Types of Crypto Tokens: Security, Utility, Governance & More

Not every crypto token is built alike — and the eight-category taxonomy that separates security tokens from utility instruments is the same framework the Securities and Exchange Commission (SEC), the EU's Markets in Crypto-Assets regulation (MiCA), and Singapore's Monetary Authority (MAS) use to decide whether a token issuance is legal.

Introduction

Not every crypto token is built alike — and the eight-category taxonomy that separates security tokens from utility instruments is the same framework the Securities and Exchange Commission (SEC), the EU's Markets in Crypto-Assets regulation (MiCA), and Singapore's Monetary Authority (MAS) use to decide whether a token issuance is legal. The stablecoin market alone reached $322.7B by May 2026, while ERC-3643-governed security tokens underpin $32B+ across 180+ jurisdictions. The difference in regulatory treatment between these categories determines whether an issuer faces SEC registration requirements, EU MiCA authorization, or no licensing obligation at all. This article defines all eight token types — security, utility, governance, stablecoin, non-fungible token (NFT), payment, native protocol, and institutional — explains the Howey Test that separates securities from utility instruments, and maps each type to its governing regulatory framework.

What Is a Crypto Token and How Does It Differ From a Crypto Coin?

A crypto token is a digital asset issued on an existing blockchain through a smart contract — distinct from a native coin, which operates as the base-layer currency of its own chain. The distinction determines regulatory category, legal rights, and which of eight token types applies to any given digital asset.

Tokens vs. Coins: The Technical and Legal Distinction

Native coins — ether (ETH), solana (SOL), bitcoin (BTC) — are integral to their respective blockchains; validators receive them as block rewards, and transaction fees are paid at the protocol layer without a separate smart contract. Tokens are deployed as smart contracts on top of an existing chain: an ERC-20 token on Ethereum is a contract that records balances and enforces transfer rules but carries no base-layer protocol status.

The legal treatment follows this divide. The U.S. Commodity Futures Trading Commission (CFTC) classifies native coins as commodities; tokens face a more complex analysis where legal classification depends on the token's economic function and the rights it conveys to holders.

The Eight-Category Token Taxonomy

The eight categories in the widely used token taxonomy — security, utility, governance, stablecoin, non-fungible token (NFT), payment, native protocol, and institutional or central bank digital currency (CBDC) — map onto distinct combinations of rights, collateral structures, and regulatory frameworks. Security tokens represent equity or debt claims. Utility tokens grant access rights to a protocol. Governance tokens carry voting power over protocol parameters. Stablecoins target a fixed price peg through collateral or algorithmic mechanisms. NFTs are unique digital records with no fungible equivalent. Payment tokens serve as mediums of exchange. Native protocol tokens fund blockchain validator economics. Institutional tokens, including CBDCs, are issued by banks or central banks on permissioned networks — the architectural inverse of public decentralized chains.

Data current as of May 2026.

The security token category carries the sharpest regulatory stakes for issuers — and the SEC's Howey Test is the mechanism that determines whether any token crosses that line.

What Is a Security Token and How Does Regulation Define It?

A security token is any token that satisfies all four Howey Test prongs: investment of money, common enterprise, expectation of profit, and reliance on others' efforts. Labeling a token a "utility token" does not immunize it from securities enforcement if the economic reality is investment-driven. ERC-3643 (T-REX), underpinning $32B+ across 180+ jurisdictions (erc3643.org + Finextra, 2026), enforces compliance rules at the smart contract layer.

The Howey Test: Four Criteria That Define a Security Token

The U.S. Supreme Court established the Howey Test in 1946 to define an investment contract. Applied to crypto tokens, four questions determine classification: did the purchaser invest money or something of value? Was that investment pooled in a common enterprise shared with other investors? Does the purchaser expect profit from the investment? Does that expected profit derive primarily from others' efforts — the founding team or protocol developers — rather than the token holder's own work? A token satisfying all four prongs is a security under U.S. law regardless of the issuer's stated intent.

