Four Types of Criminally High-Risk Project Models That Web3 Developers Must Know

Author: Lawyer Shao Shiwei

Original Link: &

Disclaimer: This article is a reprint. Readers can access more information through the original link. If the author has any objections to the reprint, please contact us, and we will make modifications according to the author’s requirements. Reprints are for information sharing only and do not constitute any investment advice or represent Wu Shuo’s views and positions.

A compliance misconception that Web3 entrepreneurs and practitioners often overlook is: as long as the project is registered overseas and the servers are deployed abroad, it can be considered “inherently compliant.”

However, in reality, the core of compliance always depends on the project’s business model, capital structure, and operational substance, rather than superficial outward expansion. In other words, overseas registration can be part of compliance, but it cannot serve as a shield to cover high-risk commercial behaviors. Especially for teams still based domestically and providing services to Chinese users, legal boundaries and criminal compliance risks must be given extra attention.

This article will further analyze: as a developer, how to quickly determine whether a Web3 project falls into the “criminal law red line” category. We will take four common high-risk Web3 illegal activity patterns encountered in practice as examples, helping developers build basic recognition from project structure, system functions, token circulation, and other angles. Early identification and avoidance of these frequent project types can help steer clear of most criminal legal risks.

First, a declaration: this article targets long-term technical practitioners in the Web3 industry, especially those who value project compliance and have certain legal risk awareness. Our analysis focuses on projects with basic compliance awareness and some business planning ability.

Projects established solely for illegal fundraising, crypto scams, money laundering, arbitrage, and similar purposes are outside the scope of this analysis.

1. How do developers build a “High-Risk Project Identification Radar”?

In this section, we will analyze four common high-frequency criminal charges related to developers, based on typical Web3 criminal cases in judicial practice.

According to the practical experience of Lawyer Shao’s team handling Web3 criminal cases in recent years, we categorize them into four types: “Most Dangerous, Most Hidden, Most Clear, and Most Hot.”

The purpose of this classification is to help developers establish a basic understanding of these charges and the current judicial situation—only by knowing what the “red lines” are can they later learn how to identify, avoid, and participate safely in projects.

1. The Most Dangerous Crime — [Operating Casino Crime]

In the Web3 field, gambling-related projects are arguably the most common “minefield” for technical developers, especially prevalent in GameFi or blockchain game systems.

Common gambling-related project patterns include: • Gambling DApps (decentralized betting applications); • Online casino platforms using USDT or other virtual currencies for betting; • On-chain games with lottery, loot box, or blind box mechanics involving randomness.

Because the construction of a gambling loop often relies on smart contract logic and wallet interactions, developers play a key role in technical implementation. Therefore, even if not operating the platform directly, they may be held liable as accomplices due to system development actions.

GameFi, as a common form of Web3 project, with its natural “recharge—random gameplay—withdrawal” gambling attributes, is regarded as a high-risk area for criminal liability.

Case reference:

For example, the “BigGame case”—the first criminal case in China triggered by blockchain contract logic leading to operating a casino. The involved development team was based in China. They built a platform allowing users to install a wallet, exchange RMB for virtual currency, and participate in on-chain betting, forming a complete “digital wallet—betting—settlement” gambling loop. This case clearly indicates: as long as technical developers are deeply involved in system construction, even without directly operating the platform, they may be considered technical accomplices for operating a casino.

Summary: In practice, many developers are passively involved in gambling projects because they fail to recognize “gambling logic”—especially those deeply involved in wallet systems, reward mechanisms, and contract interfaces—making them prime targets for police investigations.

In the next section, we will focus on another common high-risk project type often “wearing sheep’s clothing”: those that present as “user acquisition rewards,” “referral commissions,” or “community incentives,” but in essence may constitute organizing or leading pyramid schemes or illegal pyramid selling activities.

2. The Most Hidden Crime — [Organizing and Leading Pyramid Schemes]

The concealment of this crime lies in its often disguising as “user acquisition promotion,” “community incentives,” or “node rebates.” For Web3 projects, referral, fission, and invitation rewards are almost default configurations, which can easily lead technical developers and operators to misconceptions: what kind of incentives are normal business behaviors, and what patterns might constitute pyramid scheme crimes?

