promotions “fair, clear and not misleading,” with risk warnings and no banned incentives?
- Advertising reality check
- If you see display ads for an ICO on major networks, verify they’re even allowed. Google and X both prohibit ICO ads—non-compliant ad buys signal disregard for basic rules.
- Promoter & platform verification
- Search the SEC’s PAUSE list and the FCA Warning List for the entity or its “approver.” Impersonation and fake approvals are rampant.
- Smart-contract and custody risks
- Look for recent third-party audits and minimal admin privileges. Remember that 2025 hack volumes are already surpassing 2024—don’t bridge or stake blindly.
- Economic design
- Scrutinize token utility, vesting/lockups, and treasury transparency. If expected returns come mainly from team efforts rather than use-case demand, you’re probably staring at securities-law exposure (and potential enforcement).
- Fraud signals
- Guaranteed returns, pressure to move off-platform (e.g., to BTC/USDT direct transfers), and scripted romance/mentor stories are classic investment-scam patterns documented by the FTC/FBI.
FAQs
Are ICOs illegal now?
No. But in many jurisdictions, a token sale is very likely a securities offering. That means registration or a valid exemption, verified disclosures, and compliant marketing are needed. In the EU, MiCA adds formal white-paper and conduct rules; in the UK, retail promotions are tightly restricted.
What’s the single fastest way to avoid scams?
Check the name against the SEC’s PAUSE list and the FCA Warning List, and be skeptical of any ad suggesting an “SEC-approved” token. Then verify whether the ad itself would even be allowed under Google/X policies.
Are hacks still a big deal in 2025?
Yes. As of July 2025, Chainalysis estimates more than $2.17B in funds stolen year-to-date—already above all of 2024—with one exchange breach driving much of the total. Diversify custody and avoid unaudited contracts.
Can legitimate projects advertise?
Some crypto categories (e.g., exchanges, wallets) may advertise on Google subject to certification and country approval, but ICO ads are explicitly disallowed. X also bans ads for ICOs/IEOs/IDExOs.