Security Token Examples and ERC-3643 Compliance Architecture

ERC-3643 (the T-REX standard) adds three compliance layers to a standard ERC-20 token: an on-chain identity registry where each investor wallet is registered after know your customer (KYC) verification, a compliance module that validates each transfer against the registry before execution, and a claims registry recording which regulators validated each investor. Transfers to unregistered wallets fail at the protocol layer — no broker-dealer intermediary processes the rejection.

BlackRock's BUIDL money market fund, managed through Securitize and holding $2.4B in assets, restricts access to accredited investors verified through this architecture. Ondo Finance's OUSG token wraps U.S. Treasury exchange-traded funds (ETFs) and distributes yield to ERC-3643-whitelisted wallets. Securitize, registered with the SEC as both broker-dealer and transfer agent, manages $4B+ in assets under management (AUM) — the compliance infrastructure institutional issuers adopt for regulated on-chain fundraising.

Utility tokens occupy the opposite end of this spectrum — no equity claim, no profit expectation from others — but the legal boundary is not self-enforcing.

How Do Utility Tokens Work and What Rights Do They Grant Holders?

A utility token grants access rights to a specific protocol or network service — paying for computation, compensating storage providers, or unlocking oracle data feeds. It confers no equity, no profit claim, and no voting rights. The legal boundary between utility and security tokens rests on whether purchasers expect returns from others' efforts, not on the label an issuer applies.

Utility Token Mechanics: Access Rights and Network Functions

A utility token is consumed or staked in the course of network use — not redeemable for cash and carrying no share of protocol revenue. Chainlink's LINK token is required by oracle node operators as collateral, slashed if nodes report incorrect data. Filecoin's FIL token purchases decentralized storage capacity; miners receive FIL as payment for storage provision.

The SEC's 2017 DAO Report established that economic substance governs classification: a token pre-sold before a functional network exists, promising future utility, may qualify as a security because purchasers are relying on developers to build the system that generates value.

Utility Token Examples: ETH Gas, Filecoin FIL, and Chainlink LINK

ETH is the most widely held utility token by market capitalization. Ethereum transaction fees, called gas, must be paid in ETH — non-speculative demand tied directly to network usage volumes. After Ethereum's September 2022 transition to proof-of-stake, ETH added validator staking as a second demand layer: validators bond ETH to participate in block production and earn issuance rewards plus priority fees.

Filecoin FIL and Chainlink LINK both demonstrate the access-rights model in production. FIL is exchanged for decentralized cloud storage contracts; storage providers quote prices in FIL per gigabyte per epoch. LINK compensates node operators for delivering verified off-chain data to on-chain smart contracts. Neither token confers a profit right from an underlying enterprise — both derive demand from measurable, published on-chain protocol activity.

Governance tokens occupy a structurally different position: they do not access network services but direct how a protocol's rules themselves are written.

What Are Governance Tokens and How Do They Transfer Voting Power On-Chain?

A governance token carries voting power over protocol parameters — fee tiers, collateral ratios, treasury allocation, and smart contract upgrade paths — replacing the board-of-directors model with on-chain token-weighted voting where any holder above a minimum threshold can propose and ratify changes.

On-Chain Voting and Proposal Rights in DAO Governance

Governance tokens implement token-weighted voting: one token equals one vote, proposals pass when a quorum threshold is reached, and a time-lock delay — 24 to 72 hours — enforces a waiting period before execution. The decentralized autonomous organization (DAO) structure that governance tokens power handles treasury allocation, fee parameter changes, and contract upgrades without centralized management.

Governance designs introduce concentration risk. The 2023 Tornado Cash governance attack demonstrated this: an attacker accumulated governance tokens, submitted a malicious proposal, passed it, and attempted to extract protocol funds before the time-lock elapsed. Token distribution and quorum thresholds are the two primary design levers protocols use to reduce this attack surface.