Common pyramid scheme project patterns include: • Air coins or platform tokens, claiming high returns for “paying to invest”; • Multi-level reward structures, recruiting and rebating; • Node plans / ambassador mechanisms: earning profits based on “headcount” without relying on actual products or services.

Case reference: For example, the “3M platform pyramid scheme case” tried by the Yunnan Xichou County Court: the project team created a virtual currency investment platform “3M,” claiming that investing in its platform tokens could yield high returns, with two types of profit structures—static (fixed interest rate) and dynamic (downline development commissions). Investigation found the platform had more than three levels of membership and numerous participants, ultimately being recognized as organizing and leading pyramid activities.

In many pyramid scheme cases handled by our team, developers responsible for building rebate systems, coding hierarchical databases, and designing profit logic lacked the ability to judge whether the pattern constituted pyramid selling. Once the overall structure is recognized as pyramid scheme by judicial authorities, programmers who are core to the project and provide critical technical support may be considered co-criminals.

Summary: “Headcount-based rebates” do not necessarily equal pyramid schemes, but if the incentive structure is built on “pay-to-enter + multi-level commissions + pyramid hierarchy,” even backend system developers may be criminally liable due to their “indispensability.”

Next, we will analyze a more clearly defined and judicially clearer crime—illegal fundraising / fundraising fraud.

3. The Most Clear Crime — [Crimes Related to Illegal Fundraising] (Illegal Public Deposit Absorption / Fundraising Fraud)

The Web3 industry indeed has some legal gray areas, but the Chinese regulatory stance on “token issuance for fundraising” has been clear for a long time. As early as the 2017 “94 Notice,” ICO (initial coin offering) was identified as an illegal financial activity involving illegal fundraising and related crimes. Additionally, the Supreme People’s Court’s 2022 interpretation on applying laws in illegal fundraising criminal cases stipulates that using virtual currency trading to illegally raise funds should be prosecuted under the crime of illegal public deposit absorption.

If developers deeply participate in token issuance systems, mining rebate logic, points exchange structures, etc., even without directly raising funds externally, they may be held legally responsible for constructing a capital loop or assisting illegal fundraising.

Common illegal fundraising patterns in Web3 projects include: • Issuing tokens without financial regulatory approval; • Promising high returns, static dividends, or principal protection; • Fictitious financial platforms, mining machine investments, or profit-sharing schemes; • Setting up fund pools where tokens or points can be exchanged for USDT or other withdrawable assets.

Key points for identifying illegal fundraising in Web3: • Unauthorized issuance of tokens via “platform tokens” or “governance tokens” for ICO; • Promises of “principal protection” or “daily static dividends” to attract funds; • Fictitious “mining machine investments” or “on-chain financial products” with fund pools, using capital loops to pay returns; • Internal token-to-point exchange systems enabling assets to be converted into withdrawable “profits.”

Case reference: In the “AIP platform case,” the technical team built a complete token trading and points release system, including “mining machine profit release + platform points exchange + external trading of AIP tokens.” The project created a capital loop and raised funds from the public, leading the court to convict the project leader of illegal public deposit absorption.

This case warns developers: if your system involves “token issuance + points exchange + withdrawal paths,” even without marketing, you may bear criminal responsibility for key module development.

Summary: Token issuance projects are among the most high-risk areas for technical developers. Once your modules involve token generation logic, fund inflow paths, points-to-token exchange, or profit distribution mechanisms, you must immediately activate legal risk identification to determine whether the project involves illegal fundraising or constitutes a capital pool violation.

Next, we will analyze the most actively prosecuted crime in recent practice—illegal business operations.

4. The Hottest Crime — [Illegal Business Operations]

Based on Lawyer Shao’s experience handling foreign exchange-related criminal cases, in recent years, judicial authorities have continuously intensified crackdowns on foreign exchange crimes, with “crypto cases” being a key focus.

This is because virtual currencies inherently possess “strong cross-border liquidity, high anonymity, and circumventing regulation,” making them primary tools for illegal currency exchange with RMB. If developers are responsible for building coin-matching systems, OTC trading modules, fiat on/off ramps, or core transaction components, they face significant legal risks.

