How to Issue Tokens: A Guide from Creation to Custody
Editor’s Note: Given the rapid development in the cryptocurrency industry, “How do I launch a token?” is one of the most common questions asked by founders. As prices rise, FOMO sets in – everyone else is launching tokens, should I too? – which makes it even more important for builders to approach tokens with caution. In this special series, we will cover the logistics of launching a protocol, ensuring its security, and enabling compliance for SEC-regulated entities.
When you want to issue tokens, there are several steps to consider from an operational standpoint. This is especially relevant if you are working with any stakeholders regulated by the U.S. Securities and Exchange Commission (SEC). The purpose of this article is to outline the logistical work needed to establish a protocol, ensure its security, and enable SEC-regulated entities to meet compliance requirements.
The first thing to know when issuing tokens is that it takes time and collaboration with a team. The process involves various types of stakeholders – protocol developers, third-party custodians, staking providers, investors, employees, and others – and all these parties must come to a consensus when preparing to create and custody new digital assets. Therefore, it is crucial to understand each step of the process and allocate sufficient time for it.
Please note that the following set of guidelines represents a snapshot in time. Best practices may evolve as the market changes, new products emerge, and regulatory environments develop. Meanwhile, these guidelines can serve as a useful resource for protocol developers to consider when preparing for token issuance.
#1: Coordinate with Custodians
For regulatory reasons, certain stakeholders may not be able to custody tokens unless supported by third-party custodians who meet certain requirements. These requirements include being registered and supervised by state or federal authorities, engaging in regular financial, operational, and security reporting and audits, and participating in protecting cryptographic assets as a regular and significant part of their business.
It is worth noting that not all custodians are created equal. If your protocol involves a significant number of investors participating in securing the network through staking or governance at launch, it is crucial to work with high-quality third-party custodians well in advance so that they can secure their support. If you are unsure of the quality standards, ask your investors for clarity on their requirements. Do not assume that any custodian will have the capability to handle your tokens from the start. Plan accordingly.
Start the conversation early. High-quality custodians may take approximately six to nine months or longer to support a new Layer 1 blockchain. More complex protocols, such as those using SNARKs, with privacy functionality or interacting with Layer 2 (L2) networks, may extend this process. Meanwhile, tokens built on Ethereum, such as ERC-20 and NFTs, or on Solana, such as Solana Program Library (SPL) tokens, are simpler and can take less time, such as three to five months without any hiccups assumed. Please note that these timelines are rough estimates and may vary significantly based on the custodian’s requirements.
If your protocol requires staking and governance on day one, expect the ramp-up to take more time. Notify your partners early. (For more information on supporting staking and governance, refer to Guideline Five.) Also, consider that stakeholders need to conduct due diligence on any custodians, staking providers, or other third-party vendors, including evaluating their information security (infosec) and operational security practices.
#2: Conduct Security Audits
To minimize the likelihood of issues during or after token launch, it is essential to thoroughly review all code related to your token. This is typically done through code audits, either partially executed during the project’s development or all at once at the end of the development. The audits should be conducted by auditors with experience in auditing similar products, placing emphasis on the potential for code abuse or software vulnerabilities.
Choosing an auditor is a challenging task since there is currently no governing body certifying auditors. Therefore, it is your responsibility to conduct due diligence to ensure that the auditors have sufficient qualifications. When reviewing the qualifications of an audit firm, you should ask yourself the following questions:
– Does the auditor have a well-defined testing methodology that they can provide to potential clients?
– Does this methodology address the key issues of the solution being audited?
– Does this methodology involve the use of industry-standard techniques and tools to detect software vulnerabilities?
– Does the auditor have experience auditing projects similar to the one being audited?
– Has the auditor been involved in projects that suffered significant security breaches after the auditor’s review? If so, were the exploits or flaws exploited part of the code reviewed by the auditor?
The answers to these questions should clarify whether the auditor is prepared and capable of reviewing your protocol in a manner that is sufficient to detect and address issues before the software launch.
After commissioning the audit and receiving the auditor’s preliminary report, you need to address all critical issues (high or severe severity, usually including medium-severity issues) and selectively address less urgent, lower-severity issues. For any issues you choose not to address, provide a rationale. Once the issues identified in the initial report are addressed, have the auditor verify the completeness of the remediation measures.
After successfully verifying the solutions to the reported issues, create a final report and publicly release it together with the protocol’s source code or provide it to all parties receiving or dealing with the tokens.
#3: Allocate and Distribute Tokens
After coordinating with high-quality custodians and other stakeholders and conducting security audits, it is time to start considering token allocation and distribution.