MKR, COMP, UNI, and CRV: Governance Token Case Studies

MakerDAO's MKR is among the earliest governance tokens — MKR holders vote on risk parameters for USDS (formerly DAI) collateral vaults, including collateralization ratios and stability fees. Compound's COMP, launched in 2020, introduced liquidity mining: distributing governance tokens to users who supply or borrow capital. The model catalyzed the decentralized finance (DeFi) yield farming wave across the sector.

Uniswap's UNI governs a $1.6B protocol treasury and controls the fee switch that would route exchange fees to token holders. Curve's CRV implements vote-escrow mechanics: locking CRV for up to four years issues veCRV (vote-escrowed CRV), which carries amplified voting weight and directs liquidity incentives toward specific trading pairs. Stablecoins address the volatility that makes governance and utility tokens impractical for payments — but the three mechanisms that achieve price stability each introduce a distinct risk profile.

How Do Stablecoins Work and What Separates Each Type?

The stablecoin market reached $322.7B (as of May 2026, Bitcoin News + KuCoin) — USDT at $189.6B (58.8% market share, a new all-time high) and USDC at $79B (24.5%) — driven by three stability mechanisms with distinct risk profiles and regulatory classifications.

Fiat-Collateralized, Crypto-Backed, and Algorithmic: Three Stablecoin Mechanisms

Fiat-collateralized stablecoins maintain a 1:1 peg by holding fiat currency or short-duration government bonds in a custodial account for every token issued. USDT and USDC each back every dollar of circulating supply with a dollar of reserves held by a regulated custodian. Reserve quality differs — Tether holds a mix of Treasury bills and commercial paper; Circle restricts USDC to U.S. Treasuries and cash equivalents verified by monthly attestations.

Crypto-collateralized stablecoins over-collateralize using volatile crypto assets: MakerDAO's USDS (formerly DAI) requires above 150% collateralization for ETH-backed positions; on-chain liquidation mechanisms absorb price swings when collateral value falls. Algorithmic stablecoins attempt peg maintenance through supply adjustments without collateral backing. Terra's UST collapse in May 2022 erased $40B in market value in 72 hours — establishing uncollateralized algorithmic designs as a proven structural failure mode.

MiCA E-Money Tokens and the GENIUS Act Stablecoin Framework

MiCA, fully applicable across the EU since December 2024, classifies stablecoins into two categories: e-money tokens (EMTs), backed by a single fiat currency (EURC requires electronic money institution authorization as an EMT), and asset-referenced tokens (ARTs), backed by a basket of currencies or assets (USDT's reserve composition places it in the ART category under MiCA). Both categories mandate reserve backing, full redemption rights, and EU competent authority authorization.

The GENIUS Act, enacted in the United States in 2025, prohibits stablecoins from paying interest to holders — preventing stablecoins from competing with bank deposits and positioning tokenized money market funds as the primary regulated source of on-chain yield for U.S. persons.

Data current as of May 2026.

Non-fungible tokens occupy a category that makes the fungibility assumption explicit by inverting it — each token is unique by design.

What Makes Non-Fungible Tokens Different From Fungible Crypto Tokens?

A non-fungible token is a cryptographic record on a blockchain that is provably unique and non-interchangeable — one ETH equals any other ETH, but an ERC-721 token is identified by a specific token ID that no other token in the same contract can share.

Non-Fungibility: Why ERC-721 and ERC-1155 Matter

ERC-721 is the foundational NFT standard on Ethereum: each token carries a unique tokenId, and the standard defines ownership, approval, and transfer functions that enforce that uniqueness at the contract level. No two ERC-721 tokens within the same contract are equivalent, and the contract records which wallet owns which token ID — creating on-chain provenance without a centralized database.

ERC-1155 introduced multi-token contracts: a single deployed contract simultaneously manages fungible tokens, semi-fungible tokens (limited editions), and unique non-fungible tokens. A game deploying ERC-1155 can issue 10,000 interchangeable gold coins alongside one unique legendary sword in the same contract.