Common high-risk behaviors include: · Providing payment settlement, OTC services, or token redemption functions; · Operating platforms without permission that handle RMB or foreign currency transactions; · Acting as intermediaries for matching virtual currency and foreign exchange.

Case reference: For example, a 2023 case jointly issued by the Supreme People’s Procuratorate and the State Administration of Foreign Exchange involved Guo Maozhao, who built a virtual currency matching and exchange platform, and was sentenced to five years in prison by the Baoshan District Court in Shanghai for illegal business operations.

Our team is also currently representing a case where the “PayFi project” is suspected of illegal business operations—this platform was under investigation for facilitating RMB and foreign currency exchange via virtual currency, by a provincial public security bureau.

Summary: Any cross-border exchange, OTC matching, or fund inflow/outflow involving virtual currencies is a key focus of current regulatory crackdowns. If the system you develop is used for currency exchange matching or fund channels, there is a significant legal risk under this crime.

In this article, we systematically summarized four common and high-frequency criminal legal risk patterns in Web3 projects, supported by typical cases, to help developers establish a foundational ability to recognize “criminal law red lines.”

Behind these charges are no longer abstract legal provisions but real, visible system logic and functional modules in developers’ daily work, which are often overlooked.

However, merely knowing where the red lines are is far from enough.

How to quickly make an initial judgment on a new project? How to evaluate whether you might be involved in criminal liability based on your role? What practical legal experience and compliance advice can help developers anticipate and plan ahead?

Developers involved in Web3 projects are rarely “outsiders” in legal risks. Due to their deep involvement in system architecture and key functions, technical roles are often at the core of project operation. If the project pattern has compliance issues, whether technical participation could trigger legal responsibility is often a focus of judicial review.

So, as a developer, how to judge whether a project is crossing legal lines? How to identify risks promptly without full legal knowledge of the system? How to clearly define your boundaries? We will elaborate on these points in this article.

2. How to judge whether a Web3 project touches legal red lines?

This section shifts from legal charges to developer recognition—helping technical personnel identify key high-risk signals from business logic and system structure.

This recognition does not require developers to have comprehensive legal knowledge. As long as they grasp some “high-frequency patterns + key judgment points,” they can preliminarily assess whether a project is crossing legal boundaries.

Recognition Dimension 1: Gambling-related (Operating Casino Crime)

Typical features: recharge entry + random gameplay + withdrawable path

If a Web3 project constitutes operating a casino, its critical loop elements usually include: • Presence of recharge behavior, especially via virtual currencies like USDT; • Design of lottery, guessing, loot box, or other chance-based gameplay; • Availability of withdrawal paths, e.g., tokens exchangeable for mainstream currencies and circulating on CEX/DEX, then converted to RMB.

This “recharge—bet—withdraw” three-stage process is easily viewed by judicial authorities as an “涉赌闭环” (gambling-related closed loop).

For example, in a Web3 game (GameFi), if the project meets all three points, even if the developer only handles front-end, wallet integration, or reward mechanisms, they may face high legal risks due to involvement in constructing a gambling loop.

Recognition Dimension 2: Pyramid schemes (Organizing and Leading Pyramid Activities)

Typical features: user payment + invitation rebate + multi-level rebate chain

The risk here lies in whether the incentive mechanism constitutes a pyramid structure. If developers build rebate calculation systems, hierarchy databases, or profit distribution logic without judgment of the overall business structure, they may inadvertently assist in creating a pyramid scheme.

Common features: · Users pay to join, e.g., buy tokens, recharge, or purchase packages; · Invite others and receive commissions; · Multi-level relationships with tiered rebates; · Weak product dependence—profit relies more on expanding heads and rebates than actual goods or services.

For example, “Ambassador programs,” “node incentives,” or “community partner mechanisms” that revolve around recruitment and are directly tied to payment and hierarchy should be scrutinized for pyramid scheme risks.

If developers are responsible for rebate algorithms, hierarchy databases, or user settlement systems, and are central to the project, even without direct promotion, they may be considered co-conspirators if the structure is deemed pyramid-like.

Recognition Dimension 3: Illegal fundraising (Illegal Public Deposit Absorption / Fundraising Fraud)

Typical features: public fundraising + promised returns + lack of financial license

In Web3, projects that raise funds from the public by issuing tokens, promising high yields, or creating financial products are at risk of illegal fundraising or fraud.

