The actor with the best capability to thwart most forms of internet-related misconduct is the primary malfeasor. The release of malware such as a “worm” is without doubt best prevented from causing harm by the person that created and released it against the Internet. For pornography sites to succeed there is a requirement for both a viewer and commercial website. If either party is absent, the commercial viewing of pornography and obscenity will not take place. This is even truer in the case of an interactive service such as gambling and online casinos. As such, direct control of either of these actors will thwart much of the social harm caused by this type of activity. This straightforward approach is the one most commonly utilised by the law.
Regulations attempting to avert misconduct through a process of protecting the primary malfeasors from their own actions are becoming less effective in the distributed world of the Internet. Both when the actors are judgement-proof and in cases where prosecution is unproductive due to a high degree of dealings or due to the low worth of each transaction, this legislative approach has proved ineffective. Consequently, the direct regulation of individuals (such as in cases involving an infringement of copyrighted material) who use the Internet remains ineffective in diminishing undesired conduct. The result is that Internet intermediaries are commonly seen as both the target of opportunity and the answer to judgement-proof actors.
When it comes to a DEX or a “smart-contract-based exchange”, it is again the people in the system; code does not create itself and launch. The result is, no ICO can be “decentralised” as many try and (falsely) claim.
The primary malfeasance is from those who create the ICO. They remain liable. The exchange remains between people, and it is settled on a blockchain. The process of settlement has no impact on the legality of a security, and consequently, an ICO is just a security under law as all securities have been through history — from Pink sheets to web IPOs; ICOs are not even remotely novel.
 A number of innovative approaches to solving the issue are provided by Lemley & Reese; William W. Fisher III, Promises to Keep (2004).