Crypto Spoofing and Layering: Federal Charges, Defense Strategies, and What the Government Must Prove
DOJ's Operation Token Mirrors focused on wash trading. But spoofing and layering are closely related manipulation techniques that federal prosecutors charge under the same wire fraud statute and, in commodity and futures markets, under the Commodity Exchange Act's explicit anti-spoofing provision. The enforcement campaign against spoofing that began in the precious metals and Treasury futures markets has expanded into cryptocurrency. The legal framework is the same. The defense challenges are the same. The stakes are the same.
What Spoofing Is and Why It Is a Federal Crime
Spoofing involves orders that never execute. A trader places a large buy or sell order to create a false impression of supply or demand, moves the market in the intended direction, and then cancels the order before it fills. The order itself is the deception. There is no transaction. The purpose is to manipulate price by making other market participants believe that demand or supply exists when it does not.
The technique is sometimes called layering when multiple orders are placed at different price levels to create the appearance of deep market interest on one side of the book. The combined effect of multiple layered orders amplifies the false signal.
Congress made spoofing an explicit federal crime in the Dodd-Frank Act of 2010, which amended the Commodity Exchange Act to prohibit "bidding or offering with the intent to cancel the bid or offer before execution." The CFTC enforces this provision under CFTC Rule 180.1 in commodities and futures markets. In securities markets, spoofing is prosecuted as market manipulation under 15 U.S.C. § 78i. And in either market, DOJ can charge spoofing as wire fraud under 18 U.S.C. § 1343 when wire communications are used to execute the scheme.
Spoofing vs. Wash Trading: The Critical Distinction
Wash trading and spoofing are related but distinct. Understanding the difference matters because the evidence required to prove each is different, and the defense strategies differ accordingly.
Wash trading involves trades that actually execute. A buyer and seller in the same scheme complete a transaction, generating volume that appears on exchange records as real activity. No genuine economic interest changes hands. The trade is real. The market signal it creates is false. The government proves wash trading primarily through blockchain analysis showing that the defendant controlled both sides of the transaction.
Spoofing involves orders that are placed and cancelled without execution. The order itself is the false signal. There is no completed transaction. The government proves spoofing through order flow data showing a pattern of placement and rapid cancellation timed to market moves on the opposite side of the book.
In practice, sophisticated manipulation schemes often combine both techniques. Spoof orders move price in a direction that benefits positions the manipulator is building through wash trades. The wash trading creates the appearance of organic volume. The spoof orders move price levels at critical moments. The two techniques reinforce each other and can form a single conspiracy charged under one indictment. The Operation Token Mirrors indictments focus on wash trading, but manipulation investigations frequently expand to include spoofing when the trading data reveals patterns of order placement and cancellation alongside the volume generation.
Spoofing in Cryptocurrency Markets
The same conduct that constitutes spoofing in equities and futures markets occurs in cryptocurrency markets. A trader places a large order on one side of the book to push the price in a direction that benefits an existing position, then cancels before execution.
Scott Armstrong is the only federal criminal defense attorney who personally tried the first federal criminal case involving algorithmic cryptocurrency market manipulation through spoof orders. The case involved an algorithm that placed over $300 million in spoof orders and wash trades in a cryptocurrency market. The algorithm placed large orders on one side of the book to move the price, triggered purchases by other market participants who believed the signals were genuine, and then cancelled the spoof orders. The case established that federal market manipulation statutes apply to this conduct in digital asset markets.
Armstrong also served as lead trial counsel in a federal trial at DOJ against two senior Deutsche Bank traders convicted of running a years-long spoofing scheme in the precious metals futures markets in the Northern District of Illinois. That case was part of DOJ's broader campaign to prosecute spoofing across Wall Street trading desks, which resulted in convictions of traders at JPMorgan, Bank of America, Deutsche Bank, Morgan Stanley, and the Bank of Nova Scotia.
The CFTC has also pursued spoofing enforcement in cryptocurrency derivatives markets. In 2021, the CFTC charged a trader with spoofing Bitcoin futures contracts traded on the Chicago Mercantile Exchange, demonstrating that Bitcoin futures are squarely within CFTC jurisdiction and that spoof order patterns in those markets will be detected and prosecuted.
What the Government Must Prove and Where the Case Is Weakest
Spoofing under the Commodity Exchange Act requires proof that the defendant placed an order "with the intent to cancel the bid or offer before execution." That is an intent element. It is not enough to show that the defendant placed and cancelled orders. The government must prove the defendant intended to cancel at the time of placement.
This is where spoofing cases are most vulnerable to defense.
Traders cancel orders for many legitimate reasons. Market conditions change. Risk limits are hit. Hedging positions are adjusted. New information arrives. An algorithm recalibrates. A trader who places a large order and cancels it 30 seconds later because the market moved against the position has not committed spoofing. A trader who places the same order intending from the outset to cancel it before execution has. The difference is intent. And intent cannot be read directly from order data.