High-risk patterns include: • Issuing tokens without regulatory approval; • Promising principal protection or fixed high returns; • Fictitious financial platforms, mining investment schemes, or profit-sharing models; • Establishing fund pools where tokens or points can be exchanged for USDT or other assets.

Judicial standards often consider whether the project has the four characteristics: illegality, publicity, inducement, and social impact.

If developers participate in designing token issuance, points-to-token exchange, or financial modules, even without marketing, they may be held liable for aiding illegal fundraising.

Summary: Projects involving token issuance are among the most high-risk for developers. If your modules involve token creation, fund inflow paths, exchange mechanisms, or profit sharing, you must promptly assess legal risks to avoid illegal fundraising or capital pool violations.

Next, we analyze the most actively prosecuted crime—illegal business operations.

Recognition Dimension 4: Illegal business operations (Illegal Business Crime)

Typical features: coin matching + off-site exchange + fiat on/off ramps

In Web3, illegal business operations often involve platforms suspected of facilitating RMB and foreign currency exchanges, especially when virtual currencies are used as intermediaries for cross-border matching, which can trigger cross-border illegal exchange charges.

Based on our cases, authorities have recently intensified crackdowns on virtual currency matching and exchange activities, with stricter enforcement.

High-risk behaviors include: · Providing virtual currency and RMB deposit/withdrawal services; · Operating unlicensed OTC platforms for currency exchange; · Acting as intermediaries for matching virtual currency and foreign exchange.

If your system is used for currency matching, OTC trading, or fund inflows/outflows, there is a significant legal risk under this crime.

In this article, we systematically summarized four common high-frequency criminal risk patterns in Web3 projects, supported by typical cases, to help developers build a basic “red line” recognition ability.

Behind these charges are not abstract laws but real, visible system logic and modules in daily development, often overlooked.

But knowing the red lines alone is not enough.

How to quickly make an initial judgment on a new project? How to evaluate whether you might be legally responsible? What practical legal experience and compliance advice can help developers anticipate and plan?

Developers are rarely “outsiders” in legal risks. Due to their deep involvement in system design and key functions, technical roles are often at the core of project operation. If the project pattern has compliance issues, whether technical participation could lead to legal responsibility is often scrutinized.

So, how can developers judge whether a project is crossing legal boundaries? How to identify risks early without full legal system knowledge? How to clearly define their boundaries? We will elaborate on these points.

2. How to determine if a Web3 project touches legal red lines?

This section shifts from legal charges to developer recognition—helping technical personnel identify key high-risk signals from business logic and system architecture.

This recognition does not require comprehensive legal expertise. As long as developers understand some “high-frequency patterns + key judgment points,” they can preliminarily assess whether a project is crossing legal boundaries.

Recognition Dimension 1: Gambling (Operating Casino Crime)

Typical features: recharge entry + chance-based gameplay + withdrawable path

If a Web3 project constitutes operating a casino, its core elements usually include: • Recharge behavior, especially via virtual currencies like USDT; • Design of chance-based gameplay such as lotteries, guessing, loot boxes; • Withdrawal paths, e.g., tokens exchangeable for fiat currency and circulating on exchanges.

This “recharge—bet—withdraw” process is easily seen as a gambling loop by authorities.

For example, in a GameFi project, if all three features are present, even if the developer only handles front-end, wallet integration, or reward logic, they may face high legal risks due to involvement in constructing a gambling loop.

Recognition Dimension 2: Pyramid schemes (Organizing and Leading Pyramid Activities)

Typical features: user payment + invitation rebate + multi-level rebate chain

The key risk is whether the incentive mechanism resembles a pyramid structure. Developers building rebate algorithms, hierarchy databases, or profit distribution logic without understanding the overall business model may inadvertently facilitate pyramid schemes.

Common features: · Users pay to join, e.g., buy tokens or packages; · Invite others and receive commissions; · Multi-level relationships with tiered rebates; · Profit depends more on expanding heads and rebates than actual products.

For example, “Ambassador programs,” “node incentives,” or “community partner” schemes that reward recruitment and are tied to payments and hierarchy should be scrutinized.

