Deceptive advertisements, market manipulation, misappropriation of customer funds, and “Ask Me Anything (AMA)” sessions served as the catalysts of a civil enforcement action the Federal Trade Commission (FTC) recently filed against bankrupt digital asset services provider Celsius Network LLC (Celsius) and its co-founders on July 13. This is a groundbreaking move by the FTC for two reasons. First, it marks the first time that the agency has filed suit against a digital asset-based company. Second, the FTC’s request for civil money penalties is predicated on a novel theory under the Gramm-Leach-Bliley Act (GLBA). Alongside the FTC, the Department of Justice has filed criminal charges against ex-CEO Alexander Mashinsky, and the Securities and Exchange Commission and the Commodity Futures Trading Commission have filed separate civil enforcement actions against Celsius.
In its complaint, the FTC asserted that Celsius, allegedly spearheaded largely by ex-CEO Alexander Mashinsky, violated Section 5 of the FTC Act by making significant misrepresentations about various aspects of Celsius’ business:
- Celsius frequently originated unsecured loans to institutional investors, although Mashinsky publicly stated that Celsius only originated secured, “overcollaterized” loans;
- Celsius did not have sufficient liquidity to meet the withdrawal demands of its customers, although Mashinsky informed Celsius’ customers in an AMA session that “there was no risk in depositing  crypto on Celsius … .”;
- Celsius customers could not withdraw their deposits at any time, although Mashinsky consistently stated otherwise during his AMA sessions;
- The deposits of Celsius’ customers were not individually insured up to $750 million, although a Celsius employee stated otherwise during an AMA session; and
- Earn accounts, which we previously discussed here, could not produce a yield of 17% APY, although Celsius advertised that interest rate on its webpage.
Interestingly, the FTC also alleged that Celsius violated the GLBA by making false representations to customers of financial institutions to obtain, among other things, the cryptocurrency wallet addresses of its customers. The FTC cited to a seldom utilized provision of the GLBA that prohibits any person from “obtain[ing] or attempt[ing] to obtain … customer information of a financial institution relating to another person … by making a false, fictitious, or fraudulent statement or representation to a customer of a financial institution.”
According to the FTC, the agency is empowered to enforce the provisions of the GLBA “in the same manner and with the same power and authority as the [FTC] has under the Fair Debt Collections Practices Act [FDCPA] … .” In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act amended the FDCPA to allow the FTC to enforce its provisions “in the same manner as … an FTC trade regulation rule.” Therefore, because the FDCPA permits the FTC to seek civil penalties and restitution for violations of its provisions, the FTC believes that the GLBA (which incorporates the FDCPA by reference) also permits the agency to seek civil penalties for violations of the GLBA. This claim is doubly important: (1) it suggests that cryptocurrency wallet addresses constitute “financial information” under the GLBA; and (2) it highlights the FTC’s continued pursuit of a sufficient substitute for its defunct civil penalty authority under Section 13(b) of the FTC Act, which the U.S. Supreme Court held does not authorize court-ordered monetary relief in AMG Capital Management, LLC v. FTC.
Under the stipulated consent order, the FTC has permanently banned Celsius from engaging in the business of “any service that can be used to deposit, exchange, invest, or withdraw assets, whether directly or through an intermediary.” Further, the stipulated consent order holds Celsius liable for a $4.72 billion dollar judgment, which constitutes the aggregate total loss incurred by Celsius’ customers after the company ceased allowing customers to withdraw deposits due to its ensuing bankruptcy. Yet, the most notable aspect of the stipulated consent order is that it nullifies Celsius’ “legal and equitable right, title, and interest in all assets” that the company obtained via the Earn account deposit agreements it entered with users of its platform. In Celsius’ bankruptcy proceeding, the FTC has filed a nondischargeable, general unsecured claim of $4.72 billion, which must be deposited in a redress fund administered by the FTC.
Our Take. The FTC’s complaint contains an immeasurable number of misrepresentations that Mashinsky allegedly voiced to users of Celsius. Given the FTC’s apparent intent to leverage the GLBA to resurrect its lost civil penalty authority under the FTC Act, financial institutions (as broadly defined by the GLBA) should take a keen eye to any representations they make to their customers in connection with any transaction, where a customer must disclose financial information — even if such information pertains to cryptocurrency wallet addresses.