The government builds spoofing cases through a combination of trading pattern analysis and communications evidence. The pattern evidence includes the ratio of cancelled to executed orders, the speed of cancellations, the timing of cancellations relative to fills on the opposite side of the book, and the consistency of the pattern over time. But pattern evidence is circumstantial. Defense counsel retains experts who analyze the same data and demonstrate that the patterns are consistent with legitimate trading strategies.
Communications evidence is what transforms a circumstantial case into a strong one. In the precious metals spoofing prosecutions, chat messages between traders discussing the use of spoof orders were the government's most powerful proof. In cases where no such communications exist, the government must rely entirely on the trading data. That is a harder case to win at trial.
The precious metals spoofing prosecutions and the Operation Token Mirrors wash trading cases share the same lesson. The government's strongest evidence is always the defendant's own words. Without those words, the prosecution must prove intent through trading data alone. Trading data shows what happened. It does not show why. That gap is where defense lives.
Frequently Asked Questions
What is spoofing in cryptocurrency markets?
Spoofing occurs when a trader places a large buy or sell order with no intention of executing it. The purpose is to create a false impression of supply or demand, move the market price, and then cancel the order before it fills. The technique is called layering when multiple orders are placed at different price levels. Congress made spoofing an explicit federal crime in the Dodd-Frank Act of 2010. In cryptocurrency markets, spoofing is prosecuted under the Commodity Exchange Act, the Securities Exchange Act, and wire fraud statutes depending on how the digital asset is classified.
What is the difference between spoofing and wash trading?
The critical distinction is execution. Wash trades complete. A buyer and seller in the same scheme execute a transaction, generating volume that appears real on exchange records. No genuine economic interest changes hands. Spoof orders do not execute. A trader places an order to create a false signal, moves the price, and cancels before the order fills. Both techniques create false market signals. Both are charged as wire fraud and market manipulation. Sophisticated schemes often combine both in a single conspiracy. For a detailed analysis of how DOJ charges wash trading, see our analysis of the Operation Token Mirrors indictments.
What federal statutes apply to crypto spoofing?
Spoofing in commodity markets is prosecuted under 7 U.S.C. § 9(a)(2) of the Commodity Exchange Act, which carries up to 25 years per count. The CFTC enforces this through CFTC Rule 180.1. In securities markets, spoofing is prosecuted under 15 U.S.C. § 78i. DOJ also charges spoofing as wire fraud under 18 U.S.C. § 1343, which carries up to 20 years and applies regardless of asset classification. The wire fraud statute is the government's most flexible tool because it does not require that the token be classified as a security or commodity.
How does the government prove spoofing intent using trading data?
Proving spoofing requires the government to establish that the defendant placed orders with the intent to cancel before execution. The government uses patterns of order placement and rapid cancellation, the ratio of cancelled to executed orders, the timing of cancellations relative to fills on the opposite side, and any communications showing the defendant discussed or planned the spoofing. Without communications evidence, the government relies on trading data patterns alone. Defense counsel challenges these patterns through expert testimony showing they are consistent with legitimate trading strategies including risk management, hedging, and algorithmic order adjustment. Intent to cancel at the time of placement is the government's burden. It is the hardest element to prove.
How does Armstrong and Bradylyons defend crypto spoofing cases?
Scott Armstrong tried the first federal cryptocurrency market manipulation case involving over $300 million in spoof orders and wash trades. He also served as lead trial counsel in a federal trial at DOJ against two senior Deutsche Bank traders convicted of spoofing precious metals futures in the Northern District of Illinois. He understands how the government presents order flow data, exchange surveillance alerts, and trading pattern analysis to a federal jury. Drew Bradylyons, former Chief of EDVA's Financial Crimes and Public Corruption Unit, supervised complex financial fraud prosecutions and coordinated parallel SEC and CFTC enforcement actions. Their manipulation defense practice challenges the government's characterization of trading patterns, presents expert testimony on legitimate strategies, and attacks the government's proof of intent to cancel.
Facing a Spoofing or Market Manipulation Investigation?
As a former Assistant Chief at DOJ's Fraud Section, Scott Armstrong tried the first federal criminal case involving algorithmic cryptocurrency market manipulation and served as lead trial counsel in a federal trial at DOJ against two senior traders who manipulated precious metals futures. He understands how DOJ builds spoofing cases from the inside. As former Chief of EDVA's Financial Crimes and Public Corruption Unit, Drew Bradylyons supervised complex financial fraud prosecutions and coordinated enforcement with the SEC and CFTC. Armstrong & Bradylyons PLLC defends traders, firms, and individuals in federal spoofing, market manipulation, and wire fraud investigations nationwide.