If developers are responsible for rebate calculation, hierarchy data, or user settlement, and are central to the project, even without direct promotion, they may be considered co-conspirators if the structure is pyramid-like.

Recognition Dimension 3: Illegal fundraising (Illegal Public Deposit Absorption / Fundraising Fraud)

Typical features: public fundraising + promised returns + no financial license

In Web3, projects that raise funds from the public by issuing tokens, promising high yields, or creating financial products are at risk of illegal fundraising or fraud.

High-risk patterns: • Unauthorized issuance of tokens for fundraising; • Promising principal protection or fixed high returns; • Fictitious financial platforms or mining schemes; • Fund pools where tokens or points are exchanged for USDT or other assets.

Judicial standards consider whether the project has the four features: illegality, publicity, inducement, and social impact.

If developers participate in token issuance, points exchange, or financial modules, even without marketing, they may be liable for aiding illegal fundraising.

Summary: Projects involving token issuance are high-risk for developers. If your modules involve token creation, fund inflow, exchange mechanisms, or profit sharing, you must assess legal risks early.

Next, we analyze the most actively prosecuted crime—illegal business operations.

Recognition Dimension 4: Illegal business (Illegal Business Crime)

Typical features: coin matching + off-site exchange + fiat on/off ramps

In Web3, illegal business often involves platforms suspected of facilitating cross-border currency exchange, especially when virtual currencies are used as intermediaries, which can trigger cross-border illegal exchange charges.

Based on our cases, authorities have intensified crackdowns on such activities, with stricter enforcement.

High-risk behaviors: · Providing virtual currency and fiat deposit/withdrawal services; · Operating unlicensed OTC platforms; · Acting as intermediaries for currency matching.

If your system is used for currency matching, OTC trading, or fund inflows/outflows, there is a significant legal risk.

In this article, we summarized four common high-risk patterns with typical cases, helping developers recognize “red lines.”

Behind these are real system logic and modules often overlooked.

Knowing the red lines is just the first step.

How to quickly judge a new project? How to evaluate your legal responsibility? What practical advice can help you anticipate risks?

Developers are rarely “outsiders” in legal risks. Due to their deep involvement, technical roles are often at the core. If the project pattern has compliance issues, technical participation may lead to legal responsibility.

So, how to judge whether a project crosses legal boundaries? How to identify risks early? How to define your boundaries? We will discuss these points.

3. How to quickly identify high-risk Web3 projects and avoid legal risks?

Many developers argue: “I just developed features; I don’t understand the gameplay.”

In practice, this is often hard to defend. Whether criminal liability applies depends not only on direct involvement but also on whether the person “knew” their work was aiding illegal activities.

According to China’s criminal law theory, as long as the actor knew that others committed crimes and still provided technical support or assistance, they could be held as helpers or accomplices.

Judicially, the key points include: · Are you a core member, CTO, system architect, or deeply involved in key modules like funds, tokens, or withdrawals? · Have you questioned or suggested modifications regarding legality, fund flow, or gameplay? · Do you receive high pay, sign deep cooperation agreements, or have profit-sharing arrangements indicating strong interests?

In Web3, technical developers are often not peripheral but central to project operation. The more critical your role (e.g., CTO, lead architect), the harder it is to claim ignorance or that you were just an external contractor—such developers are often viewed as having substantial control over the project.

Therefore, before joining or developing a project, it is essential to: · Check whether the project involves “gambling,” “pyramid schemes,” “illegal fundraising,” or “illegal business” patterns; · Ask whether the system involves token issuance, fund inflow, or profit sharing; · Keep records of discussions about legality, fund flow, and compliance, and clarify your role as a developer.

4. Conclusion: Be a developer who understands both technology and law

Whether as a core developer, system architect, or technical leader, you should have basic criminal legal risk recognition skills. Early judgment of whether a project involves high-risk patterns like gambling, pyramid schemes, illegal fundraising, or illegal business is crucial to warn and avoid legal pitfalls.

In the complex Web3 ecosystem, only developers who master both technical implementation and legal red lines can truly be competent builders with judgment and survival skills.

Legal and compliance awareness beyond technology is an essential hard skill for modern developers.

The development of the Web3 industry depends on compliance, and developers are the most overlooked yet most critical link.