Protocol developers can distribute tokens in one of two ways: before or after token launch (also known as token generation events). Many stakeholders prefer to receive allocations before launch. In other words, they prefer to have their wallet addresses embedded in the genesis block, which is the first block created when the blockchain is launched. However, this is by no means a requirement. Tokens distributed after launch can be delivered in batches to stakeholders, with each batch representing a certain percentage of the total token supply.
When distributing tokens, keep track of the locations you need to send tokens to, the number of wallets to distribute to, and trust but verify addresses. SEC-regulated stakeholders, such as RIAs, may request that the tokens be delivered directly to their custodians. Stakeholders should be able to opt for any number of wallets. This allows them to minimize concentration of tokens in any given wallet, thereby diversifying risk, partly due to insurance policies, including maximum limits per wallet or per account. Before distributing tokens, be sure to send test transactions and verify receipt, as this can reduce the likelihood of delivery errors.
In summary, protocol developers should ask themselves:
– When will stakeholders receive the assets (e.g., before or after launch)?
– Where will stakeholders request the tokens to be sent and how many wallets will each stakeholder request?
– Will stakeholders receive all tokens immediately or in batches?
#4: Ensure Lockup Enforcement
Token lockup is one of the best mechanisms to demonstrate a belief in the project’s long-term success and coordinate long-term interests among stakeholders. This can be determined at different time periods, potentially well ahead of other token considerations, such as when signing token warrants in a seed round.
Best practices dictate that all insiders (employees, investors, advisors, partners, etc.) abide by the same token vesting and lockup periods. If any insiders have different lockup periods or the enforcement of these lockups is unclear, this can inadvertently create unpredictable incentives, with some insiders potentially trying to sell tokens preemptively. This can create mistrust in the protocol and have negative repercussions. Each participant should operate on a similar timeline, and that timeline should guide everyone towards the project’s long-term success. (Please note that these considerations should not prevent users from using tokens on the blockchain network or applications, even if such use precedes the allowed lockup time.)
Once you have decided on the vesting and lockup periods (which should not be less than a year after token issuance), you can choose to distribute tokens programmatically, by third-party custodians, or a combination of both. Ideally, many stakeholders seek to have custodians receive the tokens and enforce the lockup and vesting schedule both legally and technologically. Other options include using an audited smart contract or other third-party token vesting tools to claim tokens according to the vesting schedule.
Key questions to ask at this stage:
– Are all stakeholders bound by the same lockup and vesting periods?
– Can custodians enforce the lockup provisions?
– How will unlocked tokens be distributed according to the vesting schedule?
#5: Enable Staking and Governance
As mentioned in the first guideline, if you expect stakeholders to participate in staking and governance to secure your protocol, you may need to coordinate with custodians in advance. Protocol developers should not assume that custodians automatically support staking and governance for their tokens. Custodians need time (typically several months) to establish support for staking and governance.
If your protocol relies on stakeholders to stake or govern, you may need to ask yourself the following questions:
Staking:
– Will custodians allow delegating to any staking providers, or will custodians preselect a set of providers? (Collaborating with staking providers who explore the protocol and provide feedback during the testnet phase can be helpful.)
– If a set of staking providers is preselected by custodians, how does this affect the security and decentralization of the network? (Selecting a variety of staking providers with validators worldwide can help decentralize the protocol.)
– Will rewards be compoundable, or will stakeholders need to manually restake? (Ideally, rewards should be automatically restaked rather than manually restaked.)
– Are there minimum/maximum limits for the stake amount in each wallet?
– Do validator nodes have token minimums/maximums, and do these change over time?
Governance:
– If you expect stakeholders to participate in governance, will custodians enable this participation technically, or will they vote on behalf of stakeholders?
– Will the protocol have on-chain or off-chain (e.g., through snapshots) voting?
To recap, if you plan to issue tokens and your plan involves SEC-regulated stakeholders, be sure to allocate enough time for high-quality custodians to support your protocol. The anticipated development timeframe will vary depending on the custodial institution and the complexity of the protocol. For more standard tokens like Ethereum ERC-20 or Solana SPL, the build time can be three to five months, nine months for a new blockchain, and longer for tokens involving SNARKs, privacy functionality, or interaction with Layer 2 (L2) networks. Start the conversation early.
Once you have a realistic timeline, allocate time for the security audit, and determine the token allocation and distribution strategy, you can move forward with the token issuance process. Remember to involve legal and tax advisors before token issuance and consider implementing the three strategies mentioned to mitigate legal risks. Consult with professional advisors when implementing these strategies.
Lastly, the article presents the DXR framework that helps entrepreneurs explore ways to decentralize through tokenization while avoiding bearing all the risks.Next steps in preparation. You can allocate tokens by embedding the wallet in the genesis block before launch, or distribute tokens in batches after launch. Regardless of the method, all stakeholders should adhere to the same token lock-up period and redemption schedule to ensure consistency. Conduct any necessary audits and security assessments. Lastly, study the protocol’s staking and governance details. Custodians and other stakeholders need to understand these details and be prepared to help ensure its security.