NFT Use Cases Beyond Art: IP Rights, Gaming Assets, and Tokenized Deeds

NFT monthly trading volume averaged $720M in Q1 2026, with gaming NFTs accounting for 38% of all transaction volume — a shift from the 2021–2022 era dominated by digital art and profile-picture collections. Gaming NFTs represent in-game items with blockchain-verified scarcity and player-controlled ownership: items persist independently of any game publisher's servers, and players can sell or transfer them on secondary markets without publisher permission.

Real-world asset NFTs have expanded into intellectual property licensing and real estate. A music-rights NFT issued by a label can encode royalty payment logic directly into the token, distributing fractions of streaming revenue to holders automatically through a smart contract — removing the intermediary royalty collection society from the payment chain entirely.

Payment tokens and native protocol tokens share one property NFTs never have: interchangeability — which is why they underpin the transaction economy of every public blockchain.

What Are Payment Tokens and Native Protocol Tokens?

Payment tokens and native protocol tokens are the two oldest token categories — assets whose primary function is value transfer rather than access, governance, or investment — and they differ on whether they exist at the blockchain's base layer or as issued instruments deployed on top of it.

Payment Tokens: Medium of Exchange With No Utility or Governance Rights

A payment token serves as a medium of exchange: holders use it to transfer value between parties, purchase goods or services, or settle obligations. It confers no access to a protocol, no voting rights, and no profit claim. Bitcoin (BTC) is the canonical payment token — designed as peer-to-peer electronic cash, it carries no smart contract utility and derives no governance mechanism from its base design.

Regulatory treatment of payment tokens diverges sharply by jurisdiction. MiCA subjects payment tokens that maintain a stable value to e-money token or asset-referenced token licensing. Bitcoin, which does not peg to any asset, falls into MiCA's general crypto-asset category requiring only a white paper for issuance. In the United States, the CFTC has asserted commodity jurisdiction over BTC and treats similar non-pegged assets as neither securities nor e-money instruments.

Native Protocol Tokens: ETH, SOL, and the Base-Layer Economic Role

Native protocol tokens fund blockchain validator economics: validators stake ETH to secure Ethereum's proof-of-stake network and earn issuance rewards plus transaction priority fees. SOL on Solana functions identically — validators bond SOL, and the network distributes inflationary rewards and fee revenue in proportion to stake weight. The token does not require a separate smart contract deployment; it is integral to the consensus mechanism itself.

ETH occupies a position that spans multiple token categories: utility token (paying gas fees), native protocol token (staking collateral), and, in wrapped form (WETH), collateral across DeFi lending protocols.

How Are CBDCs and Institutional Digital Tokens Different From Crypto Tokens?

CBDCs and institutional tokens like JPMorgan's JPM Coin operate within permissioned, centrally controlled networks — their issuer is a government or licensed bank, transfers are subject to jurisdiction-level rules, and they carry none of the censorship-resistance properties of decentralized public tokens.

CBDCs: Sovereign Digital Currency vs. Decentralized Tokens

A CBDC is a digital liability of a central bank — legally equivalent to physical currency but represented on a distributed or centralized digital ledger. Over 130 countries are researching or piloting CBDCs as of 2026. The Bank for International Settlements (BIS) Project mBridge connects the central banks of China, Hong Kong, Thailand, and the United Arab Emirates on a shared multi-CBDC platform designed to reduce correspondent banking friction in cross-border wholesale payments.

CBDCs are not decentralized tokens: the issuing central bank can freeze accounts, reverse transactions, and enforce KYC controls at the protocol layer. Most designs do not operate on public blockchains and are not accessible through self-custody wallets — the two properties that define decentralized crypto tokens are absent by architectural choice.

