Skip to main content

No Custody, No Broker License, No Problem: How Phantom Won CFTC Relief and Rewrote Self-Custody Rules

· 9 min read
Dora Noda
Dora Noda
Software Engineer

A self-custodial crypto wallet just received formal permission from a U.S. federal regulator to plug its 17 million users directly into regulated derivatives markets — without registering as a broker. If that sentence doesn't sound revolutionary, consider this: it has never happened before.

On March 17, 2026, the U.S. Commodity Futures Trading Commission (CFTC) issued Staff Letter 26-09, a no-action position addressed to Phantom Technologies Inc. The letter declared that the agency would not recommend enforcement action against the popular Solana-native wallet for failing to register as an introducing broker — provided Phantom meets a specific set of conditions. The relief is first-of-its-kind and could serve as a regulatory blueprint for every self-custodial wallet in crypto.

What Exactly Did the CFTC Approve?

To be precise, the CFTC did not "approve" Phantom in the traditional licensing sense. Instead, its Market Participants Division issued a no-action letter — a formal statement that it will not pursue enforcement for broker registration violations under Sections 4d and 4k of the Commodity Exchange Act (CEA), so long as Phantom operates within clearly defined boundaries.

Here's what those boundaries look like in practice:

  • Passive software gateway only. Phantom can display derivatives market data, let users track positions, and transmit trading instructions — but every order goes directly to a CFTC-registered designated contract market (DCM) or a registered futures commission merchant (FCM). Phantom never touches the trade.
  • No custody of user funds. Users retain full control of their private keys throughout the entire process. Phantom routes instructions, not capital.
  • Full collateralization. All contracts accessed through the interface must be fully collateralized, eliminating margin-related credit risk at the wallet level.
  • Compliance infrastructure required. Despite not being a broker, Phantom must maintain risk disclosures, compliance policies, and recordkeeping comparable to those of a registered introducing broker.

The result is an arrangement where a non-custodial software layer can serve as a front-end for regulated financial products without taking on the full regulatory burden of a broker-dealer.

The crypto industry has spent years talking about "bringing DeFi to the masses." The practical obstacle has always been the same: how do you give self-custody users access to regulated financial products without forcing the wallet provider to become a regulated entity?

Before Letter 26-09, the answer was: you can't. Wallet providers either avoided regulated products entirely or partnered with licensed intermediaries through cumbersome embedded brokerage arrangements. Phantom's no-action relief creates a third path — one where the wallet acts as a transparent conduit, and regulation attaches to the exchanges and brokers on the other end.

This matters for several reasons:

Scale. Phantom manages approximately $25 billion in self-custodied assets across 17 million monthly active users. That is not a niche DeFi protocol — it is a distribution channel comparable to mid-tier traditional brokerages. Giving those users native access to regulated derivatives and event contracts (including prediction markets) expands the addressable market for CFTC-regulated venues significantly.

Precedent. CFTC Chairman Michael Selig has indicated that the agency is actively working on broader guidance clarifying when developers of non-custodial software — including wallets and DeFi applications — trigger intermediary registration requirements. Letter 26-09 is effective until that rulemaking arrives, making it a de facto regulatory template in the interim.

Philosophy. The CFTC's decision focuses on operational structure rather than software functionality. What matters is not what the wallet can do, but what role the wallet provider plays in the transaction chain. If the provider is passive, non-custodial, and compliant, the agency sees no reason to impose broker registration. This is a principled distinction that could apply broadly.

How Phantom's Approach Differs from Competitors

The competitive landscape for crypto wallets navigating regulation reveals three distinct architectural strategies:

MetaMask: Institutional Custody First

Consensys' MetaMask Institutional takes the opposite approach from Phantom. Rather than seeking regulatory relief for self-custody, MetaMask built a multi-custody aggregation layer that integrates eleven institutional custodians, MPC solutions, and smart contract wallets. The product is designed from the ground up for organizations that need regulated custody. MetaMask Institutional serves institutions that want DeFi access through compliant custody pipelines — not self-custody users who want access to regulated markets.

Coinbase Wallet: The Hybrid Path

Coinbase straddles both worlds. Its Prime Onchain Wallet offers institutional-grade, non-custodial access with API-based controls, while Coinbase's exchange arm holds broker-dealer, money transmitter, and custody licenses across multiple jurisdictions. Coinbase's approach embeds regulatory compliance into the parent company's infrastructure, meaning the wallet benefits from the exchange's licenses without needing its own.