By following these steps, you will be well-prepared to handle the logistical work required for a successful token launch.
Issuing Tokens? Everything You Need to Know
Given the rapid development of the crypto industry, “how do I launch a token” is one of the most common questions for founders. With prices going up, FOMO sets in – everyone else is launching tokens, should I too? For builders, caution is more important when it comes to tokens. Therefore, in this special post series, we introduce strategies for managing risk, evaluating operational readiness, and more launch rules. Be sure to subscribe to our newsletter for more information on tokens and other company-building resources.
Prices are still rising, and new tokens are popping up everywhere, putting pressure on many web3 builders to launch their own tokens. In recent months, the influx of meme coins has created the impression that token issuance is easy. In theory, it is. Anyone can create, launch, and list a token without any potential use case, as simple as sending an email.
But releasing tokens as a new digital primitive, akin to websites in web1, is much more difficult. Launching tokens with productive use cases, associated with products and services people can use, involves a much larger scope. Tokens add complexity to the day-to-day operations of startups, and token releases are mostly irreversible.
The most common mistake in web3 projects is launching tokens too early. This mistake is often fatal, so any project considering this step must determine the reasons and methods for launching tokens and the planned timing.
Asking “when” is less about the calendar and more about identifying the right time for a project to be positioned to overcome the legal, business, and operational challenges that come with token launch.
So when is a project truly ready? In this article, we discuss key considerations and some risks and trade-offs that projects will encounter in this process.
Product-Market Fit
Finding product-market fit is the most important focus for any new project, startup, or product. In the cryptocurrency space, founders should achieve product-market fit before launching tokens – because the operational constraints associated with decentralized projects make it very difficult to adjust or pivot after project launch.
Adding tokens to a project too early also makes finding product-market fit more challenging. Tokens can distort incentives, influence user behavior, and lock in certain elements of the product. For example, changing the token’s economic model after issuance can be difficult, even if it is necessary to find product-market fit.
Therefore, while well-designed tokens are powerful amplifiers of product-market fit, they cannot replace building and launching the right product. Tokens can attract users, but they can’t make users stay. And they certainly can’t compensate for any potential product issues the team must diagnose and fix before the release.
Of course, achieving product-market fit is easier said than done. Launching the right product to a broad market requires skill and serendipity. But teams embarking on this journey can try different strategies to start, including:
– Designing self-reinforcing network effects from the start: Tokens are an extremely powerful new primitive for designing self-reinforcing network effects – through incentives, airdrops, tracing public goods funding, and more. For the first time in history, builders can design a digitally native, protocol-specific incentive mechanism in their products, as a way to incentivize good behavior, coordinate stakeholders’ interests, engage in distributed communities, or even subsidize demand.
– Building the product roadmap around the smartest customers: “Smart” customers have an innate understanding of the power and potential of new technologies. Identifying these customers early and deeply understanding their needs is crucial. Over time, more people may follow their lead, which can increase the project’s attractiveness and market share.
– Rewarding the right users: Every new platform attracts super-users who are there for the “right” reasons, as well as arbitrageurs looking to make a quick profit (many crypto projects’ “airdrop farmers”). Identifying and rewarding advanced users is crucial as they can provide long-term value to the network and drive others to participate.
– Investing in developers: Allocating token grants to developers building on the project’s platform can encourage compound growth, cultivate early adopters, and enrich the entire community. When deciding which teams to support, projects should strategically consider the value they will bring to the network. A simple three-step plan should include:
– Understanding key moments and timelines: Will it be completed within a month, a quarter, or a year?
– Providing milestone-based support and token grants: Avoid the trap of prepaying for something undelivered.
– Understanding the potential value of each development project: The total value created by specific projects on the network should significantly outweigh the resources invested.
– Collaborating with the best projects: A key feature of building in the early stages of blockchain networks is that at any given time, it is easy to distinguish projects with the strongest teams, usage, and market appeal. Convincing these teams to build and deploy on a given platform can accelerate its product-market fit, as new developers often follow early adopters.
From in-depth user research to pure alchemy, there are many paths and strategies to achieve product-market fit. Regardless of the journey, teams must go through before launching tokens. To get inspired, projects can also look at examples like Uniswap, which captured on-chain trading with its protocol version 2 before token issuance; Optimism, which successfully attracted a large number of developers before token launch; and EigenLayer, which now has a significant customer and user activity without real-time tokens.
Lastly, projects hoping to iterate their product continuously and substantially after token issuance should consider alternative token distribution strategies discussed here.