Institutional Tokens: JPMorgan JPM Coin and BIS Project mBridge

JPM Coin is JPMorgan's dollar-denominated tokenized deposit: it moves between JPMorgan client accounts on the bank's Onyx permissioned blockchain for intrabank settlement and processes roughly $1B in daily transaction volume. Unlike stablecoins, JPM Coin is not publicly traded — it settles net positions between JPMorgan counterparties and converts back to conventional dollars immediately upon settlement completion.

BIS Project mBridge surpassed $22B in cumulative settlement volume by 2025, demonstrating that multi-CBDC platforms can reduce international payment time from days to seconds — within a network restricted to participating central banks and their authorized commercial bank counterparts.

How Do You Classify Any Token and Which Regulatory Framework Applies?

Determining which token type applies to any specific asset requires applying three jurisdiction-specific frameworks in sequence: the SEC's Howey Test for U.S. securities status, MiCA's category assignment for EU market access, and the MAS Payment Services Act or Securities and Futures Act for Singapore — where the distinction between a capital markets product and an e-payment instrument carries its own licensing consequences.

Step-by-Step Token Classification Using the Howey Test and MiCA

For U.S. regulatory status, apply the Howey Test: a token satisfying all four prongs is a security and requires SEC registration or an exemption — Regulation D for private placements to accredited investors, Regulation A+ for smaller public offerings up to $75M, or Regulation S for offshore sales.

MiCA applies a parallel classification: an EMT requires electronic money institution authorization; an ART requires a separate authorization from an EU competent authority.

Jurisdiction-Specific Rules: SEC, EU MiCA, MAS, and UK FCA

The MAS applies the Payment Services Act for tokens functioning as e-payment instruments and the Securities and Futures Act for tokens that are capital markets products. A token marketed on the promise of returns from a project's trading profits meets the capital markets product threshold — it requires a prospectus or exemption, and only MAS-authorized dealers may distribute it. Singapore's framework is among the most explicit globally: the MAS has published detailed guidance separating securities tokens from utility instruments.

The UK Financial Conduct Authority (FCA) applies a functional approach: cryptoassets are classified as specified investments (securities), e-money, or unregulated cryptoassets. Unregulated cryptoassets still require registration for anti-money laundering purposes. A token that passes the Howey-equivalent test under UK law is a regulated specified investment.

Data current as of May 2026.

With the classification framework established, the final comparison shows how all eight token types stack against each other on the three dimensions that govern investment and issuance decisions.

How Do All Eight Token Types Compare on Risk, Liquidity, and Regulation?

All eight types of crypto tokens can be assessed on three dimensions that govern issuance and investment decisions: regulatory clarity, liquidity depth, and counterparty risk. The right token structure depends entirely on what the asset is designed to do — no single type dominates across all three dimensions.

Risk, Liquidity, and Regulatory Clarity Across All Eight Token Types

Security tokens carry the highest regulatory clarity — they operate under established securities law with known compliance requirements — but ERC-3643 transfer restrictions to whitelisted wallets limit secondary market liquidity compared to open-market tokens. Stablecoins achieve high liquidity on major exchanges but face an uneven regulatory landscape: USDT operates without an EU e-money license and faces MiCA ART authorization requirements as of 2024. Governance tokens sit in a regulatory grey zone across most jurisdictions — not securities if they confer only protocol voting rights, but enforcement actions remain possible when governance tokens are sold in a manner that implies investment returns.

Matching Token Type to Use Case: Access, Investment, Payment, or Governance

An infrastructure protocol distributing compute or storage should issue a utility token tied to specific resource consumption. A fund tokenizing real-world assets for accredited investors must issue a security token on ERC-3643 with KYC whitelisting. A protocol seeking community-led governance should issue a governance token, with the understanding that vote concentration creates hostile takeover risk. Payment tokens suit peer-to-peer transfer use cases where regulatory complexity must be minimized and censorship-resistance is the priority.

The eight types of crypto tokens are not interchangeable design choices — choosing the wrong structure carries legal and economic consequences that redesigning after launch rarely resolves without triggering regulatory reclassification.

Data current as of May 2026.

FAQ

References / Sources