Over the past year, ethereum has vaulted in value. The value of the second-largest cryptocurrency in circulation is around $72 billion, challenging bitcoin in the past year. Needless to say, ethereum has established itself as a key pillar of the crypto market.

Its position is now under threat, amid rumblings that US regulators could classify ethereum—or its initial offering of ether tokens to users in 2014—as a security. While the US commodities regulator has claimed bitcoin for itself, such a move by the SEC would make ethereum the same as a stock, with all the strict requirements on registration, disclosure, and accreditation of investors that entails. Ethereum, like nearly all cryptocurrencies, didn’t follow any of these rules when it was initially issued.

In a further twist, ethereum itself has become a favored platform for outfits issuing their own customized crypto tokens, which in the past year have collectively raised more than $10 billion with little to no regulatory oversight, according to data provider Coinschedule. If the US Securities and Exchange Commission decides that ethereum is a security, it could jeopardize the funds users have pumped into the platform, and land a number of key actors, including issuers and exchanges, in hot water.

What’s the case for ether being a security?

Gary Gensler, a former chairman of the Commodities Futures Trade Commission (CFTC), has argued that ethereum meets the so-called Howey Test, a legal precedent that guides whether an asset is classified as a security or not. The Howey Test considers an instrument to be a security if it displays certain features, like whether profits depend on the actions of a third party or whether the instrument represents an investment in a common enterprise. Gensler says the common enterprise in ethereum’s case is the Ethereum Foundation.

If an instrument can prove that it’s a “useful item” in itself—like a barrel of oil or a golf club membership—then it can escape classification as a security. The ethereum network wasn’t functional at the time of its initial token sale, so its tokens couldn’t have been used for anything at the time.

What’s the case for ethereum not being a security?

There are a couple. Peter Van Valkenburgh of the advocacy outfit Coin Center argues that even if the initial offering of ether tokens were a securities offering, as Gensler claims, the tokens today are not securities. That’s because the relationship between the investors in the offering and the Ethereum Foundation in 2014 is different from the relationship between the foundation and ether users today. “Just because Apple uses invested money to build iPhones doesn’t mean that the iPhones are securities,” Van Valkenburgh writes.

Aaron Wright, an associate professor at Cardozo Law School who specializes in blockchain issues, argues that ether was always presented as a product—smart contracts on a blockchain—and therefore people who subscribed to the offering didn’t have an expectation of profit, one condition of the Howey Test. “It’s a hard argument to say you expected to make a profit when at the time you didn’t know it was possible to build this ecosystem,” he says. “The folks who engaged in the pre-sale wanted to run smart contracts and that’s why they were purchasing ether.”

If ether is a security, what happens to the price?

If it’s a security, then crypto exchanges are in trouble. They would have to register with the SEC, since they’d be trading in securities, and would face fines if they didn’t. The ether price would probably fall if exchanges stopped trading in it to avoid breaking securities laws. In March, for example, Merrill Lynch had to pay a penalty of nearly $1.8 million for brokering the sale of unregistered securities.

Will anyone go to jail?

Selling unregistered securities could land someone in prison. The Securities Act of 1933 allows for sentences of up to five years, while civil penalties range from $75,000 to $160,000 per violation for individuals, and $80,000 to $775,000 for corporate entities. These penalties are tiered, and are typically applied for each violation, so they can add up to millions. Besides civil penalties, the SEC can ask for “disgorgment” of unearned profits. For example, in 2016 the SEC asked Ethiopia’s electricity utility to disgorge $5.8 million for selling unregistered bonds in the US.

The truth is no one is likely to go behind bars for this. Selling an unregistered security is “typically not a criminal provision” says Jason Somensatto, who is a member of law firm Orrick’s blockchain working group. For issuers, securities fraud is a different matter (it’s why Martin Shkreli is serving seven years in prison). But the odds of someone in the ethereum world getting hit with similar charges are also low, experts say.”

Who could face a penalty, even if it’s not jail?

All sorts of people, from the people who came up with a token idea, to the people who received funds for the tokens, to intermediaries who promoted a token sale. Membership of a coherent group or organization isn’t necessary, as the SEC ruled in a finding against the Decentralized Autonomous Organization (the DAO) last year. In that case, the regulator found that DAO “curators,” who were supposed to review proposals for use of the DAO’s funds, were responsible for the unregistered securities sale of DAO tokens (based on ethereum), along with the German company Slock.it and its co-founders. Vitalik Buterin and other ethereum co-founders were DAO curators. The SEC issued no charges in the case, but suggested that “a decentralized group” could be viewed as an organization responsible for issuing securities, Orrick’s Somensatto says.

Then there’s the question of citizenship and where the issuing organization is headquartered. Americans could be hit by SEC penalties, says Wright of Cardozo Law School, but others aren’t immune (Buterin, for example, is Canadian). Kathryn Haun, a former federal prosecutor who now sits on the board of Coinbase, told Quartz in a recent interview that the SEC is less likely to pursue cases outside the US, but that such cases were within the reach of agencies like the FBI and US Justice Department who could take up the matter if referred by the SEC as a criminal matter.

The SEC’s current chairman, Jay Clayton, has targeted “gatekeepers” for enabling ICOs in testimony to the US senate and in public speeches. Wright says Clayton’s repeated calling out of lawyers in ICOs is “unprecedented.” Haun told Quartz that she didn’t think these warnings were “for nothing” and that it could signal future action from the regulator.

I bought some tokens in an ICO. Am I going to jail?

A retail investor who bought some tokens is probably fine. But an investor who also promoted tokens to others may have problems, says Preston Byrne, a fellow of the Adam Smith Institute, a British think tank. “A buyer of tokens is capable of being an innocent victim, an arms-length purchaser, or a co-conspirator,” he says. It all depends on the structure of the token offering, the degree of a person’s involvement with the sale, and the jurisdiction where the case is being examined. “There’s no straight answer,” he says.

The SEC has been tight-lipped about its actions in the ICO space so far. Here’s what we know: It has reportedly subpoenaed more than 80 firms involved in ICOs, and its co-director of enforcement has confirmed that “dozens” of investigations are underway. This shows that the agency is “working hard and collecting facts” says Wright. What happens at the end of the investigatory phase? One or more firms could be hit with penalties “as a kind of example” to the rest of the industry, Wright says. Other agencies could also be pursuing probes of their own, but if they involve criminal matters, expect it to take more than 12 months, Haun said.

What about those supposedly compliant “SAFT” token sales?

The SAFT, or the “Simple Agreement for Future Tokens,” was a legal mechanism intended to keep token sales on the right side of the law. Not everyone is convinced, and that may include the SEC. The SAFT was devised by Marco Santori, then a lawyer at Cooley in New York and now president of the wallet provider Blockchain.info, and it was first used in the blockbuster Filecoin token offering last year, which raised $257 million, at the time the largest of its kind.

The SAFT caught on, and many major tokens offerings subsequently used it, believing it made their token sales compliant with securities law. Wright is among the prominent critics of that notion. One of the mechanisms set forth (pdf, p. 17) by the SAFT is for a developer to produce functional software before tokens are delivered to accredited investors, or sold to the public. According to the SAFT’s authors, this turns the tokens into “utility tokens” that are not securities.

But Wright argues that’s an arbitrary line that doesn’t get SAFT issuers off the hook. The idea that “you can sell [a token] as an investment opportunity to other investors and somehow it transmutes into a commodity down the line [when the software is written], that’s not how the law works,” he says. “If you purchase something from a group and you expect to make a profit off that group, in the US, that is deemed a security. This idea that functionality or timing has significance doesn’t have precedence under US law.”

Major venture capital firms like Union Square Ventures and Andreessen Horowitz have used the SAFT to buy allocations of Filecoin and other offerings. They are reportedly behind an effort, along with major law firms, to seek a “safe harbor” on these token purchases from US lawmakers, according to the New York Times (paywall). Wright says the VCs “received bad legal advice.”

What about other cryptocurrencies?

It remains an open question how hard the authorities will clamp down. In one extreme scenario, even bitcoin, whose creator was never identified and never received funds for issuing the digital tokens, might be considered a security. An argument could be made that “bitcoin is a speculative asset with no substantive use, which is maintained by a centralized group of developers and consolidated mining groups,” says Wright, who adds that he thinks such a scenario is unlikely. “It would be awful for US tech.”

But a concrete response from the SEC is more welcome in the crypto world than the current uncertainty. An SEC ruling one way or the other would be “a sign of legitimacy,” for cryptocurrencies, says Simon Taylor, a co-founder of fintech consultancy 11:FS. “Big banks are creating [cryptocurrency trading] desks because they see this regulatory clarity coming.”