Can State Attorneys General Take Legal Action Against Crypto Companies?
Federal regulators tend to dominate headlines about crypto enforcement, but state attorneys general have their own independent authority to act, and they use it.
The short answer
Yes, state attorneys general can and do bring legal action against crypto companies operating in or affecting residents of their state. Their authority typically comes from state consumer protection laws, securities laws, and money transmission licensing requirements, and their actions can run alongside — not instead of — federal enforcement.
What legal grounds these actions typically rely on
State attorneys general generally act under a combination of state-level consumer protection statutes, which prohibit deceptive or unfair business practices, and state securities laws, which can apply if a crypto offering is found to function like an unregistered security under that state’s own legal test. Many states also require money transmitter licenses for businesses that move funds on behalf of customers, and operating without one can trigger enforcement even if a company holds licenses elsewhere.
The kinds of conduct that draw scrutiny
- Deceptive marketing. Claims that misrepresent risk, safety, or expected outcomes to consumers can trigger consumer protection actions, including cases involving a recognizable Ponzi pattern dressed up as a legitimate investment offer.
- Unlicensed money transmission. Operating a platform that moves customer funds without the required state licensing can result in enforcement even absent any allegation of fraud.
- Unregistered securities offerings. If a token or investment product is found to meet a state’s definition of a security, offering it without proper registration can violate state law independently of federal securities rules.
- Failure to safeguard customer assets. Mishandling customer funds, including commingling them with company funds, has drawn attention from both state and federal authorities in past enforcement matters.
How state and federal enforcement interact
State attorneys general operate independently of federal agencies, meaning a company can face parallel investigations or lawsuits at both levels for related or even the same underlying conduct. States have also coordinated with each other in some enforcement efforts, since crypto platforms typically operate across state lines and a single business practice can affect residents in many states simultaneously. This civil enforcement track is also separate from criminal matters, where local police departments may pursue theft allegations on their own. This layered structure means a company avoiding federal action isn’t necessarily in the clear at the state level, and vice versa.
Why this matters for anyone using these platforms
Enforcement actions can result in restitution for affected consumers, but the process is often slow, and outcomes depend heavily on the specifics of each case, including whether a company still has recoverable assets by the time an action concludes. None of this creates the kind of protection FDIC or SIPC coverage provides in traditional banking or brokerage accounts — legal action against a company is fundamentally different from insurance that reimburses losses automatically.
What to weigh
Rules in this area continue to evolve, and how a specific state’s laws apply to a specific crypto business or product depends heavily on individual facts and current legal interpretations that can shift over time. Anyone dealing with a company already facing state-level legal action, or wondering whether a state has jurisdiction over a particular situation, is generally better served by consulting an attorney familiar with that state’s specific rules rather than relying on general information.
The takeaway
State attorneys general have real, independent legal authority to pursue crypto companies, and their enforcement efforts run in parallel with — not as a substitute for — federal oversight. Understanding that this layered system exists helps explain why a company’s regulatory status can look different depending on which state, and which regulator, is asking the question.