The Gladius Network, a cybersecurity company that raised $12.7 million (approximately 24,000 ETH at the time of sale) in an ICO at the end of 2017 has settled charges of conducting an unregistered securities offering with the SEC, according to a statement from the Commission on Wednesday.

“Gladius did not register its ICO under the federal securities laws, and the ICO did not qualify for an exemption from registration requirements,” the SEC claims in its press release.

For those of you following along at home, the SEC’s order and accompanying press release follows a very familiar template. Gladius has settled without admitting or denying the charges (thus restricting what the company can and cannot say about its case publicly), and the company has agreed to register its GLA tokens with the SEC and refund its investors. Just like the enforcement actions against Paragon and Airfox last year, the SEC did not charge Gladius with defrauding its investors—its wrongdoing limited to simply an “unregistered ICO.”

Unlike the enforcement against Airfox and Paragon, however, the SEC decided to go relatively light on Gladius, imposing no further civil penalties. On top of that, instead of a straight up rescission order to fully refund its investors and give all that sweet ICO cash back, Gladius is only required to return funds to investors who submit a written form within three months of the "effective date" on the form. Gladius will then have up to eight months from the claim form deadline to repay those investors.

Depending on how many investors actually follow through with their chance at a rebate, Gladius could ultimately end up keeping most of its startup capital.

So why did the SEC go so easy on Gladius? Because the company, essentially, turned itself in. Gladius apparently “self-reported” its coin offering misdeeds and threw itself upon the mercy of the Commission in the summer of 2018. And the SEC wants this to be a lesson to all other ICO-funded crypto startups out there that it hasn’t gotten to yet. “Today’s case shows the benefit of self-reporting and taking proactive steps to remediate unregistered offerings,” said Robert A. Cohen, chief of the SEC’s Cyber Unit in the Commission’s statement.

Not a bad move. For companies that raised millions in the ICO boom that know it’s only a matter of time before the SEC’s enforcement division comes knocking on their doors, the sweet deal Gladius just got may be too good to pass up.