Phantom: Regulation Through Architecture

Phantom's model is architecturally elegant: rather than obtaining licenses or embedding into a licensed entity, it designed its software to fall outside the regulatory perimeter entirely. By remaining a passive order-routing interface — never touching funds, never executing trades, never providing investment advice — Phantom demonstrated to the CFTC that broker registration would be a regulatory mismatch.

The key insight is that these are not competing strategies so much as they serve different user segments. MetaMask Institutional serves fund managers. Coinbase serves users who want custody optionality. Phantom serves the self-sovereignty-maximalist user who wants derivatives access without sacrificing key ownership.

What Products Become Available?

Under the no-action relief, Phantom users will gain in-app access to:

  • Commodity derivatives — Futures contracts traded on CFTC-regulated designated contract markets
  • Event contracts — Prediction markets (a rapidly growing segment, with platforms like Kalshi and Polymarket generating significant volume)
  • Position tracking and market data — Real-time portfolio monitoring for regulated derivatives positions

The event contracts category is particularly notable. Prediction markets have exploded in popularity since the 2024 U.S. presidential election cycle, when platforms processed billions of dollars in event contract volume. Bringing prediction market access directly into a self-custodial wallet with 17 million users could accelerate mainstream adoption of the format.

The Regulatory Ripple Effect

Phantom's relief is explicitly temporary — it remains in effect until the CFTC issues "rulemaking or guidance addressing the application of the IB registration requirement to software providers." But the precedent it sets is already influencing the market.

Other self-custodial wallets are expected to file similar no-action requests, using Phantom's conditions as a template. The XRP ecosystem has already signaled interest, with analysts noting that the CFTC's first self-custody no-action letter could signal a new era for XRP derivatives access through non-custodial interfaces.

Beyond the CFTC's jurisdiction, the decision raises questions for the SEC. If a non-custodial wallet can route orders to CFTC-regulated derivatives markets without broker registration, should the same logic apply to SEC-regulated securities markets? The Market Structure Bill currently working through Congress has left the treatment of non-custodial software as one of its biggest unresolved questions — with expectations for protections covering software developers, validators, and self-custody setups.

The broader trajectory is clear: the regulatory framework is slowly accommodating the reality that software interfaces and financial intermediaries are not the same thing. Letter 26-09 is the first concrete expression of that principle from a federal regulator.

Risks and Open Questions

The relief is not without limitations:

  • Staff letter, not law. No-action letters can be withdrawn. They represent the current staff's position, not binding regulation. A change in CFTC leadership or policy could alter the landscape.
  • Compliance costs. Phantom must maintain broker-level recordkeeping and risk disclosures without broker-level revenue streams (commissions, fees). The economics of this obligation at scale remain untested.
  • Scope limitations. The relief covers CFTC-regulated products only. It says nothing about SEC-regulated securities, state-level money transmitter requirements, or international jurisdictions.
  • Security surface. Routing derivatives orders through a wallet interface creates new attack vectors — phishing for order confirmation, front-end manipulation of displayed market data, or social engineering targeting users unfamiliar with derivatives risk. Recent incidents like the Trust Wallet Chrome extension supply chain attack and the Bonk.fun domain hijack confirm that front-end security remains crypto's weakest layer.

What Comes Next

Three developments will determine whether Phantom's relief becomes the norm or an outlier:

  1. CFTC formal rulemaking. Chairman Selig has indicated broader guidance is coming. If the formal rules codify the "passive software gateway" standard, every non-custodial wallet gains a clear compliance path. If they narrow it, Phantom's model may remain an exception.

  2. Congressional action. The Market Structure Bill's treatment of non-custodial software will define whether the CFTC's approach extends to securities markets or remains limited to derivatives.

  3. Market response. If Phantom successfully integrates derivatives access and it drives user growth and engagement, expect every major wallet — from MetaMask to Rabby to Backpack — to pursue similar relief.

The DeFi-TradFi convergence has been discussed for years. Phantom's CFTC victory is the first time a regulator has provided a concrete, workable framework for that convergence — one that preserves the self-custody ethos that attracted users to crypto in the first place.

The question is no longer whether non-custodial wallets can access regulated finance. It's how fast the rest of the industry follows.

BlockEden.xyz provides enterprise-grade blockchain API infrastructure supporting multiple chains including Solana, Ethereum, and Sui. As self-custodial wallets expand into regulated financial services, reliable node infrastructure becomes the backbone of every transaction route. Explore our API marketplace to build on foundations designed for the next era of compliant, self-sovereign finance.

Share on Twitter