Feasible Decentralization Plans
Decentralization is the most reliable path to achieve more sustainable and compliant tokens, embodying the best use case of blockchain – a trusted neutral network that functions as public infrastructure in web3. Many projects need tokens to truly decentralize, coordinating and making decisions among distributed users, incentivizing participation, and unlocking the potential of blockchain technology.
But decentralization is almost never a simple task. US projects often face the chicken-and-egg paradox – decentralization requires using tokens, but using tokens requires decentralization. Making this complexity even more complex, decentralization is a journey for most projects, not a destination.
Whether a project plans to be “fully decentralized” at launch or intends to use alternative launch strategies and progressively decentralize over time, most projects should start with a plan for decentralization.
The plan should start with high-level goals and then break them down into specific subsequent steps.
The framework outlined here lists many different characteristics of blockchain projects (blockchains and smart contract protocols) and explains how projects can achieve greater decentralization in each category. Specifically:
– Computation: Who provides the computing resources that keep the project running? The redundancy here may seem inefficient, but it is crucial. By definition, a decentralized network cannot rely on any single team or organization for computation. For blockchains, this may mean ensuring a strong set of validators. For smart contract protocols, it may require ensuring multiple applications and websites can access the protocol. For decentralized social networks or web3 games, it may require a diverse network of off-chain servers or nodes.
– Development: What ongoing development is needed? Who will do it (i.e., core team, third-party developers, etc.)? How will it be funded? These are some of the most critical questions in the decentralization process. Depending on the project, the answers may look different, but they typically depend on distributed developer communities that deploy or integrate smart contract protocols. For web3 games or social games, it may also involve user-generated content.
– Governance: How is control of the project decentralized? Expecting the community to “figure things out” during the project’s early days can lead to disappointment. Most projects fail to overcome the complexity and sociopolitical realities involved in decentralized governance, compromising their legitimacy and utility. Nonetheless, distributing control is still crucial. Designing effective governance requires considering many factors, but minimizing governance is a good starting point.
– Value accrual: What drives the token’s economic value? Whether it is cash flows generated from fees or market demand for the token, projects need to establish a way for the token to appreciate that is not entirely dependent on the efforts of the project’s founding team or any other initiators. For blockchains, cultivating a diverse developer community is crucial. For smart contract protocols, incentivizing third-party applications and clients is essential to prevent “client dominance,” where one application or client gains excessive control over others. While this decentralization is challenging in practice, projects like Ethereum and Solana have achieved it today.
– Use and accessibility: Can anyone use the project? If token participation is required, are these tokens widely available? How broad is the user base? The more freedom users have to access the project, the broader the user base, and the more decentralized it usually is.
Decentralization may look different for each project, and projects do not need to be “fully decentralized” or even “mostly decentralized” to be “sufficiently decentralized.” Instead, the degree of decentralization depends on the overall context of the project: the higher the decentralization in certain categories, the less decentralization there may be in others. For example, the more independent developers involved in a project, the more the original founding team can participate in decentralized governance.
Projects also do not need to strictly adhere to the initial launch plan, as those plans naturally evolve with time and growth. When we say “preparing a decentralization plan in advance,” it simply means having a plan in place before token issuance that gives the project a real chance to achieve decentralization while also serving as a useful guide. Once projects have a decentralization plan, they can better determine how their decentralization status helps refine their token issuance strategy.
Notable Token Economics
Tokens are useful for guiding and incentivizing, but they are not magic beans. Projects need a sustainable token model based on actual unit economics to succeed. For example, if a project uses endless token-based incentives to drive growth – beyond the potential economic value the protocol generates – it will eventually go bankrupt. Most tokens need cash flow to have value.
Therefore, projects should develop a sustainable token model that aligns with the purpose of their tokens before launch. This model should consider factors like:
– Token distribution: How will tokens be distributed initially? Will there be token sales, airdrops, or other methods? Determining the right distribution method is crucial to ensure fairness, prevent concentration of ownership, and align incentives.
– Token utility: How will tokens be used within the project’s ecosystem? Will they be used for staking, governance, or other purposes? Defining the utility of tokens is essential for creating value and engagement within the ecosystem.
– Token supply and issuance: How will the token supply be managed? Will there be a fixed supply or an inflationary model? Determining the token issuance and supply dynamics helps ensure stability and predictability.
– Token economics and incentives: How will token economics and incentives drive desired behavior? Will there be mechanisms to ensure scarcity, value accrual, and network participation? Designing token economics and incentives that align with the project’s goals is crucial for long-term success.
By carefully considering these factors, projects can build a token model that not only adds value but also promotes sustainability and growth.
Token issuance is a complex process that requires careful planning and consideration. By following these guidelines, projects can navigate the challenges and make informed decisions to achieve successful